CVE-2023-26604

CWE-269 — Improper Privilege Management8 documents8 sources

Severity

7.8HIGH

EPSS

5.6%

top 9.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Systemd Project Systemd Debian Debian Linux

Timeline

PublishedMar 3

Latest updateOct 15

Description

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDsystemd_project/systemd< 246.7

▶Debiansystemd< 247.1-2+3

Also affects: Debian Linux 10.0

🔴Vulnerability Details

OSV

CVE-2023-26604: systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e↗2023-03-03

▶

GHSA

GHSA-8989-8fhv-vq42: systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e↗2023-03-03

▶

CVEList

CVE-2023-26604: systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e↗2023-03-03

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Oracle Linux (systemd) — CVE-2023-26604↗2023-10-15

▶

Microsoft

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations e.g. plausible sudoers files in which the "systemctl status" command may be executed. Specifically ↗2023-03-14

▶

Red Hat

systemd: privilege escalation via the less pager↗2023-03-03

▶

Debian

CVE-2023-26604: systemd - systemd before 247 does not adequately block local privilege escalation for some...↗2023

▶