CVE-2023-26604 — HIGH (7.8)

Q: How severe is CVE-2023-26604?

CVE-2023-26604 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-26604?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Systemd Project Systemd.

Vulnerability Description

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Debian	Debian Linux	10.0
Systemd Project	Systemd	< 246.7

Related Weaknesses (CWE)

CWE-269

References

http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-EscExploitThird Party Advisory
https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecExploitThird Party Advisory
https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340Release Notes
https://lists.debian.org/debian-lts-announce/2023/03/msg00032.htmlMailing ListThird Party Advisory
https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232aThird Party Advisory
https://security.netapp.com/advisory/ntap-20230505-0009/Third Party Advisory
http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-EscExploitThird Party Advisory
https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecExploitThird Party Advisory
https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340Release Notes
https://lists.debian.org/debian-lts-announce/2023/03/msg00032.htmlMailing ListThird Party Advisory
https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232aThird Party Advisory
https://security.netapp.com/advisory/ntap-20230505-0009/Third Party Advisory

FAQ

What is CVE-2023-26604?

CVE-2023-26604 is a vulnerability with a CVSS score of 7.8 (HIGH). systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specificall...

How severe is CVE-2023-26604?

CVE-2023-26604 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-26604?

Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Systemd Project Systemd.