CVE-2023-1326
local privilege escalation in apport-cli
Severity Score
7.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.
Chen Lu, Lei Wang, and YiQi Sun discovered a privilege escalation vulnerability in apport-cli when viewing crash reports and unprivileged users are allowed to run sudo less. A local attacker on a specially configured system could use this to escalate their privilege.
*Credits:
Chen Lu, Lei Wang, YiQi Sun
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-03-10 CVE Reserved
- 2023-04-13 CVE Published
- 2023-12-06 First Exploit
- 2025-02-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-269: Improper Privilege Management
CAPEC
- CAPEC-233: Privilege Escalation
References (7)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/diego-tella/CVE-2023-1326-PoC | 2023-12-06 | |
| https://github.com/cve-2024/CVE-2023-1326-PoC | 2023-12-06 | |
| https://github.com/Pol-Ruiz/CVE-2023-1326 | 2024-01-26 | |
| https://github.com/N3rdyN3xus/CVE-2023-1326 | 2024-05-04 | |
| https://github.com/n3rdh4x0r/CVE-2023-1326 | 2024-05-05 |
| URL | Date | SRC |
|---|---|---|
| https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb | 2023-04-19 |
| URL | Date | SRC |
|---|---|---|
| https://ubuntu.com/security/notices/USN-6018-1 | 2023-04-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Canonical Search vendor "Canonical" | Apport Search vendor "Canonical" for product "Apport" | <= 2.26.0 Search vendor "Canonical" for product "Apport" and version " <= 2.26.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 20.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "20.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 22.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "22.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 22.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "22.10" | - |
Affected
| ||||||