Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-26604

systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.

Published

2023-03-03T16:15:10.607

Last Modified

2025-06-20T19:17:18.077

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	debian	debian_linux	10.0	Yes
Application	systemd_project	systemd	< 246.7	Yes

References

http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html Exploit, Third Party Advisory ([email protected])
https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/ Exploit, Third Party Advisory ([email protected])
https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340 Release Notes ([email protected])
https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html Third Party Advisory, Mailing List ([email protected])
https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7 Third Party Advisory ([email protected])
https://security.netapp.com/advisory/ntap-20230505-0009/ Third Party Advisory ([email protected])
http://packetstormsecurity.com/files/174130/systemd-246-Local-Root-Privilege-Escalation.html Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/03/msg00032.html Third Party Advisory, Mailing List (af854a3a-2127-422b-91ae-364da2661108)
https://medium.com/%40zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230505-0009/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)