CVE-2013-1763 – Gaining Root access from Ubuntu 12.10 Guest Account

Ubuntu Root Shell from Guest

A Linux local privilege escalation vulnerability made public last week allows a Root level shell from a standard or guest account.

Last week an exploit was revealed that affected Linux Kernel versions 3.3 through 3.8. Successful use of the exploit allows the attacker to gain root level access on Linux machines.

I tried the attack on an Ubuntu 12.10 virtual machine and was able to escalate the “Guest” user to root.

Guest ID

As you can see from the image above I am logged into Ubuntu 12.10 as the security limited “Guest” account. This account is enabled by default with no password.

Running the exploit creates a Root level shell:

Switch to Root

Running the “id” command now returns the user ID (uid) 0, or root.

But do we really have root? Let’s try to add a user from this escalated terminal and one from a guest terminal:

Add User

The guest shell on the right failed, but as you can see it worked on our escalated shell.

This is a known issue and Ubuntu has released a Security Bulletin regarding it. Even better they have already supplied a patch to fix the exploit. All you need to do is run Ubuntu updates and the fix will automatically be installed.

It is imperative that you update your Linux systems immediately, especially if you allow public guest access.

~ by D. Dieterle on March 7, 2013.

2 Responses to “CVE-2013-1763 – Gaining Root access from Ubuntu 12.10 Guest Account”

  1. Have you been able to test this yourself? I found the exploit code and made a file to run it. I get a permission denied every time.

    • Yes, see images above. If your Ubuntu was updated this week the patch was automatically installed, so it will not work. Easiest way to test it is download the iso image and don’t allow it to install the updates on install.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: