CVE-2013-1763 – Gaining Root access from Ubuntu 12.10 Guest Account

Ubuntu Root Shell from Guest

A Linux local privilege escalation vulnerability made public last week allows a Root level shell from a standard or guest account.

Last week an exploit was revealed that affected Linux Kernel versions 3.3 through 3.8. Successful use of the exploit allows the attacker to gain root level access on Linux machines.

I tried the attack on an Ubuntu 12.10 virtual machine and was able to escalate the “Guest” user to root.

Guest ID

As you can see from the image above I am logged into Ubuntu 12.10 as the security limited “Guest” account. This account is enabled by default with no password.

Running the exploit creates a Root level shell:

Switch to Root

Running the “id” command now returns the user ID (uid) 0, or root.

But do we really have root? Let’s try to add a user from this escalated terminal and one from a guest terminal:

Add User

The guest shell on the right failed, but as you can see it worked on our escalated shell.

This is a known issue and Ubuntu has released a Security Bulletin regarding it. Even better they have already supplied a patch to fix the exploit. All you need to do is run Ubuntu updates and the fix will automatically be installed.

It is imperative that you update your Linux systems immediately, especially if you allow public guest access.

Advertisements

TrendMicro “Mythbusting Mac Security” Video

Great video by TrendMicro. A lot of users think because they have a Mac or Linux system that they are impervious to viruses. Macs and Linux machines are now as targeted as Windows based machines because of their increase in popularity. Security testing platforms like Backtrack include Linux and Mac shells that work just as well as their Windows counterparts.

And though the video mentions that only a small fraction of Mac users have a security program, I have where Linux based AV protection was actually WORSE than it’s Windows counterpart. When testing one of the Linux AV’s I was able to bypass it and gain a remote shell where the Windows version of the same AV actually caught the malware and stopped it.

Smart surfing, script blocking and e-mail safety goes a long way in protecting your system. Even if it is a Mac!  🙂