CVE-2013-1763 – Gaining Root access from Ubuntu 12.10 Guest Account

Ubuntu Root Shell from Guest

A Linux local privilege escalation vulnerability made public last week allows a Root level shell from a standard or guest account.

Last week an exploit was revealed that affected Linux Kernel versions 3.3 through 3.8. Successful use of the exploit allows the attacker to gain root level access on Linux machines.

I tried the attack on an Ubuntu 12.10 virtual machine and was able to escalate the “Guest” user to root.

Guest ID

As you can see from the image above I am logged into Ubuntu 12.10 as the security limited “Guest” account. This account is enabled by default with no password.

Running the exploit creates a Root level shell:

Switch to Root

Running the “id” command now returns the user ID (uid) 0, or root.

But do we really have root? Let’s try to add a user from this escalated terminal and one from a guest terminal:

Add User

The guest shell on the right failed, but as you can see it worked on our escalated shell.

This is a known issue and Ubuntu has released a Security Bulletin regarding it. Even better they have already supplied a patch to fix the exploit. All you need to do is run Ubuntu updates and the fix will automatically be installed.

It is imperative that you update your Linux systems immediately, especially if you allow public guest access.