Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Awk sudo priv escalation vuln has wrong path for awk #316

Open
cliffe opened this issue Apr 17, 2024 · 2 comments
Open

Awk sudo priv escalation vuln has wrong path for awk #316

cliffe opened this issue Apr 17, 2024 · 2 comments
Labels
fixed-test

Comments

@cliffe
Copy link
Owner

cliffe commented Apr 17, 2024

SecGen/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_awk/manifests/config.pp

Line 12 in 3135bf4

content => "ALL ALL=(root) /bin/awk",

Update to also include /usr/bin/awk
@cliffe
Copy link
Owner Author

cliffe commented Apr 17, 2024

Also update to allow any arguments:

 content => "ALL  ALL=(root) /usr/bin/awk *, /bin/awk *",

@cliffe
Copy link
Owner Author

cliffe commented Apr 22, 2024

Update: it seems the system is still vulnerable, even with the wrong path specified (because the secure_path sudo setting includes /usr/sbin/). Although the fact that the specified path doesn't exist may cause some confusion.

cliffe added a commit that referenced this issue Jun 26, 2024
@cliffe
Update sudo configuration for access control misconfigurations vulner…
2e17eb2 
…abilities #319 #316
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
fixed-test
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cliffe