Guest User

Vulnerability Report - Ubuntu (and underlying architecture)

a guest
Jul 16th, 2015
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Vulnerability Report - Ubuntu (and underlying architecture) PrivEsc Vulnerability - All Current Releases - v0.9
  2. Overall Rating: Medium
  3. CVSSv2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C
  4. CVSSv2 Score: 6.8
  5. Vulnerability Type: Local Privilege Escalation
  6. Summary:
  7. The default configuration in Ubuntu 14.04.2LTS and earlier allows a user, given a specially crafted sequence of commands as a standard user, the ability to perform arbitrary command execution as a system user.
  8. Details:
  9. It was found through investigating the account management and security aspects of the Ubuntu 14.04.2LTS operating system, and the underlying kernel, that there was a significant flaw in the application of access restrictions to perform commands as a privileged user.
  10. This configuration could be exploited severely damage the confidentiality, integrity, and availability of data held within the system.
  11. The prerequisites for exploiting this vulnerability did mitigate some of the risk, however it is insufficient given the potential impact to a system should an in-the-wild payload be created.
  12. In order for this vulnerability to be realised, the following (default) conditions must be met:
  13. • An account with system privileges must exist:
  14. o The standard account under which the user is authenticated must be in the sudoers group
  15. o Or the root user must be enabled
  16. • A simple string set by the user, generally during initial configuration of the operating system or user account, must be known
  17. o This string is arbitrary but is usually relatively short
  18. o There are known common and default values for this string
  19. o By default there is no policy for having a strong, secure string
  20. o A previous vulnerability in Ubuntu has been discovered allowing for the brute forcing of this string
  21. UPDATE:
  22. It has been discovered that in the event certain conditions are met, remote exploitation of this vulnerability may be possible.
  23. Common services such as telnet, SSH and FTP may allow for remote exploitation, as if misconfigured these will allow for a separate remote command execution vulnerability, which can be used in conjuncture with this vulnerability.
  24. This increases the risk and therefore the CVSSv2 Scores have been recalculated accordingly:
  25. Overall Rating: Critical
  26. CVSSv2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
  27. CVSSv2 Score: 9
  28. Vulnerability Type: Remote Command Execution and Privilege Escalation
  30. NOTE: Due to the nature of this vulnerability the exact string has not been publicly disclosed but is available upon request for legitimate mitigation attempts
RAW Paste Data