Awk sudo priv escalation vuln has wrong path for awk

cliffe / SecGen

Create randomly insecure VMs

GNU General Public License v3.0

2.62k stars 316 forks source link

Awk sudo priv escalation vuln has wrong path for awk #316

Open cliffe opened 5 months ago

cliffe commented 5 months ago

https://github.com/cliffe/SecGen/blob/3135bf46c728baba40646c20cb9db24559ed05e6/modules/vulnerabilities/unix/access_control_misconfigurations/sudo_root_awk/manifests/config.pp#L12

Update to also include /usr/bin/awk

cliffe commented 5 months ago

Also update to allow any arguments:

 content => "ALL  ALL=(root) /usr/bin/awk *, /bin/awk *",

cliffe commented 4 months ago

Update: it seems the system is still vulnerable, even with the wrong path specified (because the secure_path sudo setting includes /usr/sbin/). Although the fact that the specified path doesn't exist may cause some confusion.