How to get root on Ubuntu 20.04 by pretending nobody’s /home Kevin Backhouse
... This blog post is about an astonishingly straightforward way to escalate privileges on Ubuntu. With a few simple commands in the terminal, and a few mouse clicks, a standard user can create an administrator account for themselves. I have made a short demo video, to show how easy it is. It's unusual for a vulnerability on a modern operating system to be this easy to exploit. I have, on some occasions, written thousands of lines of code to exploit a vulnerability. Most modern exploits involve complicated trickery, like using a memory corruption vulnerability to forge fake objects in the heap, or replacing a file with a symlink with microsecond accuracy to exploit a TOCTOU vulnerability. So these days it’s relatively rare to find a vulnerability that doesn’t require coding skills to exploit. I also think the vulnerability is easy to understand, even if you have no prior knowledge of how Ubuntu works or any security research experience. ... https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE _______________________________________________ Medianews mailing list [email protected] http://etskywarn.net/mailman/listinfo/medianews_etskywarn.net
