关联漏洞
标题:Sudo 安全漏洞 (CVE-2025-32463)Description:Sudo是一款使用于类Unix系统的,允许用户通过安全的方式使用特殊的权限执行命令的程序。 Sudo 1.9.17p1之前版本存在安全漏洞,该漏洞源于使用用户控制目录中的/etc/nsswitch.conf可能导致获取root访问权限。
Description
Practical security research project exploiting CVE-2025-32463 to gain root access on a vulnerable sudo version. Includes write-up, PoC, and mitigation steps.
介绍
# CVE-2025-32463-Sudo-Privilege-Escalation
✔️ Completed on HackViser (VIP Challenge)
This repository contains a working exploit for **CVE-2025-32463**, a critical vulnerability (CVSS 9.3) affecting `sudo` versions **1.9.14 → 1.9.17** that allows **local privilege escalation to ROOT** by abusing the **--chroot (-R)** option.
The exploit abuses a shared library load via `libnss_` inside a temporary chroot environment to execute an arbitrary command as root.
---
## 🚨 Vulnerability Summary
| Field | Details |
|------|---------|
| CVE | **CVE-2025-32463** |
| Affected Versions | sudo 1.9.14 – 1.9.17 |
| Fixed Version | 1.9.17p1 |
| Severity | **Critical (9.3 CVSS)** |
| Attack Vector | Local |
| Impact | Full Root Privilege Escalation |
| Mitigation | Upgrade / Disable chroot option |
---
## 🧑💻 HackViser Challenge Details
**Task:**
Gain root access on the target machine and retrieve the flag from:
1️⃣ SSH into the target machine
# ssh guest@<TARGET-IP>
2️⃣ Move into /tmp (writeable location)
# cd /tmp
3️⃣ Create exploit file
# nano run.sh
4️⃣ Paste the exploit (script below)
Save ➝ Ctrl+X ➝ Y ➝ Enter
5️⃣ Make executable
chmod +x run.sh
6️⃣ Run exploit
./run.sh
7️⃣ Verify root access
id
whoami
8️⃣ Read the flag
cat /secret.txt
文件快照
[4.0K] /data/pocs/58ffcff74ccf6d6c1b7a036e507a276d85005368
├── [ 157] Defensive Recommendations
├── [1.0K] License
├── [1.3K] README.md
└── [1.0K] sudo-chwoot.sh
1 directory, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。