关联漏洞
标题:
Sudo 安全漏洞
(CVE-2025-32463)
描述:Sudo是一款使用于类Unix系统的,允许用户通过安全的方式使用特殊的权限执行命令的程序。 Sudo 1.9.17p1之前版本存在安全漏洞,该漏洞源于使用用户控制目录中的/etc/nsswitch.conf可能导致获取root访问权限。
描述
Privilege escalation to root using sudo chroot, NO NEED for gcc installed.
介绍
# CVE-2025-32463 - No gcc required
Privilege escalation to root via sudo, with **NO NEED** for **gcc** to be installed on the target.
Discovered by [Rich Mirch](https://www.stratascale.com/team/rich-mirch).
## Affected Versions
- Vulnerable: sudo 1.9.14, 1.9.15, 1.9.16, 1.9.17
- Patched in: sudo 1.9.17p1 and later
- Legacy versions older than 1.9.14 are not affected, as they don't support the --chroot option.
---
## Exploit (gcc is NOT required)
<div align="center">
<a><img src="https://github.com/user-attachments/assets/0083dcfb-afd0-4eb0-bc0a-549c5d85c586" width="600px;" ></a>
</div>
<br>
```bash
# get_root.sh and get_root.py do the same thing.
git clone https://github.com/MohamedKarrab/CVE-2025-32463.git
cd CVE-2025-32463
./get_root.sh
```
No gcc is required on the target machine. The PoC works by checking the current
architecture (e.g., x86_64, aarch64), then executing the corresponding dynamically
pre-compiled payload. If that fails, it defaults to the static one.
If the exploit fails on your machine, you can still compile it using:
```bash
./mkall-dynamic.sh
# then run
./get_root.sh
```
But you will obviously need a compiler at this point.
---
## Disclaimer
- This code is for **educational and testing purposes only**.
- Use only on systems **you own or have explicit permission** to test.
- I am **not responsible** for misuse or damages.
## References
- [NVD - CVE-2025-32463](https://nvd.nist.gov/vuln/detail/CVE-2025-32463)
- [Stratascale - CVE-2025-32463 sudo chroot](https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot)
文件快照
[4.0K] /data/pocs/eed55a4569e3bd98fbf10b0a1944a0545cac350e
├── [4.0K] archs-dynamic
│ ├── [ 91K] king.aarch64.b64
│ ├── [ 89K] king.armv7l.b64
│ ├── [ 19K] king.i386.b64
│ ├── [ 10K] king.riscv64.b64
│ └── [ 20K] king.x86_64.b64
├── [4.0K] archs-static
│ ├── [ 28K] king.aarch64.b64
│ ├── [ 26K] king.armv7l.b64
│ ├── [ 29K] king.i386.b64
│ ├── [9.5K] king.riscv64.b64
│ └── [ 31K] king.x86_64.b64
├── [2.4K] get_root.py
├── [1.7K] get_root.sh
├── [1.0K] LICENSE
├── [ 989] mkall-dynamic.sh
└── [1.6K] README.md
2 directories, 15 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。