Mastodawn

morgen Jul 11, 2025

@markuswerle Gotcha. I spun up a debian docker container to run the exploit on. Debian's sudo is also too old, so I installed the .deb for 1.9.15 that's provided on sudo's GitHub repo. I can share the Dockerfile for that later if you want.

Show thread

morgen Jul 11, 2025

@markuswerle I don't have much experience with wsl, but it looks like sudo is missing the setuid bit on your install somehow. Can you check that it has the setuid bit and that sudo functions properly on its own? Also, sudo versions 1.9.14 to 1.9.17 (inclusive) are affected by the vuln. (https://www.sudo.ws/security/advisories/chroot_bug/)

Local Privilege Escalation via chroot option

An attacker can leverage sudo’s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file. Sudo versions affected: Sudo versions 1.9.14 to 1.9.17 inclusive are affected. CVE ID: This vulnerability has been assigned CVE-2025-32463 in the Common Vulnerabilities and Exposures database.

Sudo

morgen Jul 11, 2025

Just published a proof-of-concept exploit for CVE-2025-32463, a new Linux privilege escalation vulnerability affecting sudo discovered and disclosed by Stratascale about 2 weeks ago.

The PoC is available on GitHub. A full technical writeup will be published on my blog soon.

GitHub: https://github.com/morgenm/sudo-chroot-CVE-2025-32463

#CyberSecurity #ExploitDev #Linux #CVE #PrivilegeEscalation #Infosec #Exploit #Rust #PrivEsc

GitHub - morgenm/sudo-chroot-CVE-2025-32463: Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc)

Rust PoC for CVE-2025-32463 (sudo chroot "chwoot" Local PrivEsc) - morgenm/sudo-chroot-CVE-2025-32463

GitHub