root user’s PATH environment variable included the current directory (“.”).This allowed scripts or binaries in the working directory to be executed with root privileges. The misconfiguration resulted in potential privilege escalation and unsafe behavior.
PoC代码[已公开]
id: root-path-dot
info:
name: Root PATH Contains Current Directory
author: songyaeji
severity: high
description: |
root user’s PATH environment variable included the current directory (“.”).This allowed scripts or binaries in the working directory to be executed with root privileges. The misconfiguration resulted in potential privilege escalation and unsafe behavior.
reference:
- https://isms.kisa.or.kr/main/csap/notice/
- https://www.hackingarticles.in/linux-privilege-escalation-using-path-variable/
metadata:
verified: true
tags: local,linux,audit,privesc,kisa
self-contained: true
code:
- engine:
- sh
source: |
echo $PATH | grep -Eq '(^\.?:|:.:|:\.$|^\.$)' && echo "dot-in-path" || echo "safe-path"
matchers:
- type: word
part: response
words:
- "dot-in-path"
# digest: 4b0a004830460221009bc443da27ba4a09097561e6237be8676c76bea133bb051901740f075e5ffe6d022100b56139ecfd6da3702a70cee28aba51fbdc9dde4be9ae7742a31c020ee5bccebb:922c64590222798bb761d5b6d8e72950