CVE-2025-32463 on 办公AI智能小助手 https://blog.qife122.com/tags/cve-2025-32463/ Recent content in CVE-2025-32463 on 办公AI智能小助手 Hugo zh-cn qife Wed, 17 Sep 2025 10:33:07 +0800 CVE-2025-32463漏洞利用:通过sudo chroot实现权限提升 https://blog.qife122.com/p/cve-2025-32463%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E9%80%9A%E8%BF%87sudo-chroot%E5%AE%9E%E7%8E%B0%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87/ Wed, 17 Sep 2025 10:33:07 +0800 https://blog.qife122.com/p/cve-2025-32463%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E9%80%9A%E8%BF%87sudo-chroot%E5%AE%9E%E7%8E%B0%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87/ <h1 id="cve-2025-32463">cve-2025-32463</h1> <h3 id="chroot">chroot</h3> <p><code>sudo chroot &lt;dir name&gt; &lt;command&gt;</code></p> <p>在选定的dir name中执行命令command</p> <h3 id="形成原理">形成原理</h3> <p>这个问题是在 sudo v1.9.14引入的,这个版本升级了chroot特性被使用时的匹配处理代码</p> CVE-2025-32463漏洞利用:无需gcc的sudo权限提升攻击 https://blog.qife122.com/p/cve-2025-32463%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E6%97%A0%E9%9C%80gcc%E7%9A%84sudo%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87%E6%94%BB%E5%87%BB/ Tue, 09 Sep 2025 01:37:13 +0800 https://blog.qife122.com/p/cve-2025-32463%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8%E6%97%A0%E9%9C%80gcc%E7%9A%84sudo%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87%E6%94%BB%E5%87%BB/ <h1 id="cve-2025-32463---无需gcc">CVE-2025-32463 - 无需gcc</h1> <p>通过sudo实现root权限提升,<strong>无需</strong>在目标系统上安装<strong>gcc</strong>。</p> <p>由<a href="https://www.stratascale.com/team/rich-mirch">Rich Mirch</a>发现。</p> <h2 id="受影响版本">受影响版本</h2> <ul> <li>易受攻击版本:sudo 1.9.14、1.9.15、1.9.16、1.9.17</li> <li>已修复版本:sudo 1.9.17p1及更高版本</li> <li>早于1.9.14的传统版本不受影响,因为它们不支持&ndash;chroot选项。</li> </ul> <hr> <h2 id="漏洞利用无需gcc">漏洞利用(无需gcc)</h2> <div align="center"> <a><img src="https://github.com/user-attachments/assets/0083dcfb-afd0-4eb0-bc0a-549c5d85c586" width="600px;" ></a> </div> <br> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span><span class="lnt">2 </span><span class="lnt">3 </span><span class="lnt">4 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-bash" data-lang="bash"><span class="line"><span class="cl"><span class="c1"># get_root.sh和get_root.py功能相同</span> </span></span><span class="line"><span class="cl">git clone https://github.com/MohamedKarrab/CVE-2025-32463.git </span></span><span class="line"><span class="cl"><span class="nb">cd</span> CVE-2025-32463 </span></span><span class="line"><span class="cl">./get_root.sh </span></span></code></pre></td></tr></table> </div> </div><p>目标机器上无需安装gcc。该PoC通过检查当前架构(如x86_64、aarch64),然后执行相应的动态预编译payload。如果失败,则默认使用静态payload。</p> CVE-2025-32463:通过sudo chroot实现权限提升至root的漏洞利用 https://blog.qife122.com/p/cve-2025-32463%E9%80%9A%E8%BF%87sudo-chroot%E5%AE%9E%E7%8E%B0%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87%E8%87%B3root%E7%9A%84%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/ Mon, 08 Sep 2025 23:10:31 +0800 https://blog.qife122.com/p/cve-2025-32463%E9%80%9A%E8%BF%87sudo-chroot%E5%AE%9E%E7%8E%B0%E6%9D%83%E9%99%90%E6%8F%90%E5%8D%87%E8%87%B3root%E7%9A%84%E6%BC%8F%E6%B4%9E%E5%88%A9%E7%94%A8/ <h1 id="cve-2025-32463通过sudo-chroot实现权限提升至root">CVE-2025-32463:通过sudo chroot实现权限提升至root</h1> <h2 id="概述">概述</h2> <p>CVE-2025-32463是一个漏洞,允许用户在Linux系统上将权限提升至root。这通过滥用<code>sudo chroot</code>命令实现。此漏洞利用不需要安装<code>gcc</code>编译器,使其对更广泛的用户可访问。</p>