Listen to this Post
How the CVE Works
When a new user logs in via SSH on an Ubuntu system using authd, the authentication daemon incorrectly assigns them to the `root` group due to a misconfiguration in group membership handling. This occurs because the daemon fails to validate existing user entries before applying default group permissions. As a result, an attacker gaining initial access can escalate privileges by inheriting root group permissions, allowing unauthorized file access and system modifications.
DailyCVE Form
Platform: Ubuntu
Version: authd (pre-619ce8e)
Vulnerability: Privilege Escalation
Severity: Critical
Date: 2025-06-16
Prediction: Patch expected by 2025-06-30
What Undercode Say
Analytics:
Check authd version $ authd --version Verify SSH config $ grep -E "UsePAM|KbdInteractiveAuthentication" /etc/ssh/sshd_config List users in root group $ getent group root
How Exploit
1. Gain initial SSH access.
2. Execute commands with root group permissions.
- Modify system files or escalate to full root.
Protection from this CVE
1. Apply patch `ubuntu/authd@619ce8e`.
2. Disable `authd` in SSH config:
UsePAM no KbdInteractiveAuthentication no
Impact
- Unauthorized root group access.
- Local privilege escalation.
- System compromise.
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
