UBUNTU-CVE-2023-26604
- Source
- https://ubuntu.com/security/CVE-2023-26604
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-26604.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2023-26604
- Upstream
- Published
- 2023-03-03T16:15:00Z
- Modified
- 2025-09-08T16:56:11Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - low
- Summary
- [none]
- Details
-
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
- References
-
- https://ubuntu.com/security/CVE-2023-26604
- https://medium.com/@zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7
- https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340
- https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/
- https://www.cve.org/CVERecord?id=CVE-2023-26604
Affected packages
Ubuntu:Pro:14.04:LTS / systemd
Package
- Name
- systemd
- Purl
- pkg:deb/ubuntu/systemd@204-5ubuntu20.31+esm2?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
Other
204-0ubuntu18
204-0ubuntu19
204-5ubuntu3
204-5ubuntu5
204-5ubuntu6
204-5ubuntu7
204-5ubuntu8
204-5ubuntu9
204-5ubuntu10
204-5ubuntu11
204-5ubuntu13
204-5ubuntu14
204-5ubuntu15
204-5ubuntu16
204-5ubuntu17
204-5ubuntu18
204-5ubuntu19
204-5ubuntu20
204-5ubuntu20.*
204-5ubuntu20.2
204-5ubuntu20.3
204-5ubuntu20.4
204-5ubuntu20.5
204-5ubuntu20.6
204-5ubuntu20.7
204-5ubuntu20.8
204-5ubuntu20.9
204-5ubuntu20.10
204-5ubuntu20.11
204-5ubuntu20.12
204-5ubuntu20.13
204-5ubuntu20.14
204-5ubuntu20.15
204-5ubuntu20.18
204-5ubuntu20.19
204-5ubuntu20.20
204-5ubuntu20.21
204-5ubuntu20.22
204-5ubuntu20.24
204-5ubuntu20.25
204-5ubuntu20.26
204-5ubuntu20.28
204-5ubuntu20.29
204-5ubuntu20.31
204-5ubuntu20.31+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "1:204-5ubuntu20.31+esm2",
"binary_name": "gir1.2-gudev-1.0"
},
{
"binary_version": "1:204-5ubuntu20.31+esm2",
"binary_name": "libgudev-1.0-0"
},
{
"binary_version": "1:204-5ubuntu20.31+esm2",
"binary_name": "libgudev-1.0-dev"
},
{
"binary_version": "204-5ubuntu20.31+esm2",
"binary_name": "libpam-systemd"
},
{
"binary_version": "204-5ubuntu20.31+esm2",
"binary_name": "libsystemd-daemon-dev"
},
{
"binary_version": "204-5ubuntu20.31+esm2",
"binary_name": "libsystemd-daemon0"
},
{
"binary_version": "204-5ubuntu20.31+esm2",
"binary_name": "libsystemd-id128-0"
},
{
"binary_version": "204-5ubuntu20.31+esm2",
"binary_name": "libsystemd-id128-dev"
},
{
"binary_version": "204-5ubuntu20.31+esm2",
"binary_name": "libsystemd-journal-dev"
},
{
"binary_version": "204-5ubuntu20.31+esm2",
"binary_name": "libsystemd-journal0"
},
{
"binary_version": "204-5ubuntu20.31+esm2",
"binary_name": "libsystemd-login-dev"
},
{
"binary_version": "204-5ubuntu20.31+esm2",
"binary_name": "libsystemd-login0"
},
{
"binary_version": "204-5ubuntu20.31+esm2",
"binary_name": "libudev-dev"
},
{
"binary_version": "204-5ubuntu20.31+esm2",
"binary_name": "libudev1"
},
{
"binary_version": "204-5ubuntu20.31+esm2",
"binary_name": "python-systemd"
},
{
"binary_version": "204-5ubuntu20.31+esm2",
"binary_name": "systemd"
},
{
"binary_version": "204-5ubuntu20.31+esm2",
"binary_name": "systemd-services"
},
{
"binary_version": "204-5ubuntu20.31+esm2",
"binary_name": "udev"
}
]
}
Ubuntu:Pro:16.04:LTS / systemd
Package
- Name
- systemd
- Purl
- pkg:deb/ubuntu/systemd@229-4ubuntu21.31+esm3?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
Other
225-1ubuntu9
227-2ubuntu1
227-2ubuntu2
228-1ubuntu2
228-2ubuntu1
228-2ubuntu2
228-3ubuntu1
228-4ubuntu1
228-4ubuntu2
228-5ubuntu1
228-5ubuntu2
228-5ubuntu3
228-6ubuntu1
229-1ubuntu2
229-1ubuntu4
229-2ubuntu1
229-3ubuntu1
229-3ubuntu2
229-4ubuntu1
229-4ubuntu4
229-4ubuntu5
229-4ubuntu6
229-4ubuntu7
229-4ubuntu8
229-4ubuntu10
229-4ubuntu11
229-4ubuntu12
229-4ubuntu13
229-4ubuntu16
229-4ubuntu17
229-4ubuntu19
229-4ubuntu20
229-4ubuntu21
229-4ubuntu21.*
229-4ubuntu21.1
229-4ubuntu21.2
229-4ubuntu21.3
229-4ubuntu21.4
229-4ubuntu21.5
229-4ubuntu21.6
229-4ubuntu21.8
229-4ubuntu21.9
229-4ubuntu21.10
229-4ubuntu21.15
229-4ubuntu21.16
229-4ubuntu21.17
229-4ubuntu21.19
229-4ubuntu21.21
229-4ubuntu21.22
229-4ubuntu21.23
229-4ubuntu21.27
229-4ubuntu21.28
229-4ubuntu21.29
229-4ubuntu21.31
229-4ubuntu21.31+esm1
229-4ubuntu21.31+esm3
Ecosystem specific
{
"binaries": [
{
"binary_version": "229-4ubuntu21.31+esm3",
"binary_name": "libnss-myhostname"
},
{
"binary_version": "229-4ubuntu21.31+esm3",
"binary_name": "libnss-mymachines"
},
{
"binary_version": "229-4ubuntu21.31+esm3",
"binary_name": "libnss-resolve"
},
{
"binary_version": "229-4ubuntu21.31+esm3",
"binary_name": "libpam-systemd"
},
{
"binary_version": "229-4ubuntu21.31+esm3",
"binary_name": "libsystemd-dev"
},
{
"binary_version": "229-4ubuntu21.31+esm3",
"binary_name": "libsystemd0"
},
{
"binary_version": "229-4ubuntu21.31+esm3",
"binary_name": "libudev-dev"
},
{
"binary_version": "229-4ubuntu21.31+esm3",
"binary_name": "libudev1"
},
{
"binary_version": "229-4ubuntu21.31+esm3",
"binary_name": "systemd"
},
{
"binary_version": "229-4ubuntu21.31+esm3",
"binary_name": "systemd-container"
},
{
"binary_version": "229-4ubuntu21.31+esm3",
"binary_name": "systemd-coredump"
},
{
"binary_version": "229-4ubuntu21.31+esm3",
"binary_name": "systemd-journal-remote"
},
{
"binary_version": "229-4ubuntu21.31+esm3",
"binary_name": "systemd-sysv"
},
{
"binary_version": "229-4ubuntu21.31+esm3",
"binary_name": "udev"
}
]
}
Ubuntu:Pro:18.04:LTS / systemd
Package
- Name
- systemd
- Purl
- pkg:deb/ubuntu/systemd@237-3ubuntu10.57+esm2?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
Other
234-2ubuntu12
235-2ubuntu3
235-3ubuntu2
235-3ubuntu3
237-3ubuntu3
237-3ubuntu4
237-3ubuntu6
237-3ubuntu7
237-3ubuntu8
237-3ubuntu10
237-3ubuntu10.*
237-3ubuntu10.2
237-3ubuntu10.3
237-3ubuntu10.4
237-3ubuntu10.6
237-3ubuntu10.9
237-3ubuntu10.11
237-3ubuntu10.12
237-3ubuntu10.13
237-3ubuntu10.15
237-3ubuntu10.17
237-3ubuntu10.19
237-3ubuntu10.20
237-3ubuntu10.21
237-3ubuntu10.22
237-3ubuntu10.23
237-3ubuntu10.24
237-3ubuntu10.25
237-3ubuntu10.26
237-3ubuntu10.28
237-3ubuntu10.29
237-3ubuntu10.31
237-3ubuntu10.33
237-3ubuntu10.38
237-3ubuntu10.39
237-3ubuntu10.40
237-3ubuntu10.41
237-3ubuntu10.42
237-3ubuntu10.43
237-3ubuntu10.44
237-3ubuntu10.45
237-3ubuntu10.46
237-3ubuntu10.47
237-3ubuntu10.48
237-3ubuntu10.49
237-3ubuntu10.50
237-3ubuntu10.51
237-3ubuntu10.52
237-3ubuntu10.53
237-3ubuntu10.54
237-3ubuntu10.56
237-3ubuntu10.57
237-3ubuntu10.57+esm2
Ecosystem specific
{
"binaries": [
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "libnss-myhostname"
},
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "libnss-mymachines"
},
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "libnss-resolve"
},
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "libnss-systemd"
},
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "libpam-systemd"
},
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "libsystemd-dev"
},
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "libsystemd0"
},
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "libudev-dev"
},
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "libudev1"
},
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "systemd"
},
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "systemd-container"
},
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "systemd-coredump"
},
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "systemd-journal-remote"
},
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "systemd-sysv"
},
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "systemd-tests"
},
{
"binary_version": "237-3ubuntu10.57+esm2",
"binary_name": "udev"
}
]
}
Ubuntu:Pro:20.04:LTS / systemd
Package
- Name
- systemd
- Purl
- pkg:deb/ubuntu/systemd@245.4-4ubuntu3.24+esm1?arch=source&distro=esm-infra/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
Other
242-7ubuntu3
243-2ubuntu1
243-3ubuntu1
244-3ubuntu1
244.*
244.1-0ubuntu2
244.1-0ubuntu3
244.2-1ubuntu1
244.3-1ubuntu1
245.*
245.2-1ubuntu1
245.2-1ubuntu2
245.4-2ubuntu1
245.4-4ubuntu1
245.4-4ubuntu3
245.4-4ubuntu3.1
245.4-4ubuntu3.2
245.4-4ubuntu3.3
245.4-4ubuntu3.4
245.4-4ubuntu3.5
245.4-4ubuntu3.6
245.4-4ubuntu3.7
245.4-4ubuntu3.10
245.4-4ubuntu3.11
245.4-4ubuntu3.13
245.4-4ubuntu3.14
245.4-4ubuntu3.15
245.4-4ubuntu3.16
245.4-4ubuntu3.17
245.4-4ubuntu3.18
245.4-4ubuntu3.19
245.4-4ubuntu3.20
245.4-4ubuntu3.21
245.4-4ubuntu3.22
245.4-4ubuntu3.23
245.4-4ubuntu3.24
245.4-4ubuntu3.24+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "libnss-myhostname"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "libnss-mymachines"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "libnss-resolve"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "libnss-systemd"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "libpam-systemd"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "libsystemd-dev"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "libsystemd0"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "libudev-dev"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "libudev1"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "systemd"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "systemd-container"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "systemd-coredump"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "systemd-journal-remote"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "systemd-sysv"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "systemd-tests"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "systemd-timesyncd"
},
{
"binary_version": "245.4-4ubuntu3.24+esm1",
"binary_name": "udev"
}
]
}