Skip to content
May 22, 2025
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Primary Menu
  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Linux
  • Malware Attack
  • Open Source Tool
  • Technology
  • Vulnerability
  • Home
  • News
  • Vulnerability
  • CVE-2022-37706: Privilege Escalation Flaw in Popular Enlightenment Desktop for Linux
  • Vulnerability

CVE-2022-37706: Privilege Escalation Flaw in Popular Enlightenment Desktop for Linux

Ddos September 15, 2022 2 min read
CVE-2022-37706

A security researcher released CVE-2022-37706 PoC exploit code and write-up for a privilege escalation vulnerability in popular Enlightenment Desktop for Linux.

Enlightenment is a Window Manager, Compositor, and Minimal Desktop for Linux (the primary platform), BSD, and any other compatible UNIX system. Enlightenment is classed as a “desktop shell” as it provides everything you need to operate your desktop or laptop, but it is not a full application suite. This covers functionality including launching applications, managing their windows, and performing system tasks like suspending, rebooting, managing files, and so on.

CVE-2022-37706

After installing the enlightenment, the researcher found three interesting binaries, including utils/enlightenment_ckpasswd, utils/enlightenment_system, and enlightenment_sys. These files install some SUID binaries, so a Linux user can use one of those to escalate to the root.

The researcher is interested in the enlightenment_sys file and analytics it using Ghidra. “The binary take all security precautions before running system, but sadly we can always inject our input in there,” read the write-up.

“Now eina_strbuf_new() will just initialize the command that will be passed to system, the problem here is that we entered it as:

/bin/mount -o noexec,nosuid,utf8,nodev,iocharset=utf8,utf8=0,utf8=1,uid=$(id -u), “/dev/../tmp/;/tmp/exploit” /tmp///net

But the binary calls eina_strbuf_append_printf() for several times and becomes
/bin/mount -o noexec,nosuid,utf8,nodev,iocharset=utf8,utf8=0,utf8=1,uid=$(id -u), /dev/../tmp/;/tmp/exploit /tmp///net
Notice that double quotes are removed, and we will be able to call /tmp/exploit as root.”  

The PoC exploit code and write-up for the CVE-2022-37706 flaw is available on Github.

There is no patch for the bug at this time. It’s recommended that users update Enlightenment Desktop as soon as they are available. They’re also recommended to allow only trusted users to access local systems and always monitor affected systems.

Rate this post

Found this helpful?

If this article helped you, please share it with others who might benefit.

Tags: CVE-2022-37706 Enlightenment Desktop

Continue Reading

Previous: CVE-2022-40283: command injection flaw affects multiple Lenovo products
Next: A Guide to Privacy Tools for Students

Search

💙 Support Us!
We need 50 contributors this month to keep this site running.
19 of 50 supporters this month
☕ Buy Me a Coffee PayPalDonate
Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    Copyright © All rights reserved.
    x