Sure, but this isn’t a privilege escalation, this requires privilege escalation, and it merely installs a backdoor that preserves that privilege.
It’s like installing something in cron or systemd, it’s not a vulnerability in itself, but it can allow an attacker to add a backdoor once they exploit a vulnerability once.
“Malware”? Fucking cybersec press is the worst.
What’s next, they’re gonna call “sudo” a 0-day vuln?
Not 0-day but it had a vew privilege escalation vulns already. https://thekh4tt4k.medium.com/sudo-vulnerability-in-linux-lead-to-privilege-escalation-cve-2023-22809-fbb7f300ef49
Sure, but this isn’t a privilege escalation, this requires privilege escalation, and it merely installs a backdoor that preserves that privilege.
It’s like installing something in cron or systemd, it’s not a vulnerability in itself, but it can allow an attacker to add a backdoor once they exploit a vulnerability once.
Ah fine, that was the first result in google, i didn’t read it enough. But there were some privilege escalations in sudo and lots more of misconfiguration. https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sudo