module
Pi-Hole Remove Commands Linux Priv Esc
| Disclosed |
|---|
| Apr 20, 2021 |
Disclosed
Apr 20, 2021
Description
Pi-Hole versions 3.0 - 5.3 allows for command line input to the removecustomcname,
removecustomdns, and removestaticdhcp functions without properly validating
the parameters before passing to sed. When executed as the www-data user,
this allows for a privilege escalation to root since www-data is in the
sudoers.d/pihole file with no password.
removecustomdns, and removestaticdhcp functions without properly validating
the parameters before passing to sed. When executed as the www-data user,
this allows for a privilege escalation to root since www-data is in the
sudoers.d/pihole file with no password.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.