CVE-2013-2012
📋 TL;DR
This vulnerability in autojump allows local users to escalate privileges by placing a malicious custom_install directory in the current working directory. When autojump runs, it executes scripts from this directory with the user's privileges, potentially leading to privilege escalation. Users of autojump versions before 21.5.8 are affected.
💻 Affected Systems
- autojump
📦 What is this software?
Autojump by Autojump Project
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains root privileges on the system, enabling complete system compromise, data theft, and persistent backdoor installation.
Likely Case
Local user with limited privileges escalates to higher privileges (potentially root) by tricking another user into running autojump in a malicious directory.
If Mitigated
Attack fails due to proper directory permissions, user awareness, or patched software.
🎯 Exploit Status
Exploitation requires local access and tricking a user into running autojump in a malicious directory. The exploit is simple to implement.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 21.5.8 and later
Vendor Advisory: https://github.com/wting/autojump/commit/ad09ee27d402be797b3456abff6edeb4291edfec
Restart Required: No
Instructions:
1. Update autojump using your package manager (e.g., 'sudo apt-get update && sudo apt-get install autojump' on Debian/Ubuntu). 2. Alternatively, update via pip: 'pip install --upgrade autojump'. 3. Verify the version is 21.5.8 or higher.
🔧 Temporary Workarounds
Remove custom_install directory
linuxDelete any custom_install directories in directories you use with autojump to prevent exploitation.
find . -type d -name 'custom_install' -exec rm -rf {} +
Avoid untrusted directories
allDo not run autojump in directories you do not trust or control.
🧯 If You Can't Patch
- Restrict user permissions to prevent creation of custom_install directories in shared locations.
- Educate users to avoid running autojump in untrusted directories and monitor for suspicious activity.
🔍 How to Verify
Check if Vulnerable:
Check autojump version: 'autojump --version' or 'dpkg -l | grep autojump' on Debian/Ubuntu. If version is below 21.5.8, it is vulnerable.Check Version:
autojump --versionVerify Fix Applied:
After updating, run 'autojump --version' to confirm version is 21.5.8 or higher.📡 Detection & Monitoring
Log Indicators:
- Unusual process execution from custom_install directories, privilege escalation attempts in system logs.
Network Indicators:
- None - this is a local exploit.
SIEM Query:
Search for processes spawned from paths containing 'custom_install' or autojump execution in suspicious directories.🔗 References
- http://www.openwall.com/lists/oss-security/2013/04/25/14
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2012
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83827
- https://github.com/wting/autojump/commit/ad09ee27d402be797b3456abff6edeb4291edfec
- https://github.com/wting/autojump/commit/c763b2afadb188ab52849c21d43d2e8fe5b8800a
- https://security-tracker.debian.org/tracker/CVE-2013-2012
- http://www.openwall.com/lists/oss-security/2013/04/25/14
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2012
- https://exchange.xforce.ibmcloud.com/vulnerabilities/83827
- https://github.com/wting/autojump/commit/ad09ee27d402be797b3456abff6edeb4291edfec
- https://github.com/wting/autojump/commit/c763b2afadb188ab52849c21d43d2e8fe5b8800a
- https://security-tracker.debian.org/tracker/CVE-2013-2012
