Interscan Web Security 5.0 – Arbitrary File Upload / Privilege Escalation

• Exploit Database
• 8 阅读

• 作者： Ivan Huertas
  日期： 2010-06-23
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/14004/

• Advisory Name: Local Privilege Escalation in InterScan Web Security Virtual
  Apliance 5.0
  Internal Cybsec Advisory Id: 2010-0604
  Vulnerability Class: Local Privilege Escalation
  Release Date: 22-06-2010
  Affected Applications: InterScan Web Security Virtual Aplliance 5.0. Other versions may be affected
  Affected Platforms: Red Hat nash 5.1
  Local / Remote: Local
  Severity: Medium - CVSS: 6.8 (AV:L/AC:L/Au:S/C:C/I:C/A:C)
  Researcher: Ivan Huertas
  Vendor Status: Patched
  Reference to Vulnerability Disclosure Policy: http://www.cybsec.com/vulnerability_policy.pdf
  
  Vulnerability Description:
  InterScan Web Security Virtual Appliance has a shell called “uihelper” that has suid bit on. So it could be possible to execute commands as root. Also using the vulnerability “Arbitrary File Upload” remote commands could be run as root.
  
  https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14004.pdf (cybsec_advisory_2010_0604_InterScan_Web_Security_5_0_Local_Privilege_Escalation.pdf)