Vulners
Lucene search
suidperl Privilege Escalation (PROCSUID)
| Source | Link |
|---|---|
| github | www.github.com/x0rz/EQGRP |
#TRUSTED 68e95c580fd11ea7b6d9503f3c5c6a7765783dcf6767542ef95ab0bb8302e44cad332e3918fbdd87aeef0c3df57cc42dd8a12d3d1863e2dc08dba6c69f2547acab44547bd711074b02851b4a60feb436c59beeff7700cb00c8fe890d3cbfda0e9798cc69919d8d74ca0411cc4599fd662defc851a3e30b9b4be2627d26ac7fa4501cfb9ea63192f486316482b935d8f18ec0b7202861d5cac523f0f91d197a92c580840c5929d028641a9514c4ce5b90327b996cfe68bcca99f28bae44988aa9abaf3b9bad652c44cc786ec5dc50b5ade07ed075bac953fbc9a85fb3ae5a1d38e92cf48341e6c5751743c646018d263be4d9c47c155442fdd895f30925e5f6de47eb72937dbcb30658055e6ff4edae00e40dd7e9e3341de0c541b2900a6737ab7dd7b31db3bcd98ad0d2c35dfd0267e8e18bbadaa0c96097820dc668327ccf1ffa4cb7b2c61a4d297905999e017fdbb5e18bc8efc079cd9bf8bab25d7ac45e872147fbccfa433a3cd148841b4d70b8e2a61e18f4aa7677d713b82984200576981801f2ea445e179de6bc3a5c83cb585dfa21e972618232f8be228d11322787e7f856d6e48353fa3a7a85fe2eca1e09b1f3d949a7a9f57e3fc7bff16fe3cf7510ae61da181d29da3fcb1e2f4dc814e96ea98ef53ebfc023caef42c1d6522f96a18f640884791f6dd0c8b19e50ebf27f1a3ae01336c1db724ae5f6aa7f838e96a8
#TRUST-RSA-SHA256 585a3f519b86b8bac0c6b0bd2403607f94c6c53459395f6c9a5a165c11a9c40fc6799eab9a825c396c102976c65084b7405d293e81974a079b7272ca032c2bdb170465de3d7f7e83eb38542d82c7a0fff3086d0794434c49ff7aa292710cf7465200c6a1fe2328fbe09def259b450f72780c2d9b8c73ec883d81ba3d85628c9178f05eb5be0740fc8035bb723782963f5dad16ed25fa0b8bae4360b47b6374f2f199e56df60b0afd17d8fb8f998c97f137304e926f3729f9d48a5fdcd6558de6f8f4993555d59d39a274ce93b48c1d2dadf6a7fd26600d1a839d30ead668f11fb09c4609ca6bd216f3ed87aa7ecd33099ab02171d0099c14d75d617f6eecbd3c1befd84d6b310e6f01d03a430e103d7422cb16e58956871afee4f52f6062f8dbd9ce9800b7a506438a982715108332952267ce3c02bb6a4ef5075f531627684e855206491139a943bfbcbaa4dba7abd31e54d9ea6fd4adc2517134bf4edb86adb675812de7ff686a934c310fea45a65ce6fa714d66f50a3194a0cefd85db473bd8b24aaaa4570437410dc8bfed00b16dedff6de9ace4bd51cb0789c87f5e5794b3ce80e1041e2b2c22888b180a88c9ee3f25901f8cbe140db589b48fa64cfc3f443620dcb24404c8103488f23d8c5c1023b2cdc5eaf9668661f124da62003bbf67ea2ef72c11ba5c2985d30a4e1798dd7eddabd5b13021c5cedc3d09f9c55c9a
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(100571);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/12");
script_name(english:"suidperl Privilege Escalation (PROCSUID)");
script_summary(english:"Checks for an installation of suidperl.");
script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by a privilege escalation vulnerability.");
script_set_attribute(attribute:"description", value:
"The suidperl application is installed on the remote host. It is,
therefore, affected by a privilege escalation vulnerability that
allows a local attacker to gain root privileges.
PROCSUID is one of multiple Equation Group vulnerabilities and
exploits disclosed on 2017/04/08 by a group known as the Shadow
Brokers.");
script_set_attribute(attribute:"see_also", value:"https://github.com/x0rz/EQGRP");
script_set_attribute(attribute:"solution", value:
"Remove the affected software.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_attribute(attribute:"cvss_score_source", value:"manual");
script_set_attribute(attribute:"cvss_score_rationale", value:"Manual analysis of the vulnerability");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/06/01");
script_set_attribute(attribute:"agent", value:"unix");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:perl:suid");
script_set_attribute(attribute:"in_the_news", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2017-2026 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('ssh_func.inc');
include('ssh_globals.inc');
enable_ssh_wrappers();
vuln = 0;
distros = make_list(
"Host/AIX/lslpp",
"Host/AmazonLinux/rpm-list",
"Host/CentOS/rpm-list",
"Host/Debian/dpkg-l",
"Host/FreeBSD/pkg_info",
"Host/Gentoo/qpkg-list",
"Host/HP-UX/swlist",
"Host/MacOSX/packages",
"Host/Mandrake/rpm-list",
"Host/McAfeeLinux/rpm-list",
"Host/OracleVM/rpm-list",
"Host/RedHat/rpm-list",
"Host/Slackware/packages",
"Host/SuSE/rpm-list",
"Host/XenServer/rpm-list"
);
check_pat = INJECTION_PATTERN;
installed_package = "";
var pkgmgr;
foreach pkgmgr (distros)
{
pkgs = get_kb_item(pkgmgr);
if(!isnull(pkgs) && ("suidperl" >< pkgs || "perl-suid" >< pkgs))
{
match = pregmatch(pattern:"(perl-suid\s*(?:perl)?[^\\|\s]+)", string:pkgs);
if(!empty_or_null(match) && !empty_or_null(match[1])) installed_package = match[1];
vuln++;# make it vuln
break;
}
}
ret = info_connect();
if (!ret) audit(AUDIT_FN_FAIL, 'ssh_open_connection');
error = NULL;
p_dir = info_send_cmd(cmd:"which perl");
if(!empty_or_null(p_dir))
{
if(p_dir =~ check_pat)
{
if(info_t == INFO_SSH)
ssh_close_connection();
exit(0, "Supplied path string contains disallowed characters.");
}
cmd = "dirname " + chomp(p_dir);
p_dir = info_send_cmd(cmd:cmd);
p_dir = chomp(p_dir);
error = ssh_cmd_error();
if(!empty_or_null(error))
{
if(info_t == INFO_SSH)
ssh_close_connection();
if(error =~ "dirname:\s*missing operand") audit(AUDIT_NOT_INST, "perl");
else exit(0, "The following error was encountered : "+error);
}
}
if(empty_or_null(p_dir))
{
if(info_t == INFO_SSH)
ssh_close_connection();
audit(AUDIT_NOT_INST, "perl");
}
if(p_dir =~ check_pat)
{
if(info_t == INFO_SSH)
ssh_close_connection();
exit(0, "Supplied path string contains disallowed characters.");
}
error = NULL;
cmd = "ls -l " + p_dir + "/sperl*";
lsperl = info_send_cmd(cmd:cmd);
error = ssh_cmd_error();
if(info_t == INFO_SSH)
ssh_close_connection();
if(!empty_or_null(error))
{
if(error =~ "No such file or directory") audit(AUDIT_NOT_INST, "suidperl");
else exit(0, "The following error was encountered : "+error);
}
if(!empty_or_null(lsperl) && lsperl =~ p_dir+"/sperl")
{
if (lsperl =~ "^.rws")
{
pattern = "("+ p_dir + "/sperl.*)\s*$";
path = pregmatch(pattern:pattern, string:lsperl);
path = path[1];
vuln ++;
}
else audit(AUDIT_HOST_NOT, "affected. suidperl was found but its setuid bit is not set");
}
if(vuln)
{
report = 'The remote host has a vulnerable version of suidperl installed: \n';
if(!empty_or_null(installed_package)) report += '\n Installed Package : ' + installed_package;
if(!empty_or_null(path)) report += '\n Path : ' + path + '\n';
security_report_v4(severity:SECURITY_HOLE, extra:report, port:0);
}
else audit(AUDIT_NOT_INST, "suidperl");
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Jan 2026 00:00Current
5.7Medium risk
Vulners AI Score5.7