Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation

This Metasploit module abuses a command injection on the clearkeys.pl perl script, installed with the Sophos Web Protection Appliance, to escalate privileges from the "spiderman" user to "root". This Metasploit module is useful for post exploitation of vulnerabilities on the Sophos Web Protection...

Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Sophos Web Protection Appliance - clear_keys.pl Privilege Escalation (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

CVE-2013-4984

The CVE-2013-4984 issue affects Sophos Web Protection Appliance: the close_connections() function in /opt/cma/bin/clear_keys.pl allows local privilege escalation via shell metacharacters in the second argument, on affected builds before 3.7.9.1 and 3.8 before 3.8.1.1. Root cause is improper escap...