|
0 members (),
556
guests, and
27
robots. |
Key:
Admin,
Global Mod,
Mod
|
S |
M |
T |
W |
T |
F |
S |
|
|
|
1
|
2
|
3
|
4
|
5
|
6
|
7
|
8
|
9
|
10
|
11
|
12
|
13
|
14
|
15
|
16
|
17
|
18
|
19
|
20
|
21
|
22
|
23
|
24
|
25
|
26
|
27
|
28
|
29
|
30
|
31
|
|
There are no members with birthdays on this day. |
#479930
Sun 25 Nov 2018 11:09:PM
|
Joined: Feb 2001
Posts: 381,903
Launch Director
|
OP
Launch Director
Joined: Feb 2001
Posts: 381,903 |
This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and run arbitrary code under root privileges. This Metasploit module has been tested with OpenBSD 6.3, 6.4, and CentOS 7 (1708). CentOS default install will require console auth for the users session. Cron launches the payload so if Selinux is enforcing exploitation may still be possible, but the module will bail. Xorg must have SUID permissions and may not start if running. On exploitation a crontab.old backup file will be created by Xorg. This Metasploit module will remove the .old file and restore crontab after successful exploitation. Failed exploitation may result in a corrupted crontab. On successful exploitation artifacts will be created consistent with starting Xorg and running a cron. Source: Xorg X11 Server SUID Privilege Escalation
David Cottle
UBB Owner & Administrator
|
|
CMS The Best Conveyancing solicitors conveyancing quotes throughout the UK
For any webhosting enquiries please email webmaster@aus-city.com
|
Forums60
Topics684,850
Posts719,461
Members2,957
|
Most Online3,142 Jan 16th, 2023
|
|
|
|
Copyright 1996 - 2023 by David Cottle. Designed by David Bate Jr. All Rights Reserved.
By using this forum, the user agrees not to transfer any data or technical information received under the agreement, to any other entity without the express approval of the AUS-CITY Forum Admins and/or authors of individual posts (Forum Admins and DoD/USSPACECOM for the analysis of satellite tracking data).
Two-line elements (TLE) and all other satellite data presented and distributed via this forum and e-mail lists of AUS-CITY are distributed with permission from DoD/USSTRATCOM.
Reprise Hosting
|
|