module
HP Performance Monitoring xglance Priv Esc
| Disclosed | Created |
|---|---|
| 2014-11-19 | 2020-05-01 |
Disclosed
2014-11-19
Created
2020-05-01
Description
This exploit takes advantage of xglance-bin, part of
HP's Glance (or Performance Monitoring) version 11 'and subsequent'
, which was compiled with an insecure RPATH option. The RPATH includes
a relative path to -L/lib64/ which can be controlled by a user.
Creating libraries in this location will result in an
escalation of privileges to root.
HP's Glance (or Performance Monitoring) version 11 'and subsequent'
, which was compiled with an insecure RPATH option. The RPATH includes
a relative path to -L/lib64/ which can be controlled by a user.
Creating libraries in this location will result in an
escalation of privileges to root.
Authors
h00die
Tim Brown
Robert Jaroszuk
Marco Ortisi
Tim Brown
Robert Jaroszuk
Marco Ortisi
Platform
Linux
Architectures
x86, x64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.