module
MagniComp SysInfo mcsiwrapper Privilege Escalation
| Disclosed | Created |
|---|---|
| Sep 23, 2016 | Jun 14, 2018 |
Disclosed
Sep 23, 2016
Created
Jun 14, 2018
Description
This module attempts to gain root privileges on systems running
MagniComp SysInfo versions prior to 10-H64.
The .mcsiwrapper suid executable allows loading a config file using the
'--configfile' argument. The 'ExecPath' config directive is used to set
the executable load path. This module abuses this functionality to set
the load path resulting in execution of arbitrary code as root.
This module has been tested successfully with SysInfo version
10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on
Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.
MagniComp SysInfo versions prior to 10-H64.
The .mcsiwrapper suid executable allows loading a config file using the
'--configfile' argument. The 'ExecPath' config directive is used to set
the executable load path. This module abuses this functionality to set
the load path resulting in execution of arbitrary code as root.
This module has been tested successfully with SysInfo version
10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on
Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.
Authors
Daniel Lawson
Romain Trouve
bcoles bcoles@gmail.com
Romain Trouve
bcoles bcoles@gmail.com
Platform
Linux,Solaris
Architectures
x86, x64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.