module
Solaris ypupdated Command Execution
| Disclosed | Created |
|---|---|
| 1994-12-12 | 2018-05-30 |
Disclosed
1994-12-12
Created
2018-05-30
Description
This exploit targets a weakness in the way the ypupdated RPC
application uses the command shell when handling a MAP UPDATE
request. Extra commands may be launched through this command
shell, which runs as root on the remote host, by passing
commands in the format '|'.
Vulnerable systems include Solaris 2.7, 8, 9, and 10, when
ypupdated is started with the '-i' command-line option.
application uses the command shell when handling a MAP UPDATE
request. Extra commands may be launched through this command
shell, which runs as root on the remote host, by passing
commands in the format '|'.
Vulnerable systems include Solaris 2.7, 8, 9, and 10, when
ypupdated is started with the '-i' command-line option.
Author
I)ruid druid@caughq.org
Platform
Solaris,Unix
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.