• Close
  • Back to search

    Solaris ypupdated Command Execution

    This exploit targets a weakness in the way the ypupdated RPC application uses the command shell when handling a MAP UPDATE request. Extra commands may be launched through this command shell, which runs as root on the remote host, by passing commands in the format '|<command>'. Vulnerable systems include Solaris 2.7, 8, 9, and 10, when ypupdated is started with the '-i' command-line option.

    Free Metasploit Download

    Get your copy of the world's leading penetration testing tool

     Download Now

    Module Name

    exploit/solaris/sunrpc/ypupdated_exec

    Authors

    • I)ruid <druid [at] caughq.org>

    References

    Targets

    • Automatic

    Platforms

    • solaris
    • unix

    Architectures

    • cmd

    Reliability

    Development

    Module Options

    To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

    msf > use exploit/solaris/sunrpc/ypupdated_exec msf exploit(ypupdated_exec) > show targets ...targets... msf exploit(ypupdated_exec) > set TARGET <target-id> msf exploit(ypupdated_exec) > show options ...show and set options... msf exploit(ypupdated_exec) > exploit