Back to search

Solaris ypupdated Command Execution

This exploit targets a weakness in the way the ypupdated RPC application uses the command shell when handling a MAP UPDATE request. Extra commands may be launched through this command shell, which runs as root on the remote host, by passing commands in the format '|<command>'. Vulnerable systems include Solaris 2.7, 8, 9, and 10, when ypupdated is started with the '-i' command-line option.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

Download Now

Module Name

exploit/solaris/sunrpc/ypupdated_exec

Authors

I)ruid <druid [at] caughq.org>

References

Targets

Automatic

Platforms

solaris
unix

Architectures

Reliability

Excellent

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':


      msf > use exploit/solaris/sunrpc/ypupdated_exec
      msf exploit(ypupdated_exec) > show targets
            ...targets...
      msf exploit(ypupdated_exec) > set TARGET <target-id>
      msf exploit(ypupdated_exec) > show options
            ...show and set options...
      msf exploit(ypupdated_exec) > exploit

THREAT EXPOSURE MANAGEMENT

INCIDENT DETECTION & RESPONSE

CYBER SECURITY SERVICES

MANAGED SERVICES FOR PRODUCTS

TRAINING & CERTIFICATION

Community & Blog

Retail Store

Reviews

Free Downloads

Videos & Media

Papers / Guides

All resources

Company

Buzz

Engage with us

Customers