module
Solaris ypupdated Command Execution
Disclosed | Created |
---|---|
Dec 12, 1994 | May 30, 2018 |
Disclosed
Dec 12, 1994
Created
May 30, 2018
Description
This exploit targets a weakness in the way the ypupdated RPC
application uses the command shell when handling a MAP UPDATE
request. Extra commands may be launched through this command
shell, which runs as root on the remote host, by passing
commands in the format '|'.
Vulnerable systems include Solaris 2.7, 8, 9, and 10, when
ypupdated is started with the '-i' command-line option.
application uses the command shell when handling a MAP UPDATE
request. Extra commands may be launched through this command
shell, which runs as root on the remote host, by passing
commands in the format '|'.
Vulnerable systems include Solaris 2.7, 8, 9, and 10, when
ypupdated is started with the '-i' command-line option.
Author
I)ruid druid@caughq.org
Platform
Solaris,Unix
Architectures
cmd
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.