header-logo
Suggest Exploit
vendor:
klibc
by:
Not specified
7.5
CVSS
HIGH
Shell Command Execution
Shell Command Injection (78)
CWE
Product Name: klibc
Affected Version From: Prior to klibc 1.5.22
Affected Version To: Not specified
Patch Exists: YES
Related CWE: Not specified
CPE: Not specified
Metasploit:
Other Scripts:
Platforms Tested: Not specified
Not specified

klibc Shell Command Execution Vulnerability

klibc is prone to a shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary shell commands in the context of the application that uses the vulnerable library.

Mitigation:

Update to klibc version 1.5.22 or later to mitigate this vulnerability. Additionally, input sanitization should be performed to prevent arbitrary shell command execution.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47924/info

klibc is prone to a shell-command-execution vulnerability because the application fails to properly sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary shell commands in the context of the application that uses the vulnerable library.

Versions prior to klibc 1.5.22 are vulnerable.

DNSDOMAIN="\\\"\$(echo owned; touch /tmp/owned)"

Navigation

Suggest Exploit

Services By CQR