vendor:
BSD's eject.c
by:
harry
7.5
CVSS
HIGH
Local Privilege Escalation
CWE
Product Name: BSD's eject.c
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Local Root Exploit for BSD’s eject.c
This is a local root exploit for BSD's eject.c. It allows an attacker to escalate their privileges to root level. The vulnerability was found by kokanin. The exploit takes advantage of a buffer overflow in the eject program to overwrite the return address and execute arbitrary code.
Mitigation:
Apply the necessary patches or updates provided by the vendor. Remove the setuid bit from the eject program if not needed.