header-logo
Suggest Exploit
vendor:
PonyOS
by:
Hacker Fantastic
7.8
CVSS
HIGH
Privilege Escalation
20
CWE
Product Name: PonyOS
Affected Version From: 3
Affected Version To: 3
Patch Exists: YES
Related CWE: N/A
CPE: o:ponyos:ponyos:3.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: 3
2015

PonyOS <= 3.0 ELF loader privilege escalation

PonyOS is vulnerable to a privilege escalation vulnerability in the ELF loader. The vulnerability is caused by a lack of validation of the ELF header, which allows an attacker to craft a malicious ELF file that can be used to gain root privileges. The vulnerability can be exploited by an attacker who has access to the system, either locally or remotely. The attacker can then upload the malicious ELF file to the system and execute it, which will result in the attacker gaining root privileges.

Mitigation:

The vendor has released a patch to address the vulnerability. Users should upgrade to the latest version of PonyOS.
Source

Exploit-DB raw data:

# Exploit Title: PonyOS <= 3.0 ELF loader privilege escalation
# Google Dork: [if applicable]
# Date: 29th May 2015
# Exploit Author: Hacker Fantastic
# Vendor Homepage: www.ponyos.org
# Software Link: [download link if available]
# Version: 3.0
# Tested on: 3.0
# CVE : N/A

Source: https://github.com/mdsecresearch/Publications/blob/master/exploits/rainbowdash.tgz?raw=true
Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/37168.tgz

Blog post for more detail: http://blog.mdsec.co.uk/2015/05/my-lulzy-pwniez-abusing-kernel-elf.html

Navigation

Suggest Exploit

Services By CQR