środa, 2 sierpnia 2017

CVE-2013-1048 quick autopsy

When I was looking for some hints related to "priviledge escalation bugs" I found (on vuldb.com) short description about Apache2 and symlinks. Below few details...

( TL;DR )

As we can see on the screen below:


bug seems to be simple to exploit.

Assuming scenario like: sql injection found in webapp and you already have a shell (www-data)
if Apache2 is installed and the box is an old Ubuntu - you can use it to obtain more priviledges.

When I was reading about the bug I also found this information:


I couldn't find a way to create working symlink... First of all I though maybe it was something with the kernel version... and that's how I found that list:


After a while I realized that (starting from) Ubuntu12 is patched. The idea was to set back (to 0 for our testing purposes) this one setting:


Now it should be possible to change permission of /root:





Looks like it's done. ;]

More details you will find here.

Cheers

Brak komentarzy:

Prześlij komentarz