 |
|
|
|
|
 |
 |
|
 |
wuftpd glob ~{ exploit v1.98
Vulnerability exploited: CVE-2001-0550 - BID-3581
Category: Exploits/Remote
This module exploits a combination of bugs present in the implementation and use of the ftpglob() function, specifically in the handling of unbalanced '{' characters.
After successful exploitation a level0 agent will be deployed. This level0 agent will inherit the user identity and capabilities of the abused service, usually those of the user used to login to the FTP server (for example, ftp). However, the UID (as opposite to the EUID) of the level0 agent will be that of the super user in most cases (usually 0), and it can be changed by using the setuid module (see "setuid").When an anonymous user is used, or if the server is configured to do this for other users, the deployed level0 agent will be running inside a chroot jail. This situation does not prevent the use of the level0, and after setting the EUID to that of the super user, the chroot breaker module (see "chroot breaker") can be used to escape the chroot jail.
Supported Systems:
Debian Linux 2.2 (i386)
Debian Linux 3 (i386)
RedHat Linux 6.1 (i386)
RedHat Linux 6.2 (i386)
RedHat Linux 7 (i386)
RedHat Linux 7.1 (i386)
RedHat Linux 7.2 (i386)
SuSE Linux 7 (i386)
SuSE Linux 7.1 (i386)
SuSE Linux 7.2 (i386)
SuSE Linux 7.3 (i386)
Mandrake Linux 8.1 (i386)
Debian Linux 2.2 (i386)
Debian Linux 3.0 (i386)
RedHat Linux 5.0 (i386)
RedHat Linux 5.1 (i386)
RedHat Linux 5.2 (i386)
RedHat Linux 6.0 (i386)
RedHat Linux 6.1 (i386)
RedHat Linux 6.2 (i386)
RedHat Linux 7.0 (i386)
RedHat Linux 7.1 (i386)
RedHat Linux 7.2 (i386)
SuSE Linux 6.0 (i386)
SuSE Linux 6.1 (i386)
SuSE Linux 6.2 (i386)
SuSE Linux 7.0 (i386)
SuSE Linux 7.1 (i386)
SuSE Linux 7.2 (i386)
SuSE Linux 7.3 (i386)
Slackware Linux 4.0 (i386)
Slackware Linux 7.0 (i386)
Slackware Linux 7.1 (i386)
Slackware Linux 8.0 (i386)
Slackware Linux 8.1 (i386)
Immunix Linux 6.2 (i386)
Immunix Linux 7.0 (i386)
Conectiva Linux 5.1 (i386)
Conectiva Linux 6.0 (i386)
Conectiva Linux 7.0 (i386)
Mandrake Linux 6.0 (i386)
Mandrake Linux 7.1 (i386)
Mandrake Linux 7.2 (i386)
Mandrake Linux 8.1 (i386)
Caldera OpenLinux 2.3 (i386)
This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.
|
|
|
|
 |
|
 |
 |
|
 | |
