 |
|
|
|
|
 |
 |
|
 |
Solaris LIBSLDAP Local Exploit v1.23
Vulnerability exploited: NOCVE-2003-6152 - BID-2931
Category: Exploits/Local
This module exploits a vulnerability on Solaris 8 libsldap library to install a level 0 agent with root privileges.
Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid. Libsldap contains a buffer overflow vulnerability in it's handling of the 'LDAP_OPTIONS' environment variable.Local attackers can exploit this vulnerability in setuid/setgid programs linked to libsldap to elevate privileges.
Supported Systems:
This module is included in the latest version of CORE IMPACT, the first automated comprehensive penetration testing product for accurately identifying information security risks. Click here to learn more about the product.
|
|
|
|
 |
|
 |
 |
|
 | |
