Setuid Nmap Exploit

newsbot

newsbot

RSS Feed
Nmap's man page mentions that "Nmap should never be installed with special privileges (e.g. suid root) for security reasons.." and specifically avoids making any of its binaries setuid during installation. Nevertheless, administrators sometimes feel the need to do insecure things. This Metasploit module abuses a setuid nmap binary by writing out a lua nse script containing a call to os.execute(). Note that modern interpreters will refuse to run scripts on the command line when EUID != UID, so the cmd/unix/reverse_{perl,ruby} payloads will most likely not work.

Weiterlesen...
 

Ähnliche Themen

Nmap Port Scanner 6.25

Samba 4 Gast Zugang unter Ubuntu funktioniert nicht

Splunk 5.0 Custom App Remote Code Execution

Nmap Port Scanner 6.01

Red Hat Security Advisory 2012-1505-01

Zurück
Oben