Описание
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2012-10022
- https://github.com/KloxoNGCommunity/kloxo
- https://kloxo.org
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/local/kloxo_lxsuexec.rb
- https://web.archive.org/web/20121122063935/http://roothackers.net/showthread.php?tid=92
- https://www.exploit-db.com/exploits/25406
- https://www.vulncheck.com/advisories/kloxo-local-priv-esc
Связанные уязвимости
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.