Metasploit modules that can be used to exploit Redhat » Automatic Bug Reporting Tool
-
ABRT sosreport Privilege Escalation
Disclosure Date: 2015-11-23First seen: 2020-04-26exploit/linux/local/abrt_sosreport_priv_escThis module attempts to gain root privileges on RHEL systems with a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured as the crash handler. `sosreport` uses an insecure temporary directory, allowing local users to write to arbitrary files (CVE-2015-5287). This module uses a symlink attack on `/var/tmp/abrt/cc-*$pid/` to overwrite the `modprobe` path in `/proc/sys/kernel/modprobe`, resulting in root privileges. Waiting for `sosreport` could take a few minutes. This module has been tested successfully on: abrt 2.1.11-12.el7 on RHEL 7.0 x86_64; and abrt 2.1.11-19.el7 on RHEL 7.1 x86_64. Authors: - rebel - bcoles <bcoles@gmail.com> -
ABRT raceabrt Privilege Escalation
Disclosure Date: 2015-04-14First seen: 2020-04-26exploit/linux/local/abrt_raceabrt_priv_escThis module attempts to gain root privileges on Linux systems with a vulnerable version of Automatic Bug Reporting Tool (ABRT) configured as the crash handler. A race condition allows local users to change ownership of arbitrary files (CVE-2015-3315). This module uses a symlink attack on `/var/tmp/abrt/*/maps` to change the ownership of `/etc/passwd`, then adds a new user with UID=0 GID=0 to gain root privileges. Winning the race could take a few minutes. This module has been tested successfully on: abrt 2.1.11-12.el7 on RHEL 7.0 x86_64; abrt 2.1.5-1.fc19 on Fedora Desktop 19 x86_64; abrt 2.2.1-1.fc19 on Fedora Desktop 19 x86_64; abrt 2.2.2-2.fc20 on Fedora Desktop 20 x86_64; abrt 2.3.0-3.fc21 on Fedora Desktop 21 x86_64. Authors: - Tavis Ormandy - bcoles <bcoles@gmail.com>
2 metasploit modules found
Please note: Metasploit modules are only matched by CVE numbers.
Visit metasploit web site for more details