Search the Community
Showing results for tags 'xscreensaver'.
-
Exploits Solaris xscreensaver Privilege Escalation
1337day-Exploits posted a topic in Updated Exploits
This Metasploit module exploits a vulnerability in xscreensaver versions since 5.06 on unpatched Solaris 11 systems which allows users to gain root privileges. xscreensaver allows users to create a user-owned file at any location on the filesystem using the -log command line argument introduced in version 5.06. This module uses xscreensaver to create a log file in /usr/lib/secure/, overwrites the log file with a shared object, and executes the shared object using the LD_PRELOAD environment variable. This module has been tested successfully on xscreensaver version 5.15 on Solaris 11.1 (x86) and xscreensaver version 5.15 on Solaris 11.3 (x86). View the full article-
- solaris
- xscreensaver
-
(and 2 more)
Tagged with: