packetstormsecurity.com
Open in
urlscan Pro
198.84.60.198
Public Scan
Submitted URL: http://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html
Effective URL: https://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html
Submission: On November 27 via api from HU — Scanned from DE
Effective URL: https://packetstormsecurity.com/files/140262/OpenSSH-Local-Privilege-Escalation.html
Submission: On November 27 via api from HU — Scanned from DE
Form analysis 2 forms found in the DOM
GET /search/
<form method="get" action="/search/"><input type="text" name="q" id="q" maxlength="120" value="Search …"><button type="submit"></button>
<div id="q-tabs"><label for="s-files" class="on">Files</label><label for="s-news">News</label><label for="s-users">Users</label><label for="s-authors">Authors</label><input type="radio" value="files" name="s" id="s-files"><input type="radio"
value="news" name="s" id="s-news"><input type="radio" value="users" name="s" id="s-users"><input type="radio" value="authors" name="s" id="s-authors"></div>
</form>GET /files/cal/
<form id="cal" action="/files/cal/" method="get">
<h2>File Archive:</h2>
<h3>November 2024</h3>
<button id="cal-prev" name="cal-prev" type="button" value="2024-11"><span><</span></button>
<ul class="dotw">
<li>Su</li>
<li>Mo</li>
<li>Tu</li>
<li>We</li>
<li>Th</li>
<li>Fr</li>
<li>Sa</li>
</ul>
<ul>
<li></li>
<li></li>
<li></li>
<li></li>
<li></li>
<li class="med"><a href="/files/date/2024-11-01/">1</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 1st</div>
<div class="count">30 Files</div>
</div>
</li>
<li class="none"><a href="/files/date/2024-11-02/">2</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 2nd</div>
<div class="count">0 Files</div>
</div>
</li>
</ul>
<ul>
<li class="none"><a href="/files/date/2024-11-03/">3</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 3rd</div>
<div class="count">0 Files</div>
</div>
</li>
<li class="low"><a href="/files/date/2024-11-04/">4</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 4th</div>
<div class="count">12 Files</div>
</div>
</li>
<li class="med"><a href="/files/date/2024-11-05/">5</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 5th</div>
<div class="count">44 Files</div>
</div>
</li>
<li class="med"><a href="/files/date/2024-11-06/">6</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 6th</div>
<div class="count">18 Files</div>
</div>
</li>
<li class="low"><a href="/files/date/2024-11-07/">7</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 7th</div>
<div class="count">9 Files</div>
</div>
</li>
<li class="low"><a href="/files/date/2024-11-08/">8</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 8th</div>
<div class="count">8 Files</div>
</div>
</li>
<li class="low"><a href="/files/date/2024-11-09/">9</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 9th</div>
<div class="count">3 Files</div>
</div>
</li>
</ul>
<ul>
<li class="none"><a href="/files/date/2024-11-10/">10</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 10th</div>
<div class="count">0 Files</div>
</div>
</li>
<li class="low"><a href="/files/date/2024-11-11/">11</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 11th</div>
<div class="count">14 Files</div>
</div>
</li>
<li class="med"><a href="/files/date/2024-11-12/">12</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 12th</div>
<div class="count">20 Files</div>
</div>
</li>
<li class="high"><a href="/files/date/2024-11-13/">13</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 13th</div>
<div class="count">63 Files</div>
</div>
</li>
<li class="med"><a href="/files/date/2024-11-14/">14</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 14th</div>
<div class="count">18 Files</div>
</div>
</li>
<li class="low"><a href="/files/date/2024-11-15/">15</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 15th</div>
<div class="count">8 Files</div>
</div>
</li>
<li class="none"><a href="/files/date/2024-11-16/">16</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 16th</div>
<div class="count">0 Files</div>
</div>
</li>
</ul>
<ul>
<li class="none"><a href="/files/date/2024-11-17/">17</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 17th</div>
<div class="count">0 Files</div>
</div>
</li>
<li class="med"><a href="/files/date/2024-11-18/">18</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 18th</div>
<div class="count">18 Files</div>
</div>
</li>
<li class="low"><a href="/files/date/2024-11-19/">19</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 19th</div>
<div class="count">7 Files</div>
</div>
</li>
<li class="low"><a href="/files/date/2024-11-20/">20</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 20th</div>
<div class="count">13 Files</div>
</div>
</li>
<li class="low"><a href="/files/date/2024-11-21/">21</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 21st</div>
<div class="count">6 Files</div>
</div>
</li>
<li class="med"><a href="/files/date/2024-11-22/">22</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 22nd</div>
<div class="count">48 Files</div>
</div>
</li>
<li class="none"><a href="/files/date/2024-11-23/">23</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 23rd</div>
<div class="count">0 Files</div>
</div>
</li>
</ul>
<ul>
<li class="none"><a href="/files/date/2024-11-24/">24</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 24th</div>
<div class="count">0 Files</div>
</div>
</li>
<li class="high"><a href="/files/date/2024-11-25/">25</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 25th</div>
<div class="count">60 Files</div>
</div>
</li>
<li class="none"><a href="/files/date/2024-11-26/">26</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 26th</div>
<div class="count">0 Files</div>
</div>
</li>
<li class="none today"><a href="/files/date/2024-11-27/">27</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 27th</div>
<div class="count">0 Files</div>
</div>
</li>
<li class="none"><a href="/files/date/2024-11-28/">28</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 28th</div>
<div class="count">0 Files</div>
</div>
</li>
<li class="none"><a href="/files/date/2024-11-29/">29</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 29th</div>
<div class="count">0 Files</div>
</div>
</li>
<li class="none"><a href="/files/date/2024-11-30/">30</a>
<div class="stats">
<div class="point"></div>
<div class="date">Nov 30th</div>
<div class="count">0 Files</div>
</div>
</li>
</ul>
</form>Text Content
exploit the possibilities Register | Login FilesNewsUsersAuthors Home Files News &[SERVICES_TAB]About Contact Add New OPENSSH LOCAL PRIVILEGE ESCALATION OpenSSH Local Privilege Escalation Posted Dec 23, 2016 Authored by Jann Horn, Google Security Research OpenSSH can forward TCP sockets and UNIX domain sockets. If privilege separation is disabled, then on the server side, the forwarding is handled by a child of sshd that has root privileges. For TCP server sockets, sshd explicitly checks whether an attempt is made to bind to a low port (below IPPORT_RESERVED) and, if so, requires the client to authenticate as root. However, for UNIX domain sockets, no such security measures are implemented. This means that, using "ssh -L", an attacker who is permitted to log in as a normal user over SSH can effectively connect to non-abstract unix domain sockets with root privileges. On systems that run systemd, this can for example be exploited by asking systemd to add an LD_PRELOAD environment variable for all following daemon launches and then asking it to restart cron or so. The attached exploit demonstrates this - if it is executed on a system with systemd where the user is allowed to ssh to his own account and where privsep is disabled, it yields a root shell. tags | exploit, shell, root, tcp systems | unix advisories | CVE-2016-10010 SHA-256 | e76185809315ccb4de20af9908f94cf1d0c88a604c2850502c670e5b10961415 Download | Favorite | View Related Files SHARE THIS * * * LinkedIn * Reddit * Digg * StumbleUpon Login or Register to add favorites * Follow us on Twitter * Follow us on Facebook * Subscribe to an RSS Feed FILE ARCHIVE: NOVEMBER 2024 < * Su * Mo * Tu * We * Th * Fr * Sa * * * * * * 1 Nov 1st 30 Files * 2 Nov 2nd 0 Files * 3 Nov 3rd 0 Files * 4 Nov 4th 12 Files * 5 Nov 5th 44 Files * 6 Nov 6th 18 Files * 7 Nov 7th 9 Files * 8 Nov 8th 8 Files * 9 Nov 9th 3 Files * 10 Nov 10th 0 Files * 11 Nov 11th 14 Files * 12 Nov 12th 20 Files * 13 Nov 13th 63 Files * 14 Nov 14th 18 Files * 15 Nov 15th 8 Files * 16 Nov 16th 0 Files * 17 Nov 17th 0 Files * 18 Nov 18th 18 Files * 19 Nov 19th 7 Files * 20 Nov 20th 13 Files * 21 Nov 21st 6 Files * 22 Nov 22nd 48 Files * 23 Nov 23rd 0 Files * 24 Nov 24th 0 Files * 25 Nov 25th 60 Files * 26 Nov 26th 0 Files * 27 Nov 27th 0 Files * 28 Nov 28th 0 Files * 29 Nov 29th 0 Files * 30 Nov 30th 0 Files TOP AUTHORS IN LAST 30 DAYS * Red Hat 294 files * Ubuntu 64 files * Debian 24 files * Apple 14 files * LiquidWorm 12 files * Gentoo 8 files * Google Security Research 4 files * Andrey Stoykov 3 files * Jann Horn 3 files * Alter Prime 3 files FILE TAGS * ActiveX (933) * Advisory (87,711) * Arbitrary (17,209) * BBS (2,859) * Bypass (1,937) * CGI (1,051) * Code Execution (8,007) * Conference (693) * Cracker (845) * CSRF (3,440) * DoS (25,539) * Encryption (2,398) * Exploit (54,510) * File Inclusion (4,281) * File Upload (1,029) * Firewall (822) * Info Disclosure (2,942) * Intrusion Detection (925) * Java (3,166) * JavaScript (913) * Kernel (7,385) * Local (14,903) * Magazine (587) * Overflow (13,298) * Perl (1,439) * PHP (5,337) * Proof of Concept (2,425) * Protocol (3,761) * Python (1,695) * Remote (32,010) * Root (3,681) * Rootkit (532) * Ruby (647) * Scanner (1,664) * Security Tool (8,077) * Shell (3,335) * Shellcode (1,219) * Sniffer (906) * Spoof (2,322) * SQL Injection (16,754) * TCP (2,465) * Trojan (690) * UDP (921) * Virus (675) * Vulnerability (33,324) * Web (10,197) * Whitepaper (3,786) * x86 (973) * XSS (18,359) * Other FILE ARCHIVES * November 2024 * October 2024 * September 2024 * August 2024 * July 2024 * June 2024 * May 2024 * April 2024 * March 2024 * February 2024 * January 2024 * December 2023 * Older SYSTEMS * AIX (430) * Apple (2,132) * BSD (378) * CentOS (61) * Cisco (1,954) * Debian (7,171) * Fedora (1,693) * FreeBSD (1,247) * Gentoo (4,607) * HPUX (881) * iOS (395) * iPhone (108) * IRIX (220) * Juniper (71) * Linux (52,070) * Mac OS X (696) * Mandriva (3,105) * NetBSD (256) * OpenBSD (490) * RedHat (17,426) * Slackware (941) * Solaris (1,615) * SUSE (1,444) * Ubuntu (10,010) * UNIX (9,482) * UnixWare (188) * Windows (6,785) * Other © 2024 Packet Storm. All rights reserved. Site Links News by Month News Tags Files by Month File Tags File Directory About Us History & Purpose Contact Information Terms of Service Privacy Statement Copyright Information Services Security Services Hosting By Rokasec * Follow us on Twitter * Follow us on Facebook * Subscribe to an RSS Feed