Juju-run Agent Privilege Escalation

Posted by deepcore on February 12, 2018 – 1:26 pm

This Metasploit module attempts to gain root privileges on Juju agent systems running the juju-run agent utility. Juju agent systems running agent tools prior to version 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3, provide a UNIX domain socket to manage software (“units”) without setting appropriate permissions, allowing unprivileged local users to execute arbitrary commands as root. This Metasploit module has been tested successfully with Juju agent tools versions 1.18.4, 1.25.5 and 1.25.9 on Ubuntu 14.04.1 LTS x86 deployed by Juju 1.18.1-trusty-amd64 and 1.25.6-trusty-amd64 on Ubuntu 14.04.1 LTS x86_64.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« [local] glibc – '$ORIGIN' Expansion Privilege Escalation (Metasploit) SoapUI 5.3.0 Code Execution »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Juju-run Agent Privilege Escalation

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL