Serv-U FTP Server prepareinstallation Privilege Escalation

Posted by deepcore on July 3, 2019 – 3:23 pm

This Metasploit module attempts to gain root privileges on systems running Serv-U FTP Server versions prior to 15.1.7. The Serv-U executable is setuid root, and uses ARGV[0] in a call to system(), without validation, when invoked with the -prepareinstallation flag, resulting in command execution with root privileges. This module has been tested successfully on Serv-U FTP Server version 15.1.6 (x64) on Debian 9.6 (x64).

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Apache Tomcat CGIServlet enableCmdLineArguments Remote Code Execution Centreon 19.04 Remote Code Execution »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Serv-U FTP Server prepareinstallation Privilege Escalation

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL