This Metasploit module is an exploit that takes advantage of xglance-bin, part of HP's Glance (or Performance Monitoring) version 11 and subsequent, which was compiled with an insecure RPATH option. The RPATH includes a relative path to -L/lib64/ which can be controlled by a user. Creating libraries in this location will result in an escalation of privileges to root.
d8c4bb35d621bfc8cf65e13632145031a44e20cc02cc3e3045d3ba14a00ed48bxglance-bin local root privilege escalation exploit that has been tested on Linux RHEL 7.x/8.x systems.
d27e4f2ed6ba8d5e7e900a787e939d59f6386be68ee424e030c1c37dbe438c85It has been identified that binaries that are executed with elevated privileges (SetGID and SetUID programs) in Compaq/HP's Glance for Linux have been compiled in manner that means they searched for libraries in insecure locations. Versions 11.00 and below are affected.
a66fb0a451a7f6dcc806352c69ac659b9668b544cb151ad815fc0f41f27c3245HP Security Bulletin HPSBMU03086 - A potential security vulnerability has been identified with HP Operations Agent running Glance. The vulnerability could be exploited locally resulting in elevation of privilege. Revision 1 of this advisory.
0cf1cbf3b16ad9fd0a88aa77283dd7c9500a919d5916810876309bc59c44bdde
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed