Showing 1 - 1 of 1

CVE-2015-5699

Status Candidate

Overview

The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux 2.5.3 and earlier allows local users to execute arbitrary commands via shell metacharacters in a cl-rctl command label.

Related Files

Cumulus Linux 2.5.3 Privilege Escalation: Posted Aug 18, 2015; Authored by Gregory Pickett | Site hellfiresecurity.com; Cumulus Linux's Switch Configuration Tools Backend, clcmd_server, is vulnerable to local privilege escalation via command injection. Cumulus Linux's clcmd_server, when receiving commands that end in user supplied labels, will execute any other command appended to the end of it whether it is in the Rosetta or not. And it will do so using its own running credentials which are root. Versions 2.5.3 and earlier are affected.; tags | exploit, local, root; systems | linux; advisories | CVE-2015-5699; SHA-256 | a1fb04f6cf34bae2b04ccf1d59b164a1842267b7fa3db86f1b9bd93597c10072; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CVE-2015-5699

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems