CVE-2005-3533
published 2005-12-11CVE-2005-3533: Buffer overflow in OSH before 1.7-15 allows local users to execute arbitrary code via a long current working directory and filename.
PriorityP426high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.15%
62.8th percentile
Buffer overflow in OSH before 1.7-15 allows local users to execute arbitrary code via a long current working directory and filename.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| osh | osh | <= 1.7.14 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Operator Shell (osh) 1.7-13 - Local Privilege Escalation
exploitdb·2005-08-16
CVE-2005-3533 Operator Shell (osh) 1.7-13 - Local Privilege Escalation
Operator Shell (osh) 1.7-13 - Local Privilege Escalation
---
# You must be group(operator) for permissions /str0ke
#!/usr/bin/perl
#######################################################################
#
# OSH 1.7 Exploit #2 (Gonna bang away at this until it's removed ;-)
#
# EDUCATIONAL purposes only.... :-)
#
# by Charles Stevenson (core)
#
# Description:
# The Operator Shell (Osh) is a setuid root, security enhanced, restricted
# shell. It allows the administrator to carefully limit the access of special
# commands and files to the users whose duties require their use, while
# at the same time automatically maintaining audit records. The configuration
# file for Osh contains an administrator defined access profile for each
# authorized user or group.
#
# Problem (discovered by Solar
Exploit-DB
Operator Shell (osh) 1.7-12 - Local Privilege Escalation
exploitdb·2005-02-05
CVE-2005-3533 Operator Shell (osh) 1.7-12 - Local Privilege Escalation
Operator Shell (osh) 1.7-12 - Local Privilege Escalation
---
#!/usr/bin/perl
# Tested and working uid=50(str0ke) gid=100(users) euid=0(root) groups=100(users)
# /str0ke
#######################################################################
#
# OSH 1.7 Exploit
#
# EDUCATIONAL purposes only.... :-)
#
# by Charles Stevenson (core)
#
# Description:
# The Operator Shell (Osh) is a setuid root, security enhanced, restricted
# shell. It allows the administrator to carefully limit the access of special
# commands and files to the users whose duties require their use, while
# at the same time automatically maintaining audit records. The configuration
# file for Osh contains an administrator defined access profile for each
# authorized user or group.
#
# Problem:
# The patch for the overflows pub
No writeups or analysis indexed.
http://secunia.com/advisories/17967http://www.debian.org/security/2005/dsa-918http://www.osvdb.org/21576http://www.securityfocus.com/bid/12455http://www.vupen.com/english/advisories/2005/2812http://secunia.com/advisories/17967http://www.debian.org/security/2005/dsa-918http://www.osvdb.org/21576http://www.securityfocus.com/bid/12455http://www.vupen.com/english/advisories/2005/2812
2005-12-11
Published