CVE-2013-4984
published 2013-09-10CVE-2013-4984: The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain…
PriorityP344high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
8.13%
94.1th percentile
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
Affected
76 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sophos | web_appliance | <= 3.7.9 | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
| sophos | web_appliance | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Sophos Web Protection Appliance - clear_keys.pl Privilege Escalation (Metasploit)
exploitdb·2013-09-17
CVE-2013-4984 Sophos Web Protection Appliance - clear_keys.pl Privilege Escalation (Metasploit)
Sophos Web Protection Appliance - clear_keys.pl Privilege Escalation (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
require 'msf/core/post/file'
require 'msf/core/post/linux/priv'
require 'msf/core/exploit/exe'
class Metasploit4 'Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation',
'Description' => %q{
This module abuses a command injection on the clear_keys.pl perl script, installed with the
Sophos Web Protection Appliance, to escalate privileges from the "spiderman" user to "root".
This module is
Exploit-DB
Sophos Web Protection Appliance - Multiple Vulnerabilities
exploitdb·2013-09-09·CVSS 10.0
CVE-2013-4984 [CRITICAL] Sophos Web Protection Appliance - Multiple Vulnerabilities
Sophos Web Protection Appliance - Multiple Vulnerabilities
---
Core Security - Corelabs Advisory
http://corelabs.coresecurity.com/
Sophos Web Protection Appliance Multiple Vulnerabilities
1. *Advisory Information*
Title: Sophos Web Protection Appliance Multiple Vulnerabilities
Advisory ID: CORE-2013-0809
Advisory URL:
http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilities
Date published: 2013-09-06
Date of last update: 2013-09-06
Vendors contacted: Sophos
Release mode: Coordinated release
2. *Vulnerability Information*
Class: OS command injection [CWE-78], OS command injection [CWE-78]
Impact: Code execution, Security bypass
Remotely Exploitable: Yes
Locally Exploitable: No
CVE Name: CVE-2013-4983, CVE-2013-4984
3. *Vulnerability Descript
Metasploit
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
metasploit
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
Sophos Web Protection Appliance clear_keys.pl Local Privilege Escalation
This module abuses a command injection on the clear_keys.pl perl script, installed with the Sophos Web Protection Appliance, to escalate privileges from the "spiderman" user to "root". This module is useful for post exploitation of vulnerabilities on the Sophos Web Protection Appliance web ui, executed by the "spiderman" user. This module has been tested successfully on Sophos Virtual Web Appliance 3.7.0.
No writeups or analysis indexed.
http://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilitieshttp://www.sophos.com/en-us/support/knowledgebase/119773.aspxhttp://www.coresecurity.com/advisories/sophos-web-protection-appliance-multiple-vulnerabilitieshttp://www.sophos.com/en-us/support/knowledgebase/119773.aspx
2013-09-10
Published