CVE-2017-6516
published 2017-03-14CVE-2017-6516: A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated…
PriorityP338medium6.7CVSS 3.0
AVLACLPRHUINSUCHIHAH
EXPLOIT
EPSS
5.29%
91.6th percentile
A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo before 10-H64 for Linux and UNIX platforms could allow a local attacker to gain elevated privileges. Parts of SysInfo require setuid-to-root access in order to access restricted system files and make restricted kernel calls. This access could be exploited by a local attacker to gain a root shell prompt using the right combination of environment variables and command line arguments.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| magnicomp | sysinfo | <= 10-h62 | — |
CVSS provenance
nvdv3.06.7MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
MagniComp SysInfo - mcsiwrapper Privilege Escalation (Metasploit)
exploitdb·2018-02-20
CVE-2017-6516 MagniComp SysInfo - mcsiwrapper Privilege Escalation (Metasploit)
MagniComp SysInfo - mcsiwrapper Privilege Escalation (Metasploit)
---
##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule 'MagniComp SysInfo mcsiwrapper Privilege Escalation',
'Description' => %q{
This module attempts to gain root privileges on systems running
MagniComp SysInfo versions prior to 10-H64.
The .mcsiwrapper suid executable allows loading a config file using the
'--configfile' argument. The 'ExecPath' config directive is used to set
the executable load path. This module abuses this functionality to set
the load path resulting in execution of arbitrary code as root.
This module has been tested successfully with SysInfo version
10-H63 on Fedora 20 x86_64, 10-H32 on Fe
Metasploit
MagniComp SysInfo mcsiwrapper Privilege Escalation
metasploit
MagniComp SysInfo mcsiwrapper Privilege Escalation
MagniComp SysInfo mcsiwrapper Privilege Escalation
This module attempts to gain root privileges on systems running MagniComp SysInfo versions prior to 10-H64. The .mcsiwrapper suid executable allows loading a config file using the '--configfile' argument. The 'ExecPath' config directive is used to set the executable load path. This module abuses this functionality to set the load path resulting in execution of arbitrary code as root. This module has been tested successfully with SysInfo version 10-H63 on Fedora 20 x86_64, 10-H32 on Fedora 27 x86_64, 10-H10 on Debian 8 x86_64, and 10-GA on Solaris 10u11 x86.
No writeups or analysis indexed.
http://www.magnicomp.com/support/cve/CVE-2017-6516.shtmlhttp://www.securityfocus.com/bid/96934https://labs.mwrinfosecurity.com/advisories/magnicomps-sysinfo-root-setuid-local-privilege-escalation-vulnerability/https://labs.mwrinfosecurity.com/advisories/multiple-vulnerabilities-in-magnicomps-sysinfo-root-setuid/https://www.exploit-db.com/exploits/44150/http://www.magnicomp.com/support/cve/CVE-2017-6516.shtmlhttp://www.securityfocus.com/bid/96934https://labs.mwrinfosecurity.com/advisories/magnicomps-sysinfo-root-setuid-local-privilege-escalation-vulnerability/https://labs.mwrinfosecurity.com/advisories/multiple-vulnerabilities-in-magnicomps-sysinfo-root-setuid/https://www.exploit-db.com/exploits/44150/
2017-03-14
Published