cve/CVE-2005-4890.md at 7818c5651982aa78500b326433f643b6a96ab8c1

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-06 02:31:38 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

POC

Reference

http://www.openwall.com/lists/oss-security/2014/10/20/9
http://www.openwall.com/lists/oss-security/2014/10/21/1

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/RouzanXploitSec47/sudo
https://github.com/agnostic-apollo/sudo
https://github.com/fokypoky/places-list
https://github.com/hartwork/antijack

1.2 KiB Raw Blame History

CVE-2005-4890

Description

POC

Reference

Github

1.2 KiB

Raw Blame History