10
CVSSv2

CVE-2000-0322

Published: 24/04/2000 Updated: 17/09/2016
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.

Affected Products

Vendor Product Versions
RedhatLinux6.2

Exploits

## # $Id: piranha_passwd_execrb 10729 2010-10-18 15:41:13Z jduck $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' ...

Metasploit Modules

RedHat Piranha Virtual Server Package passwd.php3 Arbitrary Command Execution

This module abuses two flaws - a metacharacter injection vulnerability in the HTTP management server of RedHat 6.2 systems running the Piranha LVS cluster service and GUI (rpm packages: piranha and piranha-gui). The vulnerability allows an authenticated attacker to execute arbitrary commands as the Apache user account (nobody) within the /piranha/secure/passwd.php3 script. The package installs with a default user and password of piranha:q which was exploited in the wild.

msf > use exploit/linux/http/piranha_passwd_exec
      msf exploit(piranha_passwd_exec) > show targets
            ...targets...
      msf exploit(piranha_passwd_exec) > set TARGET <target-id>
      msf exploit(piranha_passwd_exec) > show options
            ...show and set options...
      msf exploit(piranha_passwd_exec) > exploit