6.5
CVSSv2

CVE-2019-12181

Published: 17/06/2019 Updated: 18/06/2019
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 656
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Summary

A privilege escalation vulnerability exists in SolarWinds Serv-U prior to 15.1.7 for Linux.

Vulnerability Trend

Exploits

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Post::Linux::Kernel include Msf::Post::Linux::Priv include Msf::Post::Linux::System inclu ...
#!/bin/bash # SUroot - Local root exploit for Serv-U FTP Server versions prior to 1517 (CVE-2019-12181) # Bash variant of Guy Levin's Serv-U FTP Server exploit: # - githubcom/guywhataguy/CVE-2019-12181 # --- # user@debian-9-6-0-x64-xfce:~/Desktop$ /SUroot # [*] Launching Serv-U # sh: 1: : Permission denied # [+] Success: # -rwsr-xr ...
/* CVE-2019-12181 Serv-U 1516 Privilege Escalation vulnerability found by: Guy Levin (@va_start - twittercom/va_start) blogvastartdev to compile and run: gcc servu-pe-cve-2019-12181c -o pe && /pe */ #include <stdioh> #include <unistdh> #include <errnoh> int main() { char *vuln_args[] = { ...

Mailing Lists

Serv-U FTP Server version 1516 suffers from a local privilege escalation vulnerability ...
This Metasploit module attempts to gain root privileges on systems running Serv-U FTP Server versions prior to 1517 The Serv-U executable is setuid root, and uses ARGV[0] in a call to system(), without validation, when invoked with the -prepareinstallation flag, resulting in command execution with root privileges This module has been tested suc ...

Github Repositories

CVE-2019-12181 Serv-U FTP Server PE (CVE-2019-12181)

Serv-U-FTP-Server-1517---Local-Privilege-Escalation Usage: gcc servu-pe-cve-2019-12181c -o pe && /pe

Local Exploits Various local exploits CVE-2019-12181 Local root exploit for Serv-U FTP Server versions prior to 1517 Bash variant of Guy Levin's Serv-U FTP Server exploit (2019-06-13) for CVE-2019-12181 A privilege escalation vulnerability exists in SolarWinds Serv-U before 1517 for Linux CVE-2017-5899 S-nail local root exploit Wrapper for @wapiflapi's s-nail

Localroot Exploit This repository is a place where Localroot has been compiled and tested Linux Kernel Exploit with Compile #CVE  #Description  #Kernels CVE-2019-13272 [Linux 410 < 5117 PTRACE_TRACEME] (Ubuntu 16045, Debian 940, Parrot OS 451, ElementaryOS 041, etc) CVE-2019-12181 [Serv-U FTP Server] (FTP Server versions prior to 1517) CVE-