module
lastore-daemon D-Bus Privilege Escalation
| Disclosed | Created |
|---|---|
| Feb 2, 2016 | Jun 14, 2018 |
Disclosed
Feb 2, 2016
Created
Jun 14, 2018
Description
This module attempts to gain root privileges on Deepin Linux systems
by using lastore-daemon to install a package.
The lastore-daemon D-Bus configuration on Deepin Linux permits any
user in the sudo group to install arbitrary system packages without
providing a password, resulting in code execution as root. By default,
the first user created on the system is a member of the sudo group.
This module has been tested successfully with lastore-daemon versions
0.9.53-1 on Deepin Linux 15.5 (x64); and
0.9.66-1 on Deepin Linux 15.7 (x64).
by using lastore-daemon to install a package.
The lastore-daemon D-Bus configuration on Deepin Linux permits any
user in the sudo group to install arbitrary system packages without
providing a password, resulting in code execution as root. By default,
the first user created on the system is a member of the sudo group.
This module has been tested successfully with lastore-daemon versions
0.9.53-1 on Deepin Linux 15.5 (x64); and
0.9.66-1 on Deepin Linux 15.7 (x64).
Authors
King's Way
bcoles [email protected]
bcoles [email protected]
Platform
Linux
Architectures
x86, x64
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.