View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001390 | Kali Linux | General Bug | public | 2014-06-06 22:57 | 2018-01-29 11:36 |
Reporter | themsonmester | Assigned To | g0tmi1k | ||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | suspended | ||
Product Version | 1.0.7 | ||||
Summary | 0001390: Privilege escalation in KeepNote interprocess command socket | ||||
Description | The local command socket used by KeepNote can be bound by any user, and contains an improperly implemented authentication mechanism. This may be leveraged to inject arbitrary code into other user's sessions and elevate privileges. Full description of issue: http://0xthem.blogspot.com/2014/05/late-night-privilege-escalation-keepup.html I have contact the developer and he is currently working on a patch. Mitigation suggestions are provided in the above link. | ||||
Steps To Reproduce | POC available at https://github.com/themson/keepUP/blob/master/keepUP.py | ||||
Due to the age of the OS (Kali Moto [v1], Kali Safi [v2], Kali Rolling 2016.x), these legacy versions are no longer supported. Please could you see if you are able to replicate this issue with the latest version of Kali Linux - https://www.kali.org/downloads/)? If you are still facing the same problem, feel free to re-open the ticket. If you choose to do this, could you provide more information to the issue you are facing,and also give information about your setup? |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2014-06-06 22:57 | themsonmester | New Issue | |
2014-06-07 17:19 | muts | Severity | major => minor |
2014-06-29 19:52 |
|
Issue cloned: 0001483 | |
2018-01-29 11:36 | g0tmi1k | Assigned To | => g0tmi1k |
2018-01-29 11:36 | g0tmi1k | Status | new => closed |
2018-01-29 11:36 | g0tmi1k | Resolution | open => suspended |
2018-01-29 11:36 | g0tmi1k | Note Added: 0007998 |