mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-17 16:13:30 +08:00
46 lines
1012 B
YAML
46 lines
1012 B
YAML
id: linux-automountd-enabled
|
|
|
|
info:
|
|
name: Automountd Service Enabled
|
|
author: songyaeji
|
|
severity: medium
|
|
description: |
|
|
The automountd service, when enabled or running, allowed a local attacker to execute arbitrary commands with root privileges by exploiting automatic mount options. This misconfiguration led to local privilege escalation.
|
|
reference:
|
|
- https://isms.kisa.or.kr
|
|
metadata:
|
|
verified: true
|
|
tags: local,linux,privesc,kisa
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
whoami
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
if pgrep -x "automountd" > /dev/null; then
|
|
echo "[VULNERABLE] automountd service is running"
|
|
else
|
|
echo "[SAFE] automountd service is not running"
|
|
fi
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: response
|
|
words:
|
|
- "root"
|
|
negative: true
|
|
|
|
- type: word
|
|
part: response
|
|
words:
|
|
- "[VULNERABLE]"
|