mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-01-31 15:53:33 +08:00
46 lines
1.2 KiB
YAML
46 lines
1.2 KiB
YAML
id: linux-automountd-enabled
|
|
|
|
info:
|
|
name: Automountd Service Enabled
|
|
author: songyaeji
|
|
severity: medium
|
|
description: |
|
|
The automountd service, when enabled or running, allowed a local attacker to execute arbitrary commands with root privileges by exploiting automatic mount options. This misconfiguration led to local privilege escalation.
|
|
reference:
|
|
- https://isms.kisa.or.kr
|
|
metadata:
|
|
verified: true
|
|
tags: local,linux,privesc,kisa
|
|
|
|
self-contained: true
|
|
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
whoami
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
if pgrep -x "automountd" > /dev/null; then
|
|
echo "[VULNERABLE] automountd service is running"
|
|
else
|
|
echo "[SAFE] automountd service is not running"
|
|
fi
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: response
|
|
words:
|
|
- "root"
|
|
negative: true
|
|
|
|
- type: word
|
|
part: response
|
|
words:
|
|
- "[VULNERABLE]"
|
|
# digest: 4a0a0047304502203bae281737c0bf4a782527ac4b1f087046778d156478e8942e0f62bc57de275602210080d389c9fdfcdb96b3290985fcbba51ad85076327ed6aabd5af318ba4dc0f0e2:922c64590222798bb761d5b6d8e72950 |