WANem v2.3 multiple vulnerabilities
WANem v2.3 allows unauthenticated remote attackers to gain root access.
Software Link: http://wanem.sourceforge.net/
Vendor Notification: 2012-08-16 - Notified
# 0x00 # Privilege Escalataion
The 'dosu' binary file is setuid 'root'. It executes arbitrary commands supplied in argument 1.
The following proof of concept is available:
# 0x01 # Arbitrary Command Execution
It is possible to execute arbitrary commands remotely as the 'www-data' user by injecting commands into the 'pc' parameter of '/var/www/WANem/result.php'
Combining this issue with the privilege escalation vulnerability allows unauthorized remote root access.
The following proof of concept is available:
wanem-2.3-remote-root.py exploit
# 0x02 # Cross-Site Scripting (XSS)
The following proof of concept is avilable: