发布于3月6日3月6日 Members Rocket Software Unidata udadmin_server Authentication Bypass Disclosed 03/30/2023 Created 04/12/2023 Description This module exploits an authentication bypass vulnerability in the Linux version of udadmin_server, which is an RPC service that comes with the Rocket Software UniData server. This affects versions of UniData prior to 8.2.4 build 3003. This service typically runs as root. It accepts a username of ":local:" and a password in the form of "::", where username and uid must be a valid account, but gid can be anything except 0. This exploit takes advantage of this login account to authenticate as a chosen user and run an arbitrary command (using the built-in OsCommand message). Author(s) Ron Bowes Platform Linux,Unix Architectures x86, x64, cmd Development Source Code History
