Skip to content

TheeBlind/CVE-2018-18387

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

CVE-2018-18387

playSMS < = 1.4.2 - Privilege escalation

TMHC TEAM found a vulnerability that lead to a priviledge escalation through playSMS/web/init.php that can lead to a complete system compromise.

The attacker need to get access on the box where playSMS is installed and be able to edit playSMS related files, and the daemon must be run as root. In the PHP code, references to a daemon were noticed. Research was conducted on the found daemon. The daemon was located in /usr/local/bin and it had associated files in /etc/init.d/.

This daemon is generally run by root, after being tested with a simple whoami command.

The daemon can't be directly modified, yet there is a while loop that runs every second which contains a include init.php. This file exists in /var/www/html/playsms.

Mitigations: Don't run the daemon as root.

The developers were contacted and a fix was released.

Playsms Contacts:

https://playsms.org

https://github.com/antonraharja/playSMS

About

playSMS < = 1.4.2 - Privilege escalation

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages