CVE-2006-6131

Kerio WebSTAR <5.4.2 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6131. PoCs published by Kevin Finisterre.

AI-analyzed exploit summary This exploit targets a vulnerability in Kerio WebSTAR by injecting a malicious dynamic library (libucache.dylib) into the target binary's execution path. The library contains a constructor that spawns a root shell by escalating privileges.

Description

Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kevin Finisterre · perllocalosx

https://www.exploit-db.com/exploits/2788

View Code ZIP pw:eip

This exploit targets a vulnerability in Kerio WebSTAR by injecting a malicious dynamic library (libucache.dylib) into the target binary's execution path. The library contains a constructor that spawns a root shell by escalating privileges.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Kerio WebSTAR 5.4.2

Auth required

Prerequisites: Access to the webstar user or admin group · Ability to write to /tmp · Presence of vulnerable Kerio WebSTAR binaries

MITRE ATT&CK