Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2014-5284 PoC — OSSEC 不安全临时文件创建漏洞

Source
https://github.com/mbadanoiu/CVE-2014-5284
Associated Vulnerability
Title:OSSEC 不安全临时文件创建漏洞 (CVE-2014-5284)
Description:host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root privileges by creating the temporary files before automatic IP blocking is performed.
Description
Bash implementation of CVE-2014-5284
Readme
# CVE-2014-5284
Bash implementation of CVE-2014-5284

Exploit Title: ossec 2.8 Insecure Temporary File Creation Vulnerability Privilege Escalation</br>
Python is nice but doesn't work all the time</br>
Exploit Author: mbadanoiu</br>
</br>
Python Exploit Author: skynet-13</br>
Vendor Homepage: www.ossec.net/</br>
Software Link: https://github.com/ossec/ossec-hids/archive/2.8.1.tar.gz</br>
Version: OSSEC  - 2.8</br>
</br>
Created from Research by</br>
Jeff Petersen</br>
Roka Security LLC</br>
jpetersen@rokasecurity.com</br>
Original info at https://github.com/ossec/ossec-hids/releases/tag/2.8.1</br>
</br>
Kudos To: Radu Voicilas (rvoicilas) for the inotify-tools</br>
https://github.com/rvoicilas/inotify-tools
File Snapshot

 [4.0K]  /data/pocs/e671b6c4149bcf7effe1fc3db28a2e0ac266cb6f
├── [2.4K]  CVE-2014-5284.sh
├── [4.0K]  inotify-tools
├── [3.0K]  ossec_host_deny.py
└── [ 717]  README.md

1 directory, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →