ifcf-<whatever> script to /etc/sysconfig/network-scripts

If, for whatever reason, a user is able to write an ifcf- script to /etc/sysconfig/network-scripts or it can adjust an existing one, then your system in pwned.

For example:


NAME=Network /bin/id  <= Note the blank space

In my case, the NAME= attributed in these network scripts is not handled correctly. If you have white/blank space in 
the name the system tries to execute the part after the white/blank space. Which means; everything after the first 
blank space is executed as root.

you can just run the script with sudo and do something like "Network bash" to get root.

Last updated