Full title: Micro Focus (HPE) Data Protector SUID Privilege Escalation Exploit 
Category: local exploits
Platform: linux
This Metasploit module exploits the trusted $PATH environment variable of the SUID binary omniresolve in Micro Focus (HPE) Data Protector versions A.10.40 and below. The omniresolve executable calls the oracleasm binary using a relative path and the trusted environment $PATH, which allows an attacker to execute a custom binary with root privileges.

# 0day.today @ http://0day.today/