G. Wilford man 2.3.10 – Symlink

G. Wilford man 2.3.10 – Symlink

漏洞ID 1105467 漏洞类型
发布时间 1999-06-02 更新时间 1999-06-02
图片[1]-G. Wilford man 2.3.10 – Symlink-安全小百科CVE编号 CVE-1999-0730
图片[2]-G. Wilford man 2.3.10 – Symlink-安全小百科CNNVD-ID N/A
漏洞平台 Linux CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/19243
|漏洞详情
The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.
|漏洞EXP
source: http://www.securityfocus.com/bid/305/info

The man command created a temporary file under /tmp with a predictable name and is willing to follow symbolic links. This may allow malicious local users to create arbitrarily named files.

zsoelim(1) is a utility part of the man package which prepocess man pages and satisfy .so requests in roff input. This utility may be called when running the man(1) command. It creates temporary filenames are of the form "/tmp/zman0<pid>aaa" where <pid> is the process id of the zsoelim process. The program fails to check for the existance of symlinks and follows them creating arbitrary files with the permissions of the user running man. 

perl -e 'for($i=1000;$i<5000;$i++){symlink "/etc/nologin", "/tmp/zman0${i}aaa";}'

相关推荐: Qmail服务拒绝漏洞

Qmail服务拒绝漏洞 漏洞ID 1207520 漏洞类型 未知 发布时间 1997-07-01 更新时间 1997-07-01 CVE编号 CVE-1999-0250 CNNVD-ID CNNVD-199707-004 漏洞平台 N/A CVSS评分 10.…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享