BSD ‘lpr’ 0.54 -4 – Arbitrary Command Execution
漏洞ID | 1053470 | 漏洞类型 | |
发布时间 | 2000-10-20 | 更新时间 | 2000-10-20 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Linux | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/1834/info
lpr is a set of printing tools for unix systems. The lpr package that ships with RedHat Linux 6.2 (and possibly earlier versions) contains a vulnerability that will allow an attacker to execute arbitrary commands with the privileges of group 'lp'.
The vulnerability is not in one of the binary executables, rather in one of the print filters supplied with the lpr package. It is in the processing of troff files, their conversion into postscript files for printing on a postscript printer.
When the processing occurs, certain commands embedded in the troff file being processed can be executed -- with the privileges of the setgid lpr. This is the result of formatting programs being executed by the print filter in an unsafe manner.
Compromise of group lp access may lead to further compromise as the lpr configuration files are writeable to members of group lp. If lpr configuration files are modified, arbitrary commands can be run as any user other than root. This will most certainly eventually lead to root access for the attacker (a excellent example of this is in the zenith parsec's bugtraq post in the reference section).
[zen@continuity /tmp]$ cat asdf
PS
sh D/usr/bin/id>/tmp/yougetanyideasyetD
.PF
[zen@continuity /tmp]$ lpr asdf
[zen@continuity /tmp]$ cat /tmp/yougetanyideasyet
uid=500(zen) gid=500(zen) groups=7(lp)
相关推荐: Netscape FastTrack Server GET Buffer Overflow Vulnerability
Netscape FastTrack Server GET Buffer Overflow Vulnerability 漏洞ID 1104457 漏洞类型 Boundary Condition Error 发布时间 1999-12-31 更新时间 1999-1…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666