HP JetAdmin符号链接漏洞

HP JetAdmin符号链接漏洞

漏洞ID 1105370 漏洞类型 其他
发布时间 1998-07-15 更新时间 2005-05-02
图片[1]-HP JetAdmin符号链接漏洞-安全小百科CVE编号 CVE-1999-1433
图片[2]-HP JetAdmin符号链接漏洞-安全小百科CNNVD-ID CNNVD-199807-016
漏洞平台 Linux CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/19124
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199807-016
|漏洞详情
Solaris的HPJetAdminD.01.09中存在漏洞,本地用户借助/tmp/jetadmin.log文件中的符号连接攻击改变任意文件的许可权限。
|漏洞EXP
source: http://www.securityfocus.com/bid/157/info

A vulnerability exists in HP's JetAdmin Rev. D.01.09 software. Due to its failure to check if it is following a symbolic link, it is possible for an attacker to create a link from /tmp/jetadmin.log to anywhere on the filesystem, with permissions for reading and writing by everyone on the system. This can be used to gain root access.

The problem lies in the checking and creation of the log file. The following snippit is from /opt/hpnp/admin/jetadmin.
----
LOG=$TMP/jetadmin.log

if [ ! -f "$LOG" ]
then
touch $LOG
chmod 666 $LOG
fi
----

If the log file does not exist, the jetadmin script will create it, and change its permissions to 666. It does not check if the file is a symbolic link.

ln -sf /.rhosts /tmp/jetadmin.log
|参考资料

来源:BUGTRAQ
名称:19980722Re:JetAdminsoftware
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=90221104526067&w;=2
来源:BUGTRAQ
名称:19980715JetAdminsoftware
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=90221104525988&w;=2
来源:BID
名称:157
链接:http://www.securityfocus.com/bid/157

相关推荐: SmartFTP PWD Command Request Buffer Overflow Vulnerability

SmartFTP PWD Command Request Buffer Overflow Vulnerability 漏洞ID 1100114 漏洞类型 Boundary Condition Error 发布时间 2003-06-09 更新时间 2003-06…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享