Debian GNU/Linux 2.1 apcd符号链接漏洞-安全小百科

Debian GNU/Linux 2.1 apcd符号链接漏洞

漏洞ID	1105699	漏洞类型	竞争条件
发布时间	2000-02-01	更新时间	2005-05-02
CVE编号	CVE-2000-0107	CNNVD-ID	CNNVD-200002-001
漏洞平台	Linux	CVSS评分	7.2

|漏洞来源

https://www.exploit-db.com/exploits/19735
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200002-001

|漏洞详情

Linuxapcd程序存在漏洞。本地攻击者可以借助符号链接攻击修改任意文件。

|漏洞EXP

source: http://www.securityfocus.com/bid/958/info

A vulnerability exists in the apcd package, as shipped in Debian GNU/Linux 2.1. By sending the apcd process a SIGUSR1, a file will be created in /tmp called upsstat. This file contains information about the status of the APC device. This file is not opened securely, however, and it is possible for an attacker to create a symlink with this name to another place on the file system. This could, in turn, lead to a compromise of the root account.

apcd is used to monitor information from APC uninterruptable power supplies. The ups will inform the apcd that power has been removed, and the apcd will shut down the machine. 


ln -sf /tmp/upsstat /.rhosts
(wait for SIGUSR1 to be sent)
echo + + >> /.rhosts
rsh localhost -l root

|参考资料

来源:BID
名称:958
链接:http://www.securityfocus.com/bid/958
来源:DEBIAN
名称:20000201
链接:http://www.debian.org/security/2000/20000201

相关推荐: BBlog Index.PHP HTML Injection Vulnerability

BBlog Index.PHP HTML Injection Vulnerability 漏洞ID 1098726 漏洞类型 Input Validation Error 发布时间 2004-03-26 更新时间 2004-03-26 CVE编号 N/A CN…

文章版权归作者所有，未经允许请勿转载。

THE END