S.u.S.E. Linux任意文件删除漏洞

S.u.S.E. Linux任意文件删除漏洞

漏洞ID 1105793 漏洞类型 访问验证错误
发布时间 2000-04-21 更新时间 2005-10-20
图片[1]-S.u.S.E. Linux任意文件删除漏洞-安全小百科CVE编号 CVE-2000-0293
图片[2]-S.u.S.E. Linux任意文件删除漏洞-安全小百科CNNVD-ID CNNVD-200005-014
漏洞平台 Linux CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/19867
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200005-014
|漏洞详情
SuSELinux6.3的aaa_base和早期版本的cron.daily存在漏洞,本地用户可以通过生成包含空格文件名的文件删除任意文件。此时在从/tmp目录下删除过期文件时aaa_base便不能正确解析,
|漏洞EXP
source: http://www.securityfocus.com/bid/1130/info

A vulnerability exists in SuSE Linux, version 6.3 and prior, that can allow arbitrary users to delete any file on the system. If the MAX_DAYS_IN_TMP variable is set in /etc/rc.config to be larger than 0, any local user can remove any file on the system. This is due to a flaw in /etc/cron.daily/aaa_base in SuSE 6.3, or /root/bin/cron.daily in older versions.

It has been reported that only files in the root directory (/) can be removed. Previously, it was thought arbitrary files anywhere on the filesystem could be removed.

mkdir -p "/tmp/foo vmlinux"
touch -t old-date "/tmp/foo vmlinux"
|参考资料

来源:BID
名称:1130
链接:http://www.securityfocus.com/bid/1130

相关推荐: Mac OS X服务拒绝漏洞

Mac OS X服务拒绝漏洞 漏洞ID 1203539 漏洞类型 未知 发布时间 2002-12-11 更新时间 2002-12-11 CVE编号 CVE-2002-1267 CNNVD-ID CNNVD-200212-024 漏洞平台 N/A CVSS评分 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享