AIX 3.x bugfiler任意文件创建漏洞

AIX 3.x bugfiler任意文件创建漏洞

漏洞ID 1105326 漏洞类型 其他
发布时间 1997-09-08 更新时间 2005-10-21
图片[1]-AIX 3.x bugfiler任意文件创建漏洞-安全小百科CVE编号 CVE-1999-0115
图片[2]-AIX 3.x bugfiler任意文件创建漏洞-安全小百科CNNVD-ID CNNVD-199709-005
漏洞平台 AIX CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/20290
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199709-005
|漏洞详情
AIXbugfiler程序存在漏洞。本地用户可以获得根访问权限。
|漏洞EXP
source: http://www.securityfocus.com/bid/1800/info

A vulnerability exists in AIX 3.* versions of bugfiler, a utility which automates the process of reporting an filing system bugs. Bugfiler, installed setuid root, creates files in a directory specified by the user invoking the program (example: $/lib/bugfiler -b <user> directory>). It may be possible for an attacker to create files in arbitrary directories that are owned by attacker-specified users. This may result in an elevation of privileges for the attacker. Further technical details about this vulnerability are not known.

$whoami eviluser 
$/lib/bugfiler -b <user> <directory> creates funny files under the <user>-owned <directory> and that may be used by crackers to increase privileges. See the manpage of bugfiler for more information. (bugfiler does not work for some <user>s)
|参考资料

来源:BID
名称:1800
链接:http://www.securityfocus.com/bid/1800

相关推荐: Avi Alkalay man-cgi 执行任意命令漏洞

Avi Alkalay man-cgi 执行任意命令漏洞 漏洞ID 1197749 漏洞类型 输入验证 发布时间 2005-09-28 更新时间 2005-10-20 CVE编号 CVE-2005-3094 CNNVD-ID CNNVD-200509-287 …

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享