- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 19232
- Проверка EDB
-
- Пройдено
- Автор
- ANONYMOUS
- Тип уязвимости
- LOCAL
- Платформа
- SOLARIS
- CVE
- cve-1999-0859
- Дата публикации
- 1994-02-01
SunOS 4.1.4 - arp(8c) Memory Dump
Код:
source: https://www.securityfocus.com/bid/291/info
The version of arp(8c) which shipped with versions of SunOs 4.1.X could be used to dump system memory by using the -f flag. This flag causes the file filename to be read and multiple entries to be set in the ARP tables. However, in this instance because of poor permission sets on /dev/kmem a user can specify the file to be read as /dev/kmem and therefore gain a dump of currently paged system memory. This could lead to a root compromise.
$ arp -f /dev/kmem | strings > mem- Источник
- www.exploit-db.com
