- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 19752
- Проверка EDB
-
- Пройдено
- Автор
- SHAWN BRACKEN
- Тип уязвимости
- LOCAL
- Платформа
- SCO
- CVE
- cve-2000-0224 cve-2000-0154
- Дата публикации
- 2000-02-15
SCO Unixware 7.1/7.1.1 - ARCserver /tmp Symlink
Код:
source: https://www.securityfocus.com/bid/988/info
A symlink following vulnerability exists in the ARCserve agent, as shipped with SCO Unixware 7. Upon startup, the asagent program will create several files in /tmp. These are created mode 777, and can be removed and replaced by any user on the system. If these are replaced with symlinks, files can be created anywhere on the filesystem, owned by root. This cannot be used to alter the permissions of existing files. However, the contents of the new file are contained in /usr/CYEagent/agent.cfg. This file is world writable.
echo "+ +" > /usr/CYEagent/agent.cfg
rm /tmp/asagent.tmp
ln -sf /.rhosts /tmp/asagent.tmp
- Источник
- www.exploit-db.com