- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 19915
- Проверка EDB
-
- Пройдено
- Автор
- SEBASTIAN
- Тип уязвимости
- LOCAL
- Платформа
- LINUX
- CVE
- cve-2000-0393
- Дата публикации
- 2000-05-16
KDE 1.1/1.1.1/1.2/2.0 kscd - SHELL Environmental Variable
Код:
source: https://www.securityfocus.com/bid/1206/info
Some linux distributions (S.u.S.E. 6.4 reported) ship with kscd (a CD player for the KDE Desktop) sgid disk. kscd uses the contents of the 'SHELL' environment variable to execute a browser. This makes it possible to obtain a sgid 'disk' shell. Using these privileges along with code provided in the exploit, it is possible to change attributes on raw disks. This in turns allows an attacker to create a root shell, thus compromising the intergrity of the machine.
Red Hat, Linux Mandrake, and Turbo Linux do not currently ship with kscd setgid 'disk'.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/19915.tgz- Источник
- www.exploit-db.com
