Solaris arp漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105233 漏洞类型 其他
发布时间 1994-02-01 更新时间 2005-05-02
CVE编号 CVE-1999-0859 CNNVD-ID CNNVD-199912-015
漏洞平台 Solaris CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/19232
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-199912-015
|漏洞详情
Solaris的arp存在漏洞。本地用户通过-f参数读取文件,该参数能够列出文件中不能正确解析的行。
|漏洞EXP
source: http://www.securityfocus.com/bid/291/info

The version of arp(8c) which shipped with versions of SunOs 4.1.X could be used to dump system memory by using the -f flag. This flag causes the file filename to be read and multiple entries to be set in the ARP tables. However, in this instance because of poor permission sets on /dev/kmem a user can specify the file to be read as /dev/kmem and therefore gain a dump of currently paged system memory. This could lead to a root compromise. 


$ arp -f /dev/kmem | strings > mem
|参考资料

来源:BID
名称:837
链接:http://www.securityfocus.com/bid/837
来源:OSVDB
名称:6994
链接:http://www.osvdb.org/6994