Debian GNU/Linux 2.1 apcd符号链接漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105699 漏洞类型 竞争条件
发布时间 2000-02-01 更新时间 2005-05-02
CVE编号 CVE-2000-0107 CNNVD-ID CNNVD-200002-001
漏洞平台 Linux CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/19735
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200002-001
|漏洞详情
Linuxapcd程序存在漏洞。本地攻击者可以借助符号链接攻击修改任意文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/958/info

A vulnerability exists in the apcd package, as shipped in Debian GNU/Linux 2.1. By sending the apcd process a SIGUSR1, a file will be created in /tmp called upsstat. This file contains information about the status of the APC device. This file is not opened securely, however, and it is possible for an attacker to create a symlink with this name to another place on the file system. This could, in turn, lead to a compromise of the root account.

apcd is used to monitor information from APC uninterruptable power supplies. The ups will inform the apcd that power has been removed, and the apcd will shut down the machine. 


ln -sf /tmp/upsstat /.rhosts
(wait for SIGUSR1 to be sent)
echo + + >> /.rhosts
rsh localhost -l root
|参考资料

来源:BID
名称:958
链接:http://www.securityfocus.com/bid/958
来源:DEBIAN
名称:20000201
链接:http://www.debian.org/security/2000/20000201