AIX netstat网络操作错误漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1105984 漏洞类型 未知
发布时间 2000-09-03 更新时间 2005-05-02
CVE编号 CVE-2000-0873 CNNVD-ID CNNVD-200011-064
漏洞平台 AIX CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/20213
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200011-064
|漏洞详情
AIX4.x.x的netstat不正确限制-Zi选项的访问,本地用户可以利用该漏洞清除网络界面的数据,并且可能可以隐藏网络不正常操作的证据。
|漏洞EXP
source: http://www.securityfocus.com/bid/1660/info

A vulnerability exists in versions 4.x. x of AIX, from IBM. Any local user can utilize the -Z command to netstat, without needing to be root. This will cause interface statistics to be reset. This could potentially interfere with programs that track statistical information.

$ netstat -in --> shows stats
$ netstat -Zi --> clears them without checking the uid
|参考资料

来源:BID
名称:1660
链接:http://www.securityfocus.com/bid/1660
来源:BUGTRAQ
名称:20000903aixallowsclearingtheinterfacestats
链接:http://archives.neohapsis.com/archives/bugtraq/2000-08/0454.html
来源:XF
名称:aix-clear-netstat
链接:http://xforce.iss.net/static/5214.php