Inktomi Traffic Server Traffic Edge Media-IXT特权提升漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1106818 漏洞类型 缓冲区溢出
发布时间 2002-06-25 更新时间 2005-05-02
CVE编号 CVE-2002-1013 CNNVD-ID CNNVD-200210-225
漏洞平台 Linux CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/21580
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200210-225
|漏洞详情
InktomiTrafficServer4.0.18版本到5.2.2版本,TrafficEdge1.1.2版本和1.5.0版本,以及Media-IXT3.0.4版本的traffic_manager存在缓冲区溢出漏洞。本地用户可以借助超长-path参数提升根特权。
|漏洞EXP
source: http://www.securityfocus.com/bid/5098/info

Inktomi Traffic Server is a transparent web caching application. It is designed for use with Unix and Linux variants as well as Microsoft Windows operating environments.

A buffer overflow vulnerability has been reported in the Inktomi Traffic Server. The vulnerability occurs in the traffic_manager binary included with Inktomi Traffic Server.

Reportedly, executing traffic_manager with an excessively long commandline argument will cause the buffer overflow condition. As traffic_manager is a setuid root binary, it is possible for a remote attacker to obtain root, or superuser, privileges on a compromised system. 

traffic_manager -path `perl -e 'print "A"x1720'` <
|参考资料

来源:BID
名称:5098
链接:http://www.securityfocus.com/bid/5098
来源:XF
名称:inktomi-trafficserver-manager-bo(9465)
链接:http://www.iss.net/security_center/static/9465.php
来源:support.inktomi.com
链接:http://support.inktomi.com/kb/070202-003.html
来源:BUGTRAQ
名称:20020702CORE-20020620:InktomiTrafficServerBufferOverflow
链接:http://archives.neohapsis.com/archives/bugtraq/2002-07/0023.html