HP-UX rwrite本地缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107301 漏洞类型 缓冲区溢出
发布时间 2003-05-02 更新时间 2009-03-04
CVE编号 CVE-2003-1461 CNNVD-ID CNNVD-200312-235
漏洞平台 HP-UX CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/22561
https://cxsecurity.com/issue/WLB-2007100104
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-235
|漏洞详情
HP-UX是惠普公司开发和维护的商业性质UNIX操作系统。HP-UXrwrite对参数缺少正确的边界缓冲区检查,本地程攻击者可以利用这个漏洞进行缓冲区溢出,可能以ROOT权限在系统上执行任意指令。当攻击者提供超长的参数给rwrite程序后,由于缺少边界检查,可导致程序崩溃,精心构建提交字符传,可能以root用户权限在系统上执行任意指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/7489/info

HP-UX rwrite utility has been reported prone to a buffer overflow vulnerability. Although unconfirmed code execution with elevated privileges may be possible.

The condition presents itself when excessive data is supplied as part of an argument passed to the vulnerable utility. Due to the lack of bounds checking, the vulnerable utility will crash.

The precise technical details of this vulnerability are currently unknown. This BID will be updated, as further information is available.

$ /usr/lbin/rwrite something `perl -e 'print "A" x 14628'` something
|参考资料

来源:BID
名称:7489
链接:http://www.securityfocus.com/bid/7489
来源:XF
名称:hp-rwrite-bo(11919)
链接:http://xforce.iss.net/xforce/xfdb/11919
来源:BUGTRAQ
名称:20030503rwritebufferoverflowinhp-ux
链接:http://www.securityfocus.com/archive/1/320371
来源:BUGTRAQ
名称:20030502HP-UX11.0/usr/lbin/rwrite
链接:http://www.securityfocus.com/archive/1/320323
来源:OVAL
名称:oval:org.mitre.oval:def:4897
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4897
来源:SREASON
名称:3283
链接:http://securityreason.com/securityalert/3283
来源:NSFOCUS
名称:4790
链接:http://www.nsfocus.net/vulndb/4790