GNU Bash 'ls' Control 字符指令注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1118904 漏洞类型 输入验证
发布时间 2010-01-13 更新时间 2010-01-13
CVE编号 CVE-2010-0002 CNNVD-ID CNNVD-201001-133
漏洞平台 Linux CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/33508
https://www.securityfocus.com/bid/37776
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201001-133
|漏洞详情
Bash2.05b,3.0,3.2,3.2.48,和4.0版本的Mandrivabash信息包中的/etc/profile.d/60alias.sh脚本可以激活LS_OPTIONS中的--show-control-chars选项,这会允许本地用户借助一个特制的文件名,向终端模拟器发送换吗顺序,或隐藏文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/37776/info

GNU Bash is prone to a command-injection vulnerability because it fails to adequately sanitize control characters in the 'ls' command.

Attackers can exploit this issue to execute arbitrary commands in a bash terminal; other attacks may also be possible. 

The following example is available:

1. mkdir $(echo -e 'couc\x08\x08asd')
2. ls

Displays:
coasd/

Expected:
couc??asd/
|受影响的产品
Mandriva Linux Mandrake 2010.0 x86_64 Mandriva Linux Mandrake 2010.0 Mandriva Linux Mandrake 2009.1 x86_64 Mandriva Linux Mandrake 2009.1 Mandriva Linux Mandrake 2009.0 x86_64
|参考资料

来源:qa.mandriva.com
链接:https://qa.mandriva.com/show_bug.cgi?id=56882
来源:MANDRIVA
名称:MDVSA-2010:004
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2010:004