发布时间 :2001-06-18 00:00:00
修订时间 :2017-12-18 21:29:20

[原文]/opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI.

[CNNVD]olaris /opt/JSparm/bin/perfmon程序创建根目录文件漏洞(CNNVD-200106-099)

        Solaris /opt/JSparm/bin/perfmon程序存在漏洞。本地用户可以借助GUI的登录文件选项创建任意根目录文件。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  BUGTRAQ  20010323 [ Hackerslab bug_paper ] SunOS application perfmon vulnerability
(UNKNOWN)  XF  solaris-perfmon-create-files(6267)

- 漏洞信息

olaris /opt/JSparm/bin/perfmon程序创建根目录文件漏洞
高危 未知
2001-06-18 00:00:00 2005-10-20 00:00:00
        Solaris /opt/JSparm/bin/perfmon程序存在漏洞。本地用户可以借助GUI的登录文件选项创建任意根目录文件。

- 公告与补丁


- 漏洞信息 (20715)

Junsoft JSparm 4.0 Logging Output File Vulnerability (EDBID:20715)
solaris local
2001-03-23 Verified
0 KimYongJun
N/A [点击下载]

JSparm is the Junsoft Performance Analysis Report Maker package. This software package provides an enhanced perfmon performance monitoring package and interface, as well as a performance report generation interface.

A problem with the package could make it possible for a user with local access to overwrite any file on the system. It is possible for a user to launch the perfmon program from the command line interface, and create a logfile of activity monitored by the perfmon package. The user may specify the file in which the activity should be logged. Insufficient checking of file permissions, as well as the program being SUID, make it possible for the log file to be any file on the system. The file created/overwritten is set to mode 0666.

Therefore, it is possible for a user with local access to overwrite sensitive system files, and gain elevated privileges. 

$ whoami
$ umask 0000
$ /opt/JSparm/bin/perfmon &

Choose Logging -> Logging File
In Selection part, input the file path you want to create
ex: /.rhosts

Following file is created in a second.
-rw-rw-rw- 1 root loveyou 144 Mar 9 03:14 .rhost


- 漏洞信息

Junsoft JSparm File Logging Arbitrary File Overwrite
Local Access Required Input Manipulation
Loss of Integrity Solution Unknown
Exploit Public Uncoordinated Disclosure

- 漏洞描述

- 时间线

2001-03-23 Unknow
Unknow Unknow

- 解决方案

OSVDB is not aware of a solution for this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete