Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| ChangePassword Lets Local Users Obtain Root Privileges |
|---|
Categorie: Vulnerability
Posted: 2004-12-21 by ReCall
Views: 390
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: A vulnerability was reported in ChangePassword. A local user can obtain root privileges on the target system.
D. J. Bernstein reported that a local user can invoke 'changepassword.cgi' on UNIX-based systems to execute arbitrary commands with root privileges. The script is installed with set user id (setuid) root user privileges by default. The script does not validate user-supplied environment variables, so a local user can set the PATH to point to a specially crafted version of 'make' and then submit a POST request directly to the application via the environment (rather than via HTTP) to execute the make application with root privileges. A demonstration exploit request is provided [where 'u' is the username and 'p' is the password]:
form_user=u&form_pw=p&form_new1=x&form_new2=x&
Ariel Berkman is credited with discovering this flaw.
Impact: A local user can execute arbitrary programs with root privileges.
Solution: No solution was available at the time of this entry.
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1240
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
