FreeBSD WMMon权限提升漏洞

漏洞信息详情

FreeBSD WMMon权限提升漏洞

• CNNVD编号：CNNVD-199912-078
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2000-0018
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  1999-12-22
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  windowmaker
• 漏洞来源：
  First posted to Bu…

FreeBSD中的WMMon存在漏洞，本地用户利用该漏洞通过.wmmonrc配置文件获得特权。

The following was taken directly from a Bugtraq posting by Steve Reid on December 21, 1999. There is a link to this article in the credit section.
Here is a patch:
— work/wmmon.app/wmmon/wmmon.c.old Thu Dec 2 02:06:55 1999
+++ work/wmmon.app/wmmon/wmmon.c Thu Dec 2 04:20:22 1999
@@ -318,6 +318,8 @@
if (kvmd==NULL) kvmd = kvm_openfiles(NULL, NULL, NULL, O_RDONLY, errbuf);
if (kvmd==NULL) { fprintf(stderr, “kvm_openfiles: %s\n”, errbuf); exit(errno); }
+ if (setgid(getgid()) != 0) exit(1); /* We’re sgid kmem. Give up privs. */
+ if (setuid(getuid()) != 0) exit(1); /* If we’re suid, give that up too. */
if (kvmd) {
if (kvm_nlist(kvmd, nl) >= 0) {
struct nlist *nlp;
@sea-to-sky.net>

来源: BID
名称: 885
链接:http://www.securityfocus.com/bid/885

来源: OSVDB
名称: 1169
链接:http://www.osvdb.org/1169