Lucene search
RootSSV:4599HistoryDec 26, 2008 - 12:00 a.m.
Verlihub创建不安全文件及远程代码执行漏洞
2008-12-2600:00:00
Root
www.seebug.org
16
EPSS
0.012
Percentile
85.6%
BUGTRAQ ID: 32889,32420
CVE(CAN) ID: CVE-2008-5705,CVE-2008-5706
Verlihub是运行在Linux操作系统上的Direct Connect协议服务器。
Verlihub没有正确地过滤通过trigger机制传送给shell的用户输入,此外Verlihub守护程序还可能配置为以root用户权限运行,这就允许连接到hub的用户通过提交恶意请求执行任意命令,或允许本地攻击者通过对/tmp/trigger.tmp临时文件的符号链接攻击覆盖任意文件。以下是src/ctrigger.cpp文件的cTrigger::DoIt()函数中的有漏洞代码段:
106 string command(buf);
107 filename = server.mConfigBaseDir;
108 filename.append("/tmp/trigger.tmp");
109 command.append(" > ");
110 command.append(filename);
111 cout << command << endl;
112 system(command.c_str());
Verlihub Project Verlihub <= 0.9.8d-RC2
厂商补丁:
Verlihub Project
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
<a href=“http://www.verlihub-project.org” target=“_blank”>http://www.verlihub-project.org</a>
+<trigger> `cat /etc/passwd`
Related
freebsd
freebsd
verlihub -- insecure temporary file usage and arbitrary command execution
2008-11-22 00:00:00
openvas
openvas
FreeBSD Ports: verlihub
2009-01-13 00:00:00
FreeBSD Ports: verlihub
2009-01-13 00:00:00
exploitdb
exploitdb
verlihub 0.9.8d-RC2 - Remote Command Execution
2008-11-21 00:00:00
nessus
nessus
cve
cve
CVE-2008-5706
2008-12-22 15:30:00
CVE-2008-5705
2008-12-22 15:30:00
prion
prion
Code injection
2008-12-22 15:30:00
Code injection
2008-12-22 15:30:00
nvd
nvd
CVE-2008-5706
2008-12-22 15:30:00
CVE-2008-5705
2008-12-22 15:30:00
ubuntucve
ubuntucve
CVE-2008-5705
2008-12-22 00:00:00
CVE-2008-5706
2008-12-22 00:00:00
cvelist
cvelist
CVE-2008-5705
2008-12-22 15:00:00
CVE-2008-5706
2008-12-22 15:00:00