UTempter 0.5.x - Multiple Local Vulnerabilities

EDB-ID:

24027

CVE:

2004-0233

EDB Verified:

Author:

Steve Grubb

Type:

local

Exploit:   /  

Platform:

Linux

Date:

2004-04-19

Vulnerable App: 
source: https://www.securityfocus.com/bid/10178/info

It has been reported that utempter is affected by multiple local vulnerabilities. The first issue is due to an input validation error that causes the application to exit improperly; facilitating symbolic link attacks. The second issue is due to a failure of the application to properly validate buffer boundaries.

The first issue results in a symbolic link vulnerability. Since utempter runs with root privileges, this issue could be leveraged to corrupt arbitrary, attacker-specified system files.

The second problem presents itself when utempter processes certain strings. These errors may cause the affected process to crash. It has been conjectured that this may be leveraged to execute arbitrary code on the affected system, however this is currently unverified.

An attacker would create the following symbolic link that references an arbitrary system file:

/tmp/tty0

The attacker would then provide the following device descriptor string to the application:

/dev/../tmp/tty0
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services