<![CDATA[Latest posts for the topic "Red Hat Enterprise Linux init.d XFS Script chown Race"]]> /hvaonline/posts/list/13.html JForum - http://www.jforum.net Red Hat Enterprise Linux init.d XFS Script chown Race Red Hat Enterprise Linux init.d XFS Script chown Race Condition Vulnerability ------------------------------------------------------------------------ SUMMARY XFS is the X Font Server, and is used to render fonts for the X Window System. "init.d" refers to the startup and shutdown scripts used by Linux platforms. At boot and shutdown time, these scripts are run by the init program to start and stop various system services. Local exploitation of a race condition vulnerability in Red Hat Inc.'s Enterprise Linux init.d XFS script allows an attacker to elevate their privileges to root. DETAILS Vulnerable Systems: * RedHat Enterprise Linux version 4 * Fedora Core 6 * (Other versions may also be affected) The XFS script is vulnerable to a race condition when it is started by init, or by a system administrator. Specifically, it insecurely changes the file permissions of a temporary file. This allows an attacker to make any file on the system world writable. Exploitation of this vulnerability results in an attacker gaining root privileges on the affected system. However, in order to exploit this, it is necessary for either the system to be rebooted, or for the administrator to manually restart the XFS. Vendor Status: Red Hat has released errata updates for versions 4 and 5 of their Enterprise Linux software. More information is available at the URLs shown below. https://rhn.redhat.com/errata/RHSA-2007-0519.html https://rhn.redhat.com/errata/RHSA-2007-0520.html CVE Information: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3103 Disclosure Timeline: * 06/05/2007 - Initial vendor notification * 06/06/2007 - Initial vendor response * 07/12/2007 - Coordinated public disclosure ADDITIONAL INFORMATION The information has been provided by iDefense. The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=557]]> /hvaonline/posts/list/12402.html#72249 /hvaonline/posts/list/12402.html#72249 GMT Re: Red Hat Enterprise Linux init.d XFS Script chown Race

conmale wrote:
However, in order to exploit this, it is necessary for either the system to be rebooted, or for the administrator to manually restart the XFS.  
Anh quên không tô đậm hai thứ này :D) . Thật khó mà reboot hệ thống hay restart X Font Server khi mà không có root privileges. Nếu em đã có root privileges thì em còn exploit nó làm gì nữa. :D) ]]> /hvaonline/posts/list/12402.html#72326 /hvaonline/posts/list/12402.html#72326 GMT Re: Red Hat Enterprise Linux init.d XFS Script chown Race

hackernohat wrote:

conmale wrote:
However, in order to exploit this, it is necessary for either the system to be rebooted, or for the administrator to manually restart the XFS.  
Anh quên không tô đậm hai thứ này :D) . Thật khó mà reboot hệ thống hay restart X Font Server khi mà không có root privileges. Nếu em đã có root privileges thì em còn exploit nó làm gì nữa. :D)  
Em vẫn có thể exploit nó được. 1) em chờ cho server reboot (bảo quản định kỳ, patching... chẳng hạn) 2) em dùng một exploit khác có khả năng làm treo server, làm CPU high load liên tục. Miễn sao server restart rồi là xong.]]> /hvaonline/posts/list/12402.html#72329 /hvaonline/posts/list/12402.html#72329 GMT