Privilege escalation vulnerabilities in Nagios XI installer
2011-12-30 09:40
429 查看
================ Privilege escalation vulnerabilities in Nagios XI installer < 2011R1.9 Author: 0a29406d9794e4f9b30b3c5d6702c708 twitter.com/0a29 - 0a29.blogspot.com - GMail 0a2940 ================ Description: ================ Multiple privilege escalations exist within Nagios XI installer. Tested against 2011R1.8, dated October 28, 2011. Fixes detailed in http://assets.nagios.com/downloads/nagiosxi/CHANGES-2011.TXT (2011R1.9 - 12/07/2011) ================ Details: ================ Vulnerability 1: Arbitrary RPM installation ----- Files: 0-yum 1-prereqs In certain situations files matching /tmp/epel-release*.rpm , /tmp/rpmforge-release*.rpm and /tmp/php-pear-HTML-Template-IT*.rpm will be installed. e.g. from 0-yum: if ! rpm -q epel-release &>/dev/null; then <snip> cd /tmp <snip> rpm -Uvh epel-release*.rpm ----- Vulnerability 2: Arbitrary crontab intallation ----- Files: install-crontab-root install-crontab-nagios uninstall-crontab-nagios A malicious user can exploit a race condition to control the root and nagios user's crontab. By creating the temporary file in advance (to control permissions) an attacker can insert entries before it is used to update the crontab. e.g. from install-crontab-root: --- #!/bin/sh crontab -l -u root | grep -v "/usr/local/nagiosxi/" > /tmp/root.crontab.new cat nagiosxi/crontab.root >> /tmp/root.crontab.new crontab -u root /tmp/root.crontab.new rm -f /tmp/root.crontab.new
相关文章推荐
- CVE-2014-6283: Privilege Escalation Vulnerability and Potential Remote Code Execution in SAP Adaptiv
- Ipswitch IMail Server Multiple Local Privilege Escalation Vulnerabilities
- TrustZone Kernel Privilege Escalation (CVE-2016-2431)
- Nagios XI多个远程安全漏洞
- MS Windows GDI Local Privilege Escalation Exploit
- Basic Linux Privilege Escalation
- hwclock(8) SUID privilege escalation
- Summary of Critical and Exploitable iOS Vulnerabilities in 2016
- Registering a Visual Studio .Net Add-In without an Installer
- Predefining the Installation Folder in the NetBeans Installer Framework
- MS12-032 - Vulnerability in TCP/IP Could Allow Elevation of Privilege
- QSEE privilege escalation vulnerability and exploit (CVE-2015-6639)
- npp-installer - A script to install the popular Win32 editor Notepad ++ in Linux - Google Project Hosting
- Android privilege escalation to mediaserver from zero permissions (CVE-2014-7920 + CVE-2014-7921)
- HTTP Response Splitting and XSS vulnerabilities in IBM Lotus Domino
- Basic Linux Privilege Escalation
- CVE-2014-7911: Android <5.0 Privilege Escalation using ObjectInputStream (权限提升漏洞)
- R语言 Error in match.names(clabs, names(xi)) :
- MS14-068 privilege escalation PoC: 可以让任何域内用户提升为域管理员
- Rising AntiVirus 2008/2009/2010 Local Privilege Escalation Exploit