The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


Cross-Referencing Linux vulnerability


<< Previous INDEX Search src Set bookmark Go to bookmark Next >>
Date: Tue, 11 Mar 2003 02:22:49 +0100
From: Albert Puigsech Galicia <[email protected]>
To: [email protected]
Subject: Cross-Referencing Linux vulnerability

Info.
-----

	+ Type:		To gain visibility

	+ Software:	Cross-Referencing Linux.
	 
	+ Verions:	until 0.9.2	

	+ Exploit:		Si.

	+ Autor:		Albert Puigsech Galicia

	+ Contact:	[email protected]





Introduction.
-------------

	Cross-Referencing Linux, as known as LXR, allow read all linux kernel
source using a web navigator. The aplication is writen using Perl languaje, 
and convert to HTML all linux kernel sources. For more information visit the
project's oficial website on http://lxr.linux.nu.



Description.
------------

	LXR suports to navigate through various kernel version. The version is
readed from 'v' variable, witch content are placed in the path used to open
the file without filter the '..' special directory.



Exploiting.
-----------

	In posible to read any file on systema as apache privileges getting up
on tree directory sending malicious data to 'v' variable. Is necessary too, to
finish the path with nul char to ignore the rest of the path, so we add %00 at
the end of 'v'.

	An example of exploit call may be:

	http://vulnerable/source?v=../../../../../../../etc/password%00



Patch.
------

	There aren't an oficial patch for a moment, but is too easy to put a 
regex filtering the '..' content when 'v' variable is read.


--
>=====================
> Albert Puigsech Galicia
>
> http://ripe.7a69ezine.org
>=====================

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру