Kerio WebSTAR是运行在Mac OS X平台上的WEB服务器。 Kerio WebSTAR在不安全的权限安装程序文件,本地攻击者可能利用此提升自己的权限。 在安装Kerio WebSTAR时/Applications中继承了两个setuid二进制程序: kevin-finisterres-computer:~/Desktop kf$ find /Applications/Kerio\ WebSTAR -perm -4000 -ls 978790 3016 -rwsrwx--x 1 root admin 1542556 Apr 10 2006 /Applications/Kerio WebSTAR/AdminServer/WSAdminServer 979475 3288 -rwsrwx--- 1 root admin 1679724 Apr 10 2006 /Applications/Kerio WebSTAR/WebServer/WSWebServer 如果攻击者能够访问webstar用户或admin组的话,就可以通过滥用上述两个二进制程序以root用户权限执行代码。这两个二进制程序都试图加载当前目录中的帮助程序库,因此攻击者可以通过提供已植入了木马的应用程序来利用这个漏洞。 kevin-finisterres-computer:~ kf$ /Applications/Kerio\ WebSTAR/WebServer/WSWebServer dyld: Library not loaded: libucache.dylib Referenced from: /Applications/Kerio WebSTAR/WebServer/WSWebServer Reason: image not found Trace/BPT trap kevin-finisterres-computer:~ kf$ /Applications/Kerio\ WebSTAR/AdminServer/WSAdminServer dyld: Library not loaded: libucache.dylib Referenced from: /Applications/Kerio WebSTAR/AdminServer/WSAdminServer Reason:...
Kerio WebSTAR是运行在Mac OS X平台上的WEB服务器。 Kerio WebSTAR在不安全的权限安装程序文件,本地攻击者可能利用此提升自己的权限。 在安装Kerio WebSTAR时/Applications中继承了两个setuid二进制程序: kevin-finisterres-computer:~/Desktop kf$ find /Applications/Kerio\ WebSTAR -perm -4000 -ls 978790 3016 -rwsrwx--x 1 root admin 1542556 Apr 10 2006 /Applications/Kerio WebSTAR/AdminServer/WSAdminServer 979475 3288 -rwsrwx--- 1 root admin 1679724 Apr 10 2006 /Applications/Kerio WebSTAR/WebServer/WSWebServer 如果攻击者能够访问webstar用户或admin组的话,就可以通过滥用上述两个二进制程序以root用户权限执行代码。这两个二进制程序都试图加载当前目录中的帮助程序库,因此攻击者可以通过提供已植入了木马的应用程序来利用这个漏洞。 kevin-finisterres-computer:~ kf$ /Applications/Kerio\ WebSTAR/WebServer/WSWebServer dyld: Library not loaded: libucache.dylib Referenced from: /Applications/Kerio WebSTAR/WebServer/WSWebServer Reason: image not found Trace/BPT trap kevin-finisterres-computer:~ kf$ /Applications/Kerio\ WebSTAR/AdminServer/WSAdminServer dyld: Library not loaded: libucache.dylib Referenced from: /Applications/Kerio WebSTAR/AdminServer/WSAdminServer Reason: image not found Trace/BPT trap ktrace可以更清楚的说明这个漏洞: 1183 WSAdminServer CALL open(0x17e8,0,0) 1183 WSAdminServer NAMI "libucache.dylib" 1183 WSAdminServer RET open -1 errno 2 No such file or directory 1183 WSAdminServer CALL close(0xffffffff) ... 1183 WSAdminServer CALL open(0xbfffea90,0,0) 1183 WSAdminServer NAMI "/var/root/lib/libucache.dylib" 1183 WSAdminServer RET open -1 errno 2 No such file or directory 1183 WSAdminServer CALL close(0xffffffff) 1183 WSAdminServer RET close -1 errno 9 Bad file descriptor 1183 WSAdminServer CALL open(0xbfffea90,0,0) 1183 WSAdminServer NAMI "/usr/local/lib/libucache.dylib" 1183 WSAdminServer RET open -1 errno 2 No such file or directory 1183 WSAdminServer CALL close(0xffffffff) 1183 WSAdminServer RET close -1 errno 9 Bad file descriptor 1183 WSAdminServer CALL open(0xbfffeaa0,0,0) 1183 WSAdminServer NAMI "/usr/lib/libucache.dylib" 1183 WSAdminServer RET open -1 errno 2 No such file or directory 1183 WSAdminServer CALL close(0xffffffff) Kerio WebStar 5.4.2 临时解决方法: * 限制对admin组和webstar用户的访问。 厂商补丁: Kerio ----- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: <a href="http://www.kerio.com/" target="_blank">http://www.kerio.com/</a>
