hardlink Symlink Attack Local Privilege Escalation Vulnerability
BID:50809
Info
hardlink Symlink Attack Local Privilege Escalation Vulnerability
| Bugtraq ID: | 50809 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2011-3632 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 24 2011 12:00AM |
| Updated: | Apr 13 2015 09:54PM |
| Credit: | Jan Lieskovsky |
| Vulnerable: |
Redhat Enterprise Linux Server 6 Redhat Enterprise Linux 6 Redhat Enterprise Linux 5 Server Redhat Enterprise Linux 5 Client Linux hardlink 1.0 |
| Not Vulnerable: | |
Discussion
hardlink Symlink Attack Local Privilege Escalation Vulnerability
hardlink is prone to a local privilege-escalation vulnerability.
Local attackers can exploit this issue through symbolic links to use hardlink on directories/files outside of the intended directory tree.
hardlink is prone to a local privilege-escalation vulnerability.
Local attackers can exploit this issue through symbolic links to use hardlink on directories/files outside of the intended directory tree.
Exploit / POC
hardlink Symlink Attack Local Privilege Escalation Vulnerability
An attacker uses readily available commands to exploit the issue.
An attacker uses readily available commands to exploit the issue.
Solution / Fix
hardlink Symlink Attack Local Privilege Escalation Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
hardlink Symlink Attack Local Privilege Escalation Vulnerability
References:
References: