lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.
But it doesn't explains what is the content of the DBGCMD_LQUERYLV variable.
$ DBGCMD_LQUERYLV="touch testfile"
$ echo "$DBGCMD_LQUERYLV"
touch testfile
$ /usr/sbin/lquerylv -L `getlvodm -l hd3` -r >/dev/null
$ ls -la testfile
testfile not found
$ oslevel -s
6100-08-03-1339
$ lslpp -L bos.rte.lvm
Fileset Level State Type Description (Uninstaller)
----------------------------------------------------------------------------
bos.rte.lvm 6.1.8.16 C F Logical Volume Manager
Question: What is the "crafted DBGCMD_LQUERYLV" in CVE-2014-8904 ?
Aucun commentaire:
Enregistrer un commentaire