GNOME NetworkManager本地任意文件访问漏洞

发布日期:2012-02-29
更新日期:2012-03-05

受影响系统:
GNOME NetworkManager 0.9
GNOME NetworkManager 0.7
GNOME NetworkManager 0.6
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 52206

GNOME NetworkManager可提供系统总线上的接口。

GNOME NetworkManager在实现上存在本地任意文件访问漏洞,本地攻击者可利用此漏洞读取任意文件。

<*来源:Ludwig
 
  链接:
 
*>

测试方法:
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

Ludwig ()提供了如下测试方法:

#!/usr/bin/Python
#
# Copyright (C) 2011 SUSE LINUX Products GmbH
#
# Author:     Ludwig Nussel
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# version 2 as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

import gobject

import dbus
import dbus.service
import dbus.mainloop.glib

import os
import subprocess

def N_(x): return x

_debug_level = 0
def debug(level, msg):
    if (level <= _debug_level):
    print '<%d>'%level, msg

class NetworkManager(gobject.GObject):

NM_STATE = {
          0: 'UNKNOWN',
         10: 'UNMANAGED',
         20: 'UNAVAILABLE',
         30: 'DISCONNECTED',
         40: 'PREPARE',
         50: 'CONFIG',
         60: 'NEED_AUTH',
         70: 'IP_CONFIG',
         80: 'IP_CHECK',
         90: 'SECONDARIES',
        100: 'ACTIVATED',
        110: 'DEACTIVATING',
        120: 'FAILED',
        }

NM_DEVICE_TYPE = {
        0: 'NM_DEVICE_TYPE_UNKNOWN',  # The device type is unknown.
        1: 'NM_DEVICE_TYPE_ETHERNET', # The device is wired Ethernet device.
        2: 'NM_DEVICE_TYPE_WIFI',     # The device is an 802.11 WiFi device.
        3: 'NM_DEVICE_TYPE_UNUSED1',  # Unused
        4: 'NM_DEVICE_TYPE_UNUSED2',  # Unused
        5: 'NM_DEVICE_TYPE_BT',        # The device is Bluetooth device that provides PAN or DUN capabilities.
        6: 'NM_DEVICE_TYPE_OLPC_MESH', # The device is an OLPC mesh networking device.
        7: 'NM_DEVICE_TYPE_WIMAX',     # The device is an 802.16e Mobile WiMAX device.
        8: 'NM_DEVICE_TYPE_MODEM', # The device is a modem supporting one or more of analog telephone, CDMA/EVDO, GSM/UMTS/HSPA, or LTE standards to access a cellular or wireline data network.
        }

NM_802_11_AP_SEC = {
        'NM_802_11_AP_SEC_NONE': 0x0, # Null flag.
        'NM_802_11_AP_SEC_PAIR_WEP40': 0x1, # Access point supports pairwise 40-bit WEP encryption.
        'NM_802_11_AP_SEC_PAIR_WEP104': 0x2, # Access point supports pairwise 104-bit WEP encryption.
        'NM_802_11_AP_SEC_PAIR_TKIP': 0x4, # Access point supports pairwise TKIP encryption.
        'NM_802_11_AP_SEC_PAIR_CCMP': 0x8, # Access point supports pairwise CCMP encryption.
        'NM_802_11_AP_SEC_GROUP_WEP40': 0x10, # Access point supports a group 40-bit WEP cipher.
        'NM_802_11_AP_SEC_GROUP_WEP104': 0x20, # Access point supports a group 104-bit WEP cipher.
        'NM_802_11_AP_SEC_GROUP_TKIP': 0x40, # Access point supports a group TKIP cipher.
        'NM_802_11_AP_SEC_GROUP_CCMP': 0x80, # Access point supports a group CCMP cipher.
        'NM_802_11_AP_SEC_KEY_MGMT_PSK': 0x100, # Access point supports PSK key management.
        'NM_802_11_AP_SEC_KEY_MGMT_802_1X': 0x200, # Access point supports 802.1x key management.
        }

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:https://www.heiqu.com/wwdydf.html