openkylin
/
attack-defense-think-tank
mirror of https://gitee.com/openkylin/attack-defense-think-tank.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

update KVE-2022-0231

This commit is contained in:
Set3r.Pan 2022-11-16 20:52:42 +08:00
parent 7363638de7
commit 55d0a57f1c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
终端安全/0x10 kylin-activation任意文件写入漏洞(KVE-2022-0231).md
View File

@ -17,9 +17,9 @@ kylin-activation软件包是用于授权验证与激活的组件。该软件包
#### 漏洞细节
org.freedesktop.activation服务的import_auth_file方法接收文件
![](../assets/21_image/3.png)
![](../assets/21_image/3.png)
如果文件存在,该服务将该文件拷贝/etc下导致/etc目录下写任意文件
![](../assets/21_image/4.png)
![](../assets/21_image/4.png)
#### 漏洞复现
Exploit:
```