Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink attack on the VOLICON file, which is copied to the .HSicon file in a shared directory.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
XInet K-AShare XKAS的Icon目录全局可读写漏洞
Vulnerability Description
K-AShare是一个允许Apple Macintosh和Unix系统共享文件的共享系统。它由Xinet维护和分发。 K-AShare缺省安装,icon目录使用了不安全的属性。 当建立共享的时候,程序会创建.HSResource目录和.HSicon文件,而.HSicon文件是从icon目录下的VOLICON文件复制过来的。由于icon目录的全局可读写,使得一个本地攻击者可以删除VOLICON文件,用VOLICON为名建立符号链接到他没有权限读取的文件,比如'/etc/shadow'。当管理员运行xkas程
CVSS Information
N/A
Vulnerability Type
N/A