mintdrivers : Shell Command Injection (fake Live Media)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linux Mint |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
see attached screenshot
Exploit Demo :
a) disconnect from the internet
b) insert a usb-stick wich will be mounted in /media
c) create a folder on the usb-stick with a shell command in the FOLDER NAME like this
$( uname -a > test.txt )
d) create this file in the folder
README.diskdefines
e) run mintdrivers
f) The Shell command in the mount point path will be injected in %s because of the os.system call in mintDrivers.py
g) Another example : A command will run as root and disable the ufw firewall if you create this hidden folder and file on the usb stick :
/media/
---------
Listing of mintDrivers.py
# Find the live media
try:
live_medias = subprocess.
live_medias = str(live_medias, encoding=
for live_media in live_medias:
if ("README.
# Add it to apt-cdrom
---------------
OS Information :
theregrunner@
Linux mint 3.16.0-38-generic #52~14.04.1-Ubuntu SMP Fri May 8 09:43:57 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
theregrunner@
No LSB modules are available.
Distributor ID: LinuxMint
Description: Linux Mint 17.2 Rafaela
Release: 17.2
Codename: rafaela
description: | updated |
description: | updated |
description: | updated |
Changed in linuxmint: | |
status: | New → Fix Released |
Demo Exploit Video (german)
https:/ /youtu. be/gH9Aj5FD_ xM