Exploits / Vulnerability Discovered : 2021-01-05 |
Type : local |
Platform : windows
This exploit / vulnerability Fluentd tdagent plugin 4.0.1 insecure folder permission is for educational purposes only and if it is used you will do on your own risk!
Description:
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.
Vulnerable Path: ( Authenticated Users have permission to write within the location )
PS C:\opt\td-agent\bin> icacls C:\opt\td-agent\bin
C:\opt\td-agent\bin BUILTIN\Administrators:(I)(OI)(CI)(F)
NT AUTHORITY\SYSTEM:(I)(OI)(CI)(F)
BUILTIN\Users:(I)(OI)(CI)(RX)
NT AUTHORITY\Authenticated Users:(I)(M)
NT AUTHORITY\Authenticated Users:(I)(OI)(CI)(IO)(M)