Fgtsystemconf Patched Instant

If you are using an unpatched version of fgtsystemconf:

The original fgtsystemconf utility—typically setuid root to manage hardware clocks, BIOS settings, or RAID controllers—contained a function write_system_config() that accepted a user-controlled path via a --config-dump argument. Due to a missing chroot() or realpath() check, an attacker could supply a path like: fgtsystemconf patched

fgtsystemconf --config-dump /etc/cron.d/evil --content "*/1 * * * * root backdoor"

The binary would:

+ if (strstr(user_path, "..") || user_path[0] != '/') 
+     syslog(LOG_ERR, "Invalid path: traversal or relative");
+     exit(EXIT_FAILURE);
+ 
+ char real_path[PATH_MAX];
+ if (!realpath(user_path, real_path)) 
+     perror("realpath");
+     exit(EXIT_FAILURE);
+

The FGTSystemConf module allowed authenticated users to modify system parameters. However, a flaw existed where: If you are using an unpatched version of

When faced with an unrecognized patch name like this, system administrators should: The binary would: + if (strstr(user_path, "

Signup for our newsletter

Fgtsystemconf Patched Instant