漏洞描述
The /etc/hosts file was writable by non-root users, allowing attackers to register malicious DNS mappings and redirect legitimate domains (pharming attacks). This check verified that /etc/hosts was owned by root and had appropriate permissions.
rw-hosts-file: /etc/hosts File Read/Write Check
PoC代码[已公开]
id: rw-hosts-file
info:
name: /etc/hosts File Read/Write Check
author: songyaeji
severity: high
description: |
The /etc/hosts file was writable by non-root users, allowing attackers to register malicious DNS mappings and redirect legitimate domains (pharming attacks). This check verified that /etc/hosts was owned by root and had appropriate permissions.
reference:
- https://isms.kisa.or.kr/main/csap/notice/
metadata:
verified: true
tags: local,linux,hosts,file,audit,kisa
self-contained: true
code:
- engine:
- sh
- bash
source: |
stat -c "%U %G %a" /etc/hosts 2>/dev/null || echo "not-found"
matchers:
- type: regex
part: response
regex:
- '^root\s+root\s+(600|644)$'
# digest: 4a0a00473045022017a5a0e8603f419052c28b1a4247cf2ad1427ed06e840c85cb976599aba89ac50221009d55c0bde34158f8e63bfd6c2a090e801dd4271f75947ef4ad2d9baa133294ab:922c64590222798bb761d5b6d8e72950