CVE-1999-0693
CVSS7.2
发布时间 :2000-03-02 00:00:00
修订时间 :2008-09-09 08:35:14
NMCOE    

[原文]Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.


[CNNVD]多个供应商CDETT Session缓冲区溢出漏洞(CNNVD-200003-007)

        ToolTalk共享目录的TT_SESSION环境变量存在缓冲区溢出漏洞。本地用户利用此漏洞可以提升根特权。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:hp:hp-ux:11HP-UX 11 family
cpe:/o:sco:unixware:7
cpe:/o:ibm:aix:4IBM AIX 4
cpe:/o:hp:hp-ux:10HP HP-UX 10

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:4374ToolTalk Buffer Overflow via TT_SESSION Envvar
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0693
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0693
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200003-007
(官方数据源) CNNVD

- 其它链接及资源

http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103
(UNKNOWN)  HP  HPSBUX9909-103
http://www.securityfocus.com/bid/641
(UNKNOWN)  BID  641
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192
(UNKNOWN)  SUN  00192

- 漏洞信息

多个供应商CDETT Session缓冲区溢出漏洞
高危 缓冲区溢出
2000-03-02 00:00:00 2005-05-02 00:00:00
本地  
        ToolTalk共享目录的TT_SESSION环境变量存在缓冲区溢出漏洞。本地用户利用此漏洞可以提升根特权。

- 公告与补丁

        Updated SGI advisory (20021102-02-P) and patch details available.
        This solution information has been quoted from CERT Advisory CA-99-11: Four Vulnerabilities in the Common Desktop Environment. This advisory is referenced in the 'Credit' section of this vulnerability entry. Please note that some of these fixes are temporary, this information is not considered to be complete given that some vendors are still investigating this problem as of the posting of this entry and some of the provided information is incomplete.
        Compaq Computer Corporation
        --------------------------------------------
        This potential security problem has been resolved and a patch for this problem has been made available for Tru64 UNIX V4.0D, V4.0E, V4.0F and V5.0.
        This patch can be installed on:
        V4.0D-F, all patch kits
         V5.0, all patch kits
        *This solution will be included in a future distributed release of Compaq's Tru64/ DIGITAL UNIX.
        This patch may be obtained from the World Wide Web at the following FTP address:
        http://www.service.digital.com/patches
        The patch file name is SSRT0617_ttsession.tar.Z
        IBM Corporation
        ----------------------
        AIX 4.1.x: IY03125 IY03847
         AIX 4.2.x: IY03105 IY03848
         AIX 4.3.x: IY02944 IY03849
        Customers that do not require the CDE desktop functionality can disable CDE by restricting access to the CDE daemons and removing the dt entry from /etc/inittab. Run the following commands as root to disable CDE:
        # /usr/dt/bin/dtconfig -d
         # chsubserver -d -v dtspc
         # chsubserver -d -v ttdbserver
         # chsubserver -d -v cmsd
         # chown root.system /usr/dt/bin/*
         # chmod 0 /usr/dt/bin/*
        For customers that require the CDE desktop functionality, a temporary fix is available via anonymous ftp from:
        ftp://aix.software.ibm.com/aix/efixes/security/cdecert.tar.Z
        Filename sum md5
         =================================================================
         dtaction_4.1 32885 18 82af470bbbd334b240e874ff6745d8ca
         dtaction_4.2 52162 18 b10f21abf55afc461882183fbd30e602
         dtaction_4.3 56550 19 6bde84b975db2506ab0cbf9906c275ed
         libtt.a_4.1 29234 2132 f5d5a59956deb8b1e8b3a14e94507152
         libtt.a_4.2 21934 2132 73f32a73873caff06057db17552b8560
         libtt.a_4.3 12154 2118 b0d14b9fe4a483333d64d7fd695f084d
         ttauth 56348 31 495828ea74ec4c8f012efc2a9e6fa731
         ttsession_4.1 19528 337 bfac4a06b90cbccc0cd494a44bd0ebc9
         ttsession_4.2 46431 338 05949a483c4e390403055ff6961b0816
         ttsession_4.3 54031 339 e1338b3167c7edf899a33520a3adb060
        NOTE - This temporary fix has not been fully regression tested. Use the following steps (as root) to install the temporary fix.
        1. Uncompress and extract the fix.
        # uncompress < cdecert.tar.Z | tar xf -
         # cd cdecert
        2. Replace the vulnerable executables with the temporary fix for
         your version of AIX.
        # (cd /usr/dt/lib && mv libtt.a libtt.a.before_security_fix)
         # (cd /usr/dt/bin && mv ttsession ttsession.before_security_fix)
         # (cd /usr/dt/bin && mv dtaction dtaction.before_security_fix)
         # chown root.system /usr/dt/lib/libtt.a.before_security_fix
         # chown root.system /usr/dt/bin/ttsession.before_security_fix
         # chown root.system /usr/dt/bin/dtaction.before_security_fix
         # chmod 0 /usr/dt/lib/libtt.a.before_security_fix
         # chmod 0 /usr/dt/bin/ttsession.before_security_fix
         # chmod 0 /usr/dt/bin/dtaction.before_security_fix
         # cp ./libtt.a_ /usr/dt/lib/libtt.a
         # cp ./ttsession_ /usr/dt/bin/ttsession
         # cp ./dtaction_ /usr/dt/bin/dtaction
         # cp ./ttauth /usr/dt/bin/ttauth
         # chmod 555 /usr/dt/lib/libtt.a
         # chmod 555 /usr/dt/bin/ttsession
         # chmod 555 /usr/dt/bin/dtaction
         # chmod 555 /usr/dt/bin/ttauth
         IBM AIX APARs may be ordered using Electronic Fix Distribution (via the FixDist program), or from the IBM Support Center. For more information on FixDist, and to obtain fixes via the Internet, please reference
        http://techsupport.services.ibm.com/support/rs6000.support/downloads
        Sun:
        Patches are available to all Sun customers at
        http://sunsolve.sun.com
        Sun Solaris 2.3
        

  •         Sun 101495-04
            

  •         

        Sun Solaris 2.4
        

  •         Sun 102734-05
            

  •         

  •         Sun 108636-01Only required if CDE is installed
            

  •         

        Sun Solaris 2.4 _x86
        

  •         Sun 108637-01Only required if CDE is installed
            

  •         

  •         Sun 108641-01
            

  •         

        Sun Solaris 2.5
        

  •         Sun 104428-09
            

  •         

        Sun Solaris 2.5 _x86
        

  •         Sun 105495-07
            

  •         

        Sun Solaris 2.5.1 _x86
        

  •         Sun 105496-09
            

  •         

        Sun Solaris 2.5.1
        

  •         Sun 104489-11
            

  •         

        Sun Solaris 2.6
        

  •         Sun 105802-12
            

  •         

        Sun Solaris 2.6 _x86
        

  •         Sun 105803-14
            

  •         

        Sun SunOS 4.1.3 _U1
        

  •         Sun 100626-10
            

  •         

        Sun SunOS 4.1.4
        

  •         Sun 100626-10
            

  •         

        SGI IRIX 6.5
        
        SGI IRIX 6.5.1
        
        SGI IRIX 6.5.10
        
        SGI IRIX 6.5.10 m
        
        SGI IRIX 6.5.10 f
        
        SGI IRIX 6.5.11
        
        SGI IRIX 6.5.11 m
        
        SGI IRIX 6.5.11 f
        
        SGI IRIX 6.5.12 f
        
        SGI IRIX 6.5.12 m
        

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站