CVE-1999-1183
CVSS7.6
发布时间 :1998-04-02 00:00:00
修订时间 :2013-08-21 00:05:33
NMCO    

[原文]System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote attackers to execute commands by providing a trojan horse (1) runtask or (2) runexec descriptor file, which is used to execute a System Manager Task when the user's Mailcap entry supports the x-sgi-task or x-sgi-exec type.


[CNNVD]SGI IRIX System Manager sysmgr GUI漏洞(CNNVD-199804-007)

        SGI IRIX 6.4和6.3版本的System Manager sysmgr GUI允许远程攻击者通过一个特洛伊木马执行命令。这个木马可以是(1)runtask或(2)当用户的Mailcap入口支持x-sgi-task or x-sgi-exec类型时用来执行System Manager Task的runexec descriptor文件。

- CVSS (基础分值)

CVSS分值: 7.6 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:sgi:irix:6.4SGI IRIX 6.4
cpe:/o:sgi:irix:6.3SGI IRIX 6.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1183
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1183
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199804-007
(官方数据源) CNNVD

- 其它链接及资源

ftp://patches.sgi.com/support/free/security/advisories/19980403-02-PX
(VENDOR_ADVISORY)  SGI  19980403-02-PX
ftp://patches.sgi.com/support/free/security/advisories/19980403-01-PX
(VENDOR_ADVISORY)  SGI  19980403-01-PX
http://www.osvdb.org/8556
(UNKNOWN)  OSVDB  8556
http://www.iss.net/security_center/static/809.php
(UNKNOWN)  XF  sgi-mailcap(809)

- 漏洞信息

SGI IRIX System Manager sysmgr GUI漏洞
高危 未知
1998-04-02 00:00:00 2005-10-20 00:00:00
远程  
        SGI IRIX 6.4和6.3版本的System Manager sysmgr GUI允许远程攻击者通过一个特洛伊木马执行命令。这个木马可以是(1)runtask或(2)当用户的Mailcap入口支持x-sgi-task or x-sgi-exec类型时用来执行System Manager Task的runexec descriptor文件。

- 公告与补丁

        

- 漏洞信息

8556
IRIX System Manager sysmgr GUI Descriptor File Command Execution
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

IRIX contains a flaw that may allow a malicious attacker to obtain root privileges. The issue is triggered when an SGI user browsing web pages or reading email can inadvertently download a "trojan horse" runtask(1M) or runexec(1M) descriptor file. It is possible that the flaw may allow execution of a local System Manager Task with the privileges of the user web browsing. If the SGI user is the root user, this can lead to a local root compromise resulting in a loss of integrity.

- 时间线

1998-04-02 Unknow
Unknow Unknow

- 解决方案

Silicon Graphics, Inc. has released patches to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround: 1) Become the root user on the system. % /bin/su - Password: # 2) Edit the default Mailcap file. # vi /usr/local/lib/netscape/mailcap 3) Remove the following vulnerable mailcap entries: application/x-sgi-task; /usr/sysadm/bin/runtask %s; \ description="System Administration Task" application/x-sgi-exec; /usr/sysadm/bin/runexec %s; \ description="System Administration Executable" 4) Find any additional mailcap files and remove any vulnerable entries. You will need to run the find(1) command on each system you maintain because the command examines files on local disks only. Note that this is one long command, though we have separated it onto three lines using backslashes. # find / -local -type f -name 'mailcap' -o \ -name '.mailcap' -exec egrep 'runexec|runtask' {} \ /dev/null \; This command will find all files on a system that: are only in the local file system (/ -local) are regular files (-type f) have the name "mailcap" (-name 'mailcap') or the name ".mailcap" Once found, those files will be searched for the string "runexec" or "runtask" (-exec egrep 'runexec|runtask' {}) and have their path names printed . The addition of /dev/null as an argument causes grep to list the full pathname of any file containing the string, rather than just the basename. Edit the files that have the pathnames printed and remove any vulnerable runtask/runexec mailcap entries. 5) Return to previous level. # exit $

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站