发布时间 :1999-12-31 00:00:00
修订时间 :2016-10-17 22:02:57

[原文]linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack.

[CNNVD]linuxconf /tmp File Race Condition 漏洞(CNNVD-199912-191)

        Red Hat Linux 5.1上的早于1.11.r11-rh3版本的linuxconf存在漏洞,本地用户可以通过符号链接攻击访问根目录。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  19980823 Security concerns in linuxconf shipped w/RedHat 5.1
(UNKNOWN)  XF  linuxconf-symlink-gain-privileges(7232)

- 漏洞信息

linuxconf /tmp File Race Condition 漏洞
高危 竞争条件
1999-12-31 00:00:00 2005-05-02 00:00:00
        Red Hat Linux 5.1上的早于1.11.r11-rh3版本的linuxconf存在漏洞,本地用户可以通过符号链接攻击访问根目录。

- 公告与补丁

        Upgrades available:
        Wirex Immunix OS 7.0 -Beta

- 漏洞信息

Linuxconf Symlink Arbitrary File Overwrite
Local Access Required Race Condition
Loss of Integrity, Loss of Availability

- 漏洞描述

linuxconf contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a symlink to a predictable tmpfilename is created, allowing an attacker to overwrite arbitrary files and potentially gain root privileges.

- 时间线

1998-08-22 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.11r19-1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

linuxconf /tmp File Race Condition Vulnerability
Race Condition Error 2186
No Yes
2001-01-10 12:00:00 2001-01-10 12:00:00
This vulnerability was first announced by Greg KH <> on January 10, 2001 via Bugtraq.

- 受影响的程序版本

Wirex Immunix OS 7.0 -Beta
RedHat Linux 7.0

- 漏洞讨论

linuxconf is a powerful configuration tool available for various distributions of the Linux Operating System. A problem exists which could potentially allow a race condition and symbolic link attack.

The problem occurs in the creation of /tmp files by linuxconf. The vpop3d program, which is part of the linuxconf package, creates /tmp files in an insecure manner under some circumstances. This could result in guessing of the filename of a future /tmp file, and the creation of a symbolic link to a file writable by the user executing linuxconf, which is normally root. A user with malicious motives could use this vulnerability to potentially overwrite or append to system files.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at:

- 解决方案

Upgrades available:

Wirex Immunix OS 7.0 -Beta

- 相关参考