CVE-1999-1415
CVSS4.6
发布时间 :1991-08-23 00:00:00
修订时间 :2008-09-05 16:19:28
NMCOS    

[原文]Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local users to gain privileges.


[CNNVD]ULTRIX /usr/bin/mail漏洞(CNNVD-199108-001)

        DEC ULTRIX 4.2之前版本中的/usr/bin/mail存在漏洞。本地用户可以借助该漏洞提升特权。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1415
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1415
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199108-001
(官方数据源) CNNVD

- 其它链接及资源

http://www.cert.org/advisories/CA-91.13.Ultrix.mail.vulnerability
(VENDOR_ADVISORY)  CERT  CA-91.13
http://www.securityfocus.com/bid/27
(UNKNOWN)  BID  27

- 漏洞信息

ULTRIX /usr/bin/mail漏洞
中危 未知
1991-08-23 00:00:00 2005-10-20 00:00:00
本地  
        DEC ULTRIX 4.2之前版本中的/usr/bin/mail存在漏洞。本地用户可以借助该漏洞提升特权。

- 公告与补丁

        Digital has corrected the identified code as of ULTRIX Version 4.2
        (released May 1991). Digital recommends strongly that you upgrade to
        ULTRIX Version 4.2 immediately to avoid any potential vulnerability
        to your system via this problem. For those of you who are unable to
        upgrade at this time, installing the ULTRIX Version 4.2 mail file on
        your V4.1 system will correct this problem.
        ULTRIX Version 4.2 of /usr/bin/mail has not been shown to be
        compatible with versions of ULTRIX previous to ULTRIX version 4.1;
        upgrading to ULTRIX V4.2 or upgrading to ULTRIX V4.1 and using the
        ULTRIX 4.2 /usr/bin/mail program is required to correct this
        problem.
        Use one of the procedures below to update an ULTRIX Version 4.1 system:
         - Procedure (1) describes the process to extract the
         /usr/bin/mail binary from the ULTRIX Version 4.2 MUP subset.
         - Procedure (2) provides the commands to install the
         ULTRIX Version 4.2 /usr/bin/mail binary from another of your
         system(s) where possible.
         - Both the VAX (DECsystem) and DEC RISC (DECstation)
         versions of the ULTRIX Version 4.2 /usr/bin/mail binary,
         may be obtained by contacting your Digital Services Support
         Organization.
        - ------------------------------------------------------------------------------
        -
        (1) This procedure will replace your existing /usr/bin/mail binary using
         the /usr/bin/mail binary from the ULTRIX Version 4.2 MUP distribution.
         The procedure below describes the method to extract the binary from
         the tape media.
        NOTE:
        Setting the environment to single user mode will prevent possible
        disruption of the mail services.
        - ------------------------------------------------------------------------------
        -
         To update an ULTRIX Version 4.1 system, you must first obtain the
         ULTRIX Version 4.2 binary of /usr/bin/mail for your computer's
         architecture from your ULTRIX Version 4.2 distribution tapes.
         LOAD THE ULTRIX MANDATORY UPGRADE TAPE ON YOUR ULTRIX Version 4.1 SYSTEM.
         ( Note: UDTBASE421 will provide the RISC base upgrade, ULTBASE421 will)
         ( provide the VAX base upgrade mail file. Substitute as necessary for)
         ( your architecture. )
         ( ISSUE THE FOLLOWING COMMANDS FROM YOUR ULTRIX Version 4.1 SYSTEM )
        ( BECOME ROOT - YOU MUST HAVE PRIVILEGES TO MAKE THIS UPDATE. )
         % su
         (cd TO SOME DIRECTORY THAT YOU CAN PUT THE FILE IN TEMPORARILY, e.g. cd /tmp)
         # cd /tmp
         (NOTE: YOU WILL NEED APPROXIMATELY 2 MB of DISK SPACE )
         # mkdir ./usr
         # mkdir ./usr/etc
         # mkdir ./usr/etc/subsets
         # setld -x /dev/nrmt0h {UDTBASE421 or ULTBASE421}
         ( LIST THE SUBSET, CREATE THE FILE UDTBASE421 or ULTBASE0421, THEN EXTRACT )
         ( THE MAIL FILE /usr/bin/mail {NOTE} THIS EXAMPLE USES THE "RISC" SUBSET )
         # ls
         # mv UDTBASE421 UDTBASE421.Z
         # zcat UDTBASE421.Z | tar xvf - ./usr/bin/mail
         ( MOVE THE ULTRIX V4.2 BINARY TO /usr/bin/mail CHANGE PROTECTION, OWNER etc.)
         # cd /usr/bin
         # mv mail mail.old
         # chmod 600 mail.old
         # mv /tmp/usr/bin/mail .
         # chown root mail
         # chgrp kmem mail
         # chmod 6755 mail
        
        - ------------------------------------------------------------------------------
        -
        (2) To update the /usr/bin/mail binary from an existing V4.2
         (similar platform (VAX or RISC)) remote node, copy the
         file to your system and store it in a temporary location
         (e.g., - /tmp/mail).
         The procedure below provides an example using DECnet. Use the
         copy command that fits your environment to copy the /usr/bin/mail
         binary from a remote node to the /tmp directory on your local
         system.
        NOTE:
        Setting the environment to single user mode will prevent possible
        disruption of the mail services.
        - ------------------------------------------------------------------------------
        -
         % dcp -iv {remote-nodename}/{username}/{password}::'/usr/bin/mail' '/tmp/mail'
         ( ISSUE THE FOLLOWING COMMANDS FROM YOUR ULTRIX Version 4.1 SYSTEM )
        ( BECOME ROOT - YOU MUST HAVE PRIVILEGES TO MAKE THIS UPDATE. )
         % su
         # cd /usr/bin
         # mv mail mail.old
         # chmod 600 mail.old
         ( MOVE THE ULTRIX V4.2 BINARY TO /usr/bin/mail CHANGE PROTECTION, OWNER etc.)
        
         # mv /tmp/mail /usr/bin/mail
         # chown root mail
         # chgrp kmem mail
         # chmod 6755 mail

- 漏洞信息

8749
Ultrix /usr/bin/mail Local Privilege Escalation
Local Access Required Input Manipulation
Loss of Integrity Workaround, Patch / RCS
Vendor Verified

- 漏洞描述

- 时间线

1991-08-24 Unknow
Unknow 1991-05-01

- 解决方案

It has been reported that this issue has been fixed. Upgrade to version 4.2, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Ultrix /usr/bin/mail Vulnerability
Unknown 27
No No
1991-08-23 12:00:00 2009-07-11 12:16:00

- 受影响的程序版本

Digital Ultrix 4.1
Digital Ultrix 4.0
Digital Ultrix 3.0
Digital Ultrix 2.2

- 漏洞讨论

A potential security vulnerability has been identified in ULTRIX Version 4.1 where, under certain circumstances, user privileges can be expanded via /usr/bin/mail. This problem applies to both the VAX and DEC RISC (i.e. DECsystem and DECstation ) architectures.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Digital has corrected the identified code as of ULTRIX Version 4.2
(released May 1991). Digital recommends strongly that you upgrade to
ULTRIX Version 4.2 immediately to avoid any potential vulnerability
to your system via this problem. For those of you who are unable to
upgrade at this time, installing the ULTRIX Version 4.2 mail file on
your V4.1 system will correct this problem.

ULTRIX Version 4.2 of /usr/bin/mail has not been shown to be
compatible with versions of ULTRIX previous to ULTRIX version 4.1;
upgrading to ULTRIX V4.2 or upgrading to ULTRIX V4.1 and using the
ULTRIX 4.2 /usr/bin/mail program is required to correct this
problem.

Use one of the procedures below to update an ULTRIX Version 4.1 system:

- Procedure (1) describes the process to extract the
/usr/bin/mail binary from the ULTRIX Version 4.2 MUP subset.

- Procedure (2) provides the commands to install the
ULTRIX Version 4.2 /usr/bin/mail binary from another of your
system(s) where possible.

- Both the VAX (DECsystem) and DEC RISC (DECstation)
versions of the ULTRIX Version 4.2 /usr/bin/mail binary,
may be obtained by contacting your Digital Services Support
Organization.


- ------------------------------------------------------------------------------
-

(1) This procedure will replace your existing /usr/bin/mail binary using
the /usr/bin/mail binary from the ULTRIX Version 4.2 MUP distribution.
The procedure below describes the method to extract the binary from
the tape media.

NOTE:

Setting the environment to single user mode will prevent possible
disruption of the mail services.
- ------------------------------------------------------------------------------
-

To update an ULTRIX Version 4.1 system, you must first obtain the
ULTRIX Version 4.2 binary of /usr/bin/mail for your computer's
architecture from your ULTRIX Version 4.2 distribution tapes.

LOAD THE ULTRIX MANDATORY UPGRADE TAPE ON YOUR ULTRIX Version 4.1 SYSTEM.

( Note: UDTBASE421 will provide the RISC base upgrade, ULTBASE421 will)
( provide the VAX base upgrade mail file. Substitute as necessary for)
( your architecture. )

( ISSUE THE FOLLOWING COMMANDS FROM YOUR ULTRIX Version 4.1 SYSTEM )

( BECOME ROOT - YOU MUST HAVE PRIVILEGES TO MAKE THIS UPDATE. )

% su

(cd TO SOME DIRECTORY THAT YOU CAN PUT THE FILE IN TEMPORARILY, e.g. cd /tmp)

# cd /tmp

(NOTE: YOU WILL NEED APPROXIMATELY 2 MB of DISK SPACE )

# mkdir ./usr
# mkdir ./usr/etc
# mkdir ./usr/etc/subsets
# setld -x /dev/nrmt0h {UDTBASE421 or ULTBASE421}


( LIST THE SUBSET, CREATE THE FILE UDTBASE421 or ULTBASE0421, THEN EXTRACT )
( THE MAIL FILE /usr/bin/mail {NOTE} THIS EXAMPLE USES THE "RISC" SUBSET )


# ls
# mv UDTBASE421 UDTBASE421.Z
# zcat UDTBASE421.Z | tar xvf - ./usr/bin/mail

( MOVE THE ULTRIX V4.2 BINARY TO /usr/bin/mail CHANGE PROTECTION, OWNER etc.)

# cd /usr/bin
# mv mail mail.old
# chmod 600 mail.old
# mv /tmp/usr/bin/mail .
# chown root mail
# chgrp kmem mail
# chmod 6755 mail

- ------------------------------------------------------------------------------
-
(2) To update the /usr/bin/mail binary from an existing V4.2
(similar platform (VAX or RISC)) remote node, copy the
file to your system and store it in a temporary location
(e.g., - /tmp/mail).
The procedure below provides an example using DECnet. Use the
copy command that fits your environment to copy the /usr/bin/mail
binary from a remote node to the /tmp directory on your local
system.

NOTE:

Setting the environment to single user mode will prevent possible
disruption of the mail services.
- ------------------------------------------------------------------------------
-

% dcp -iv {remote-nodename}/{username}/{password}::'/usr/bin/mail' '/tmp/mail'

( ISSUE THE FOLLOWING COMMANDS FROM YOUR ULTRIX Version 4.1 SYSTEM )

( BECOME ROOT - YOU MUST HAVE PRIVILEGES TO MAKE THIS UPDATE. )

% su
# cd /usr/bin
# mv mail mail.old
# chmod 600 mail.old

( MOVE THE ULTRIX V4.2 BINARY TO /usr/bin/mail CHANGE PROTECTION, OWNER etc.)

# mv /tmp/mail /usr/bin/mail
# chown root mail
# chgrp kmem mail
# chmod 6755 mail

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站