CVE-1999-1432
CVSS7.5
发布时间 :1998-07-16 00:00:00
修订时间 :2016-10-17 22:04:26
NMCOE    

[原文]Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.


[CNNVD]Solaris power management 漏洞(CNNVD-199807-018)

        Solaris 2.4到2.6版本的电源管理直到系统暂停结束才启动xlock进程,在系统恢复后的短期内,具有物理访问权限的攻击者利用该漏洞从键盘输入字符到最后一个活动的应用程序,这可能获取更多的特权。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:sun:solaris:2.5
cpe:/o:sun:solaris:2.5.1
cpe:/o:sun:solaris:2.6::x86
cpe:/o:sun:solaris:2.5::x86
cpe:/o:sun:solaris:2.4
cpe:/o:sun:solaris:2.4::x86
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:2.5.1::x86
cpe:/o:sun:solaris:2.5.1::ppc

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1432
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1432
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199807-018
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=90221104525997&w=2
(UNKNOWN)  BUGTRAQ  19980716 Security risk with powermanagemnet on Solaris 2.6
http://www.securityfocus.com/bid/160
(UNKNOWN)  BID  160

- 漏洞信息

Solaris power management 漏洞
高危 其他
1998-07-16 00:00:00 2005-05-02 00:00:00
远程※本地  
        Solaris 2.4到2.6版本的电源管理直到系统暂停结束才启动xlock进程,在系统恢复后的短期内,具有物理访问权限的攻击者利用该漏洞从键盘输入字符到最后一个活动的应用程序,这可能获取更多的特权。

- 公告与补丁

        Patches are available to all Sun customers at
        http://sunsolve.sun.com
        Disabling sys-suspend, or running xlock prior to suspend will also eliminate this vulnerability.

- 漏洞信息 (19126)

Sun Solaris <= 2.6 power management Vulnerability (EDBID:19126)
solaris local
1998-07-16 Verified
0 Ralf Lehmann
N/A [点击下载]
source: http://www.securityfocus.com/bid/160/info

A vulnerability exists in Sun's power management software under Solaris versions 2.4-2.6 (although only 2.6 as part of the main distribution). The sys-suspend program is initiated when a user runs the program, or presses the power key on a sun keyboard. This program moves the contents of memory to the disk, and powers down the system. As part of this shutdown procedure, it runs xlock to prevent a user from resuming the machine and accessing the logged in account.

The vulnerability that exists is due to the order in which sys-suspend performs its operations. As xlock is run by this program, it executes after the suspension begins. Upon a resume, there is a window of time during which any data typed at the keyboard is passed to whatever X application last had focus. If this was an xterm, arbitrary commands can be issued. In the even the user who was logged in was root, system security can be entirely subverted.

1: press the power key on Sun keyboard, and suspend the machine. 2: Upon pressing the power button again, the machine will indicate it is resuming, and the screen will go blank. Any data typed between this notification and the resumption of the machine (and xlock) will be passed to the application which last had focus.		

- 漏洞信息

921
Solaris Powermanagement xlock Privilege Escalation
Physical Access Required Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

1998-07-16 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站