CVE-1999-1434
CVSS7.2
发布时间 :1998-07-13 00:00:00
修订时间 :2016-10-17 22:04:29
NMCOES    

[原文]login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from dropping privileges, causing it to assign root privileges to any local user who logs on to the server.


[CNNVD]Slackware /etc/group根访问结果遗失漏洞(CNNVD-199807-012)

        在/etc/group文件丢失时,Slackware Linux 3.2至3.5版本的登录不能正确的检测错误,该漏洞将导致该文件特权下降,导致它的根特权分配给任意登录到服务器上的本地用户。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:slackware:slackware_linux:3.3
cpe:/o:slackware:slackware_linux:3.4
cpe:/o:slackware:slackware_linux:3.2
cpe:/o:slackware:slackware_linux:3.5
cpe:/o:slackware:slackware_linux:3.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-1434
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-1434
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199807-012
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=90221104525951&w=2
(UNKNOWN)  BUGTRAQ  19980713 Slackware Shadow Insecurity
http://www.securityfocus.com/bid/155
(UNKNOWN)  BID  155

- 漏洞信息

Slackware /etc/group根访问结果遗失漏洞
高危 其他
1998-07-13 00:00:00 2005-10-20 00:00:00
远程※本地  
        在/etc/group文件丢失时,Slackware Linux 3.2至3.5版本的登录不能正确的检测错误,该漏洞将导致该文件特权下降,导致它的根特权分配给任意登录到服务器上的本地用户。

- 公告与补丁

        Upgrade to a later version of Slackware. This problem was fixed in version subsequent to 3.5.
        If source is available, checking the return value from the set_uid_gid call and exiting if it is not 0 will prevent this from being a problem, although this may be overly restrictive.

- 漏洞信息 (19122)

Slackware Linux <= 3.5 /etc/group missing results in root access Vulnerability (EDBID:19122)
linux local
1998-07-13 Verified
0 Richard Thomas
N/A [点击下载]
source: http://www.securityfocus.com/bid/155/info

Due to the way /bin/login behaves when a /etc/group file is not present under Slackware's version of the password shadowing suite, users who log in while this file is not present will be given uid and gid 0. This will allow them unrestricted access to the machine. This vulnerability is present in all versions of Slackware which have shadow passwords, up to and including 3.5

If the call to initgroups() fails in setup_uid_gid(), the function immediately returns value of -1. However, the call to setup_uid_gid() in login.c fails to check this return value. Since the uid and gid were not checked, their value is still 0, and the user will be logged in with 0 as their uid and gid.

Remove /etc/group and log in as a valid user. /etc/group must entirely not exist -- mode 000 is not sufficient.		

- 漏洞信息

13525
Slackware Linux login Missing /etc/group Local Privilege Escalation

- 漏洞描述

Unknown or Incomplete

- 时间线

1998-07-13 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Slackware /etc/group missing results in root access Vulnerability
Access Validation Error 155
Yes Yes
1998-07-13 12:00:00 2009-07-11 12:16:00
This vulnerability was found by Richard Thomas <rthomas@sy.net> and was posted to the Bugtraq mailing list on July 13, 1998.

- 受影响的程序版本

Slackware Linux 3.5
Slackware Linux 3.4
Slackware Linux 3.3
Slackware Linux 3.2
Slackware Linux 3.1

- 漏洞讨论

Due to the way /bin/login behaves when a /etc/group file is not present under Slackware's version of the password shadowing suite, users who log in while this file is not present will be given uid and gid 0. This will allow them unrestricted access to the machine. This vulnerability is present in all versions of Slackware which have shadow passwords, up to and including 3.5

If the call to initgroups() fails in setup_uid_gid(), the function immediately returns value of -1. However, the call to setup_uid_gid() in login.c fails to check this return value. Since the uid and gid were not checked, their value is still 0, and the user will be logged in with 0 as their uid and gid.

- 漏洞利用

Remove /etc/group and log in as a valid user. /etc/group must entirely not exist -- mode 000 is not sufficient.

- 解决方案

Upgrade to a later version of Slackware. This problem was fixed in version subsequent to 3.5.

If source is available, checking the return value from the set_uid_gid call and exiting if it is not 0 will prevent this from being a problem, although this may be overly restrictive.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站