发布时间 :2000-02-01 00:00:00
修订时间 :2008-09-10 15:02:55

[原文]Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.

[CNNVD]Debian GNU/Linux 2.1 apcd符号链接漏洞(CNNVD-200002-001)

        Linux apcd程序存在漏洞。本地攻击者可以借助符号链接攻击修改任意文件。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  DEBIAN  20000201

- 漏洞信息

Debian GNU/Linux 2.1 apcd符号链接漏洞
高危 竞争条件
2000-02-01 00:00:00 2005-05-02 00:00:00
        Linux apcd程序存在漏洞。本地攻击者可以借助符号链接攻击修改任意文件。

- 公告与补丁

        If there is no apc attached to the machine, this daemon can safely be stopped, and removed from startup scripts.
        The vendor has made patches available for this problem
         MD5 checksum: 418d34e54e080c2129b8a686e8423d6d
         MD5 checksum: f9be18f528e8a067696673337e1198ca
         MD5 checksum: 4a714a8de33cc482b678c0d21b26d76e
        Alpha architecture:
         MD5 checksum: 00210d5c30732f2bbaf68291f2d7e8d8
        Intel ia32 architecture:
         MD5 checksum: cff51852635922507c37f96df99d8e76
        Motorola 680x0 architecture:
         MD5 checksum: 827079cf5f0819653635873ded1f4a75
        Sun Sparc architecture:
         MD5 checksum: d56b7b9ea14c4af81856dd3e1b480e92
        These files will be moved into*/binary-$arch/ soon.

- 漏洞信息 (19735)

Debian Linux 2.1 apcd Symlink Vulnerability (EDBID:19735)
linux local
2000-02-01 Verified
0 Anonymous
N/A [点击下载]

A vulnerability exists in the apcd package, as shipped in Debian GNU/Linux 2.1. By sending the apcd process a SIGUSR1, a file will be created in /tmp called upsstat. This file contains information about the status of the APC device. This file is not opened securely, however, and it is possible for an attacker to create a symlink with this name to another place on the file system. This could, in turn, lead to a compromise of the root account.

apcd is used to monitor information from APC uninterruptable power supplies. The ups will inform the apcd that power has been removed, and the apcd will shut down the machine. 

ln -sf /tmp/upsstat /.rhosts
(wait for SIGUSR1 to be sent)
echo + + >> /.rhosts
rsh localhost -l root 		

- 漏洞信息

Linux Kernel apcd SIGUSR1 Handling Symlink Arbitrary File Overwrite
Local Access Required Race Condition
Loss of Integrity Patch / RCS
Exploit Public Third-party Verified

- 漏洞描述

- 时间线

2000-02-01 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Debian has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete