CVE-2000-0354
CVSS5.0
发布时间 :2000-09-28 00:00:00
修订时间 :2008-09-10 15:04:12
NMCO    

[原文]mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory.


[CNNVD]镜像文件创建漏洞(CNNVD-200009-002)

        Linux系统中的镜像文件存在漏洞。远程攻击者利用该漏洞创建本地目标目录的上一级文件。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0354
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0354
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200009-002
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru
(UNKNOWN)  BUGTRAQ  19990928 mirror 2.9 hole
http://www.securityfocus.com/bid/681
(UNKNOWN)  BID  681
http://www.novell.com/linux/security/advisories/suse_security_announce_22.html
(UNKNOWN)  SUSE  19991001 Security hole in mirror
http://www.debian.org/security/1999/19991018
(UNKNOWN)  DEBIAN  19991018 Incorrect directory name handling in mirror

- 漏洞信息

镜像文件创建漏洞
中危 输入验证
2000-09-28 00:00:00 2005-05-02 00:00:00
远程  
        Linux系统中的镜像文件存在漏洞。远程攻击者利用该漏洞创建本地目标目录的上一级文件。

- 公告与补丁

        Apply the following patch to mirror:
        *** mirror.pl Mon Jun 8 11:55:27 1998
        --- /usr/local/mirror2.9/mirror Wed Sep 29 16:34:01 1999
        ***************
        *** 2657,2662 ****
        --- 2657,2701 ----
         $no_rename = (! $remote_has_rename) || ($remote_fs eq 'macos' && ! $get_file);
         foreach $src_path ( @xfer_src ){
        +
        + ##
        + #BEGIN jcp@EUnet.pt 1999/09/29
        + #
        + #Date: Tue, 28 Sep 1999 18:27:54 +0400
        + #From: 3APA3A
        + #To: BUGTRAQ@SECURITYFOCUS.COM
        + #Subject: mirror 2.9 hole
        + #
        + #Hello BUGTRAQ@SECURITYFOCUS.COM,
        + #
        + #mirror is a Perl script which is widely used for making copy of remote
        + #FTP site. It's included in FreeBSD packages. There are security holes,
        + #which allows overwrite local files from remote ftp site with
        + #permissions of the user who uses mirror. Then retrieving directory
        + #listing mirror doesn't check filename or directory name to contain
        + #".." or "\" This allows to create or overwrite files in directory
        + #different from destination.
        + #
        + #To simply test this bug you can create " .." directory on your ftp
        + #site and mirror your site. Mirror will create temporary files in
        + #directory one level higher then specifyed. This way you couldn't
        + #overwrite some useful information, but this may be used, for example,
        + #to fill out / directory (if mirror is ran from root).
        + #
        + #But with putting little changes into you ftpd (for example making him
        + #change '\' to '/' on listings) you can force mirror to overwrite _any_
        + #file with permissions of mirror user then he mirrors your ftp site.
        + #
        + #
        + #Tested with:
        + #$ mirror -v
        + #$Id: mirror.pl,v 2.9 1998/05/29 19:01:07 lmjm Exp lmjm $
        +
        + if( $src_path =~ /\w*\.\.\//){
        + &msg( $log, "WARNING: BAD dir detected, skipping: $src_path\n" );
        + next;
        + }
        + #END jcp@EUnet.pt
         if( $get_file ){
         $srci = $remote_map{ $src_path };
         }

- 漏洞信息

8049
mirror Remote Arbitrary File Creation
Remote / Network Access

- 漏洞描述

Unknown or Incomplete

- 时间线

1999-09-28 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站