CVE-2000-0667
CVSS3.6
发布时间 :2000-07-27 00:00:00
修订时间 :2008-09-10 15:05:33
NMCOS    

[原文]Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service.


[CNNVD]Linux gpm文件删除漏洞(CNNVD-200007-071)

        Caldera Linux中的gpm存在漏洞。本地用户利用该漏洞删除任意文件或者进行服务拒绝。

- CVSS (基础分值)

CVSS分值: 3.6 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:conectiva:linux:4.0Conectiva Conectiva Linux 4.0
cpe:/o:conectiva:linux:5.1Conectiva Conectiva Linux 5.1
cpe:/o:conectiva:linux:5.0Conectiva Conectiva Linux 5.0
cpe:/o:conectiva:linux:4.2Conectiva Conectiva Linux 4.2
cpe:/o:conectiva:linux:4.0esConectiva Conectiva Linux 4.0es
cpe:/o:conectiva:linux:4.1Conectiva Conectiva Linux 4.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0667
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0667
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200007-071
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/1512
(VENDOR_ADVISORY)  BID  1512
http://archives.neohapsis.com/archives/bugtraq/2000-07/0273.html
(VENDOR_ADVISORY)  CALDERA  CSSA-2000-024.0

- 漏洞信息

Linux gpm文件删除漏洞
低危 未知
2000-07-27 00:00:00 2005-10-20 00:00:00
本地  
        Caldera Linux中的gpm存在漏洞。本地用户利用该漏洞删除任意文件或者进行服务拒绝。

- 公告与补丁

        From the Conectiva Linux Advisory:
        SOLUTION
        All users should upgrade.
        This upgrade also requires an updated version of the PAM package,
        which is also listed below.
        DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/gpm-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/gpm-devel-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/pam-0.72-15cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/gpm-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/gpm-devel-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/pam-0.72-15cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/gpm-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/gpm-devel-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/pam-0.72-15cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/gpm-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/gpm-devel-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/pam-0.72-15cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/gpm-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/gpm-devel-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/pam-0.72-15cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/gpm-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/gpm-devel-1.19.3-1cl.i386.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/pam-0.72-15cl.i386.rpm
        DIRECT LINK TO THE SOURCE PACKAGES
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/gpm-1.19.3-1cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/pam-0.72-15cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/gpm-1.19.3-1cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/pam-0.72-15cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/gpm-1.19.3-1cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/pam-0.72-15cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/gpm-1.19.3-1cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/pam-0.72-15cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/gpm-1.19.3-1cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/pam-0.72-15cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/gpm-1.19.3-1cl.src.rpm
        ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/pam-0.72-15cl.src.rpm
        Mandrake:
        Please verify these md5 checksums of the updates prior to upgrading to
        ensure the integrity of the downloaded package. You can do this by
        running the md5sum program on the downloaded package by using
        "md5sum package.rpm".
        Linux-Mandrake 6.0:
        8c7088606cf9b840969fa7937186fab5 6.0/RPMS/gpm-1.19.2-4mdk.i586.rpm
        30c50ead5ce218d33e4f37fd6e20dc0b 6.0/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
        dfa3f0e0a000e0443eb6f9ef2c7e75d9 6.0/SRPMS/gpm-1.19.2-4mdk.src.rpm
        Linux-Mandrake 6.1:
        1af817e7dda71d8e4bfa42c70c516d8f 6.1/RPMS/gpm-1.19.2-4mdk.i586.rpm
        b5a6fd08bedb1c1e40711359bf16b44a 6.1/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
        dfa3f0e0a000e0443eb6f9ef2c7e75d9 6.1/SRPMS/gpm-1.19.2-4mdk.src.rpm
        Linux-Mandrake 7.0:
        4267f1d250bfe98a63e48c30ef472acd 7.0/RPMS/gpm-1.19.2-4mdk.i586.rpm
        14bbffe0d74d4422068fe9c67dfed9b3 7.0/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
        f44743a91edf6eaa1758500d9d4c15d0 7.0/SRPMS/gpm-1.19.2-4mdk.src.rpm
        Linux-Mandrake 7.1:
        630d939d8159f79a8eae5f9823591064 7.1/RPMS/gpm-1.19.2-4mdk.i586.rpm
        43ca39afe363d915f474041b84725a35 7.1/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
        dfa3f0e0a000e0443eb6f9ef2c7e75d9 7.1/SRPMS/gpm-1.19.2-4mdk.src.rpm
        ________________________________________________________________________
        To upgrade automatically, use < MandrakeUpdate >.
        If you want to upgrade manually, download the updated package from one
        of our FTP server mirrors and uprade with "rpm -Uvh package_name".
        You can download the updates directly from:
         ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates
         ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates
        Or try one of the other mirrors listed at:
        http://www.linux-mandrake.com/en/ftp.php3.
        Updated packages are available in the "updates/[ver]/RPMS/" directory.
        For example, if you are looking for an updated RPM package for
        Linux-Mandrake 7.1, look for it in "updates/7.1/RPMS/". Updated source
        RPMs are available as well, but you generally do not need to download
        them.
        Please be aware that sometimes it takes the mirrors a few hours to
        update, so if you want an immediate upgrade, please use one of the two
        above-listed mirrors.

- 漏洞信息

13716
Caldera Linux /dev/gpmctl STREAM Sockets Saturation DoS
Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2000-06-20 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux gpm File Removal Vulnerability
Unknown 1512
No Yes
2000-07-27 12:00:00 2009-07-11 02:56:00
This vulnerability was first reported to in a Conectiva Linux advisory on July 27, 2000.

- 受影响的程序版本

Conectiva Linux 5.1
Conectiva Linux 5.0
Conectiva Linux 4.2
Conectiva Linux 4.1
Conectiva Linux 4.0 es
Conectiva Linux 4.0

- 漏洞讨论

GPM is a mouse server for the Linux console. There is a vulnerability in the gpm package shipped with several versions of Conectiva Linux that could allow an attacker to remove arbitrary files.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

From the Conectiva Linux Advisory:

SOLUTION
All users should upgrade.
This upgrade also requires an updated version of the PAM package,
which is also listed below.

DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/pam-0.72-15cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/gpm-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/gpm-devel-1.19.3-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/pam-0.72-15cl.i386.rpm

DIRECT LINK TO THE SOURCE PACKAGES
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/pam-0.72-15cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/gpm-1.19.3-1cl.src.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/pam-0.72-15cl.src.rpm

Mandrake:
Please verify these md5 checksums of the updates prior to upgrading to
ensure the integrity of the downloaded package. You can do this by
running the md5sum program on the downloaded package by using
"md5sum package.rpm".

Linux-Mandrake 6.0:
8c7088606cf9b840969fa7937186fab5 6.0/RPMS/gpm-1.19.2-4mdk.i586.rpm
30c50ead5ce218d33e4f37fd6e20dc0b 6.0/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
dfa3f0e0a000e0443eb6f9ef2c7e75d9 6.0/SRPMS/gpm-1.19.2-4mdk.src.rpm

Linux-Mandrake 6.1:
1af817e7dda71d8e4bfa42c70c516d8f 6.1/RPMS/gpm-1.19.2-4mdk.i586.rpm
b5a6fd08bedb1c1e40711359bf16b44a 6.1/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
dfa3f0e0a000e0443eb6f9ef2c7e75d9 6.1/SRPMS/gpm-1.19.2-4mdk.src.rpm

Linux-Mandrake 7.0:
4267f1d250bfe98a63e48c30ef472acd 7.0/RPMS/gpm-1.19.2-4mdk.i586.rpm
14bbffe0d74d4422068fe9c67dfed9b3 7.0/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
f44743a91edf6eaa1758500d9d4c15d0 7.0/SRPMS/gpm-1.19.2-4mdk.src.rpm

Linux-Mandrake 7.1:
630d939d8159f79a8eae5f9823591064 7.1/RPMS/gpm-1.19.2-4mdk.i586.rpm
43ca39afe363d915f474041b84725a35 7.1/RPMS/gpm-devel-1.19.2-4mdk.i586.rpm
dfa3f0e0a000e0443eb6f9ef2c7e75d9 7.1/SRPMS/gpm-1.19.2-4mdk.src.rpm
________________________________________________________________________

To upgrade automatically, use < MandrakeUpdate >.

If you want to upgrade manually, download the updated package from one
of our FTP server mirrors and uprade with "rpm -Uvh package_name".

You can download the updates directly from:
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates
ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates

Or try one of the other mirrors listed at:

http://www.linux-mandrake.com/en/ftp.php3.

Updated packages are available in the "updates/[ver]/RPMS/" directory.
For example, if you are looking for an updated RPM package for
Linux-Mandrake 7.1, look for it in "updates/7.1/RPMS/". Updated source
RPMs are available as well, but you generally do not need to download
them.

Please be aware that sometimes it takes the mirrors a few hours to
update, so if you want an immediate upgrade, please use one of the two
above-listed mirrors.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站