CVE-2000-0668
CVSS5.0
发布时间 :2000-07-27 00:00:00
修订时间 :2008-09-10 15:05:33
NMCOE    

[原文]pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.


[CNNVD]Linux系统pam_console PAM模块访问系统控制且重新启动系统漏洞(CNNVD-200007-072)

        Linux系统中的pam_console PAM模块存在漏洞。当陈列管理员如gdm或者kdm具有XDMCP有效时,用户利用该漏洞访问系统控制且重新启动系统。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:redhat:linux:6.2::alpha
cpe:/o:redhat:linux:6.2::sparc
cpe:/o:redhat:linux:6.1::i386
cpe:/o:redhat:linux:6.0::i386
cpe:/o:redhat:linux:6.1::alpha
cpe:/o:conectiva:linux:5.1Conectiva Conectiva Linux 5.1
cpe:/a:michael_k._johnson:pam_console:0.72_unpatched
cpe:/o:conectiva:linux:4.0Conectiva Conectiva Linux 4.0
cpe:/o:redhat:linux:6.1::sparc
cpe:/o:redhat:linux:6.0::alpha
cpe:/o:redhat:linux:6.0::sparc
cpe:/o:conectiva:linux:5.0Conectiva Conectiva Linux 5.0
cpe:/o:redhat:linux:6.2::i386
cpe:/o:conectiva:linux:4.2Conectiva Conectiva Linux 4.2
cpe:/o:conectiva:linux:4.0esConectiva Conectiva Linux 4.0es
cpe:/a:michael_k._johnson:pam_console:0.66
cpe:/o:conectiva:linux:4.1Conectiva Conectiva Linux 4.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0668
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0668
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200007-072
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/static/5001.php
(VENDOR_ADVISORY)  XF  linux-pam-console
http://www.securityfocus.com/bid/1513
(VENDOR_ADVISORY)  BID  1513
http://www.redhat.com/support/errata/RHSA-2000-044.html
(UNKNOWN)  REDHAT  RHSA-2000:044
http://archives.neohapsis.com/archives/bugtraq/2000-07/0455.html
(UNKNOWN)  BUGTRAQ  20000801 MDKSA-2000:029 pam update
http://archives.neohapsis.com/archives/bugtraq/2000-07/0398.html
(UNKNOWN)  BUGTRAQ  20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM

- 漏洞信息

Linux系统pam_console PAM模块访问系统控制且重新启动系统漏洞
中危 未知
2000-07-27 00:00:00 2005-05-02 00:00:00
远程  
        Linux系统中的pam_console PAM模块存在漏洞。当陈列管理员如gdm或者kdm具有XDMCP有效时,用户利用该漏洞访问系统控制且重新启动系统。

- 公告与补丁

        

- 漏洞信息 (20105)

Conectiva 4.x/5.x,RedHat 6.x pam_console Remote User Vulnerability (EDBID:20105)
linux remote
2000-07-27 Verified
0 bkw1a
N/A [点击下载]
source: http://www.securityfocus.com/bid/1513/info

There is a vulnerability in the Linux pam_console module that could allow an attacker to remotely reboot the workstation or perform other actions limited to local users.
If a workstation is configured to use a display manager (xdm, gdm, kdm, etc.) AND has XDMCP enabled, it is possible for a user who logs in remotely to use Xnest -query to log in on display :1, which is recognized as the system console. This vulnerability is only present if the workstation is running a graphical login manager such as gdm or kdm. 


This description of how to replicate the problem was posted to RedHat's Bugzilla bug-tracking system by bkw1a@virginia.edu:
1. ssh into the server, allowing ssh to establish a secure forwarded X connection. If no one else is using display number 0, you'll end up with a DISPLAY value of "host:0.0".
2. Invoke "Xnest -query localhost" on the remote machine.
3. Log in, starting a Gnome session.
4. From the Gnome panel, select "logout". You'll be presented with the option of shutting down or rebooting the server.

Another description, this one from Andreas Hasenack <andreas@conectiva.com.br>:
1. login remotely (X -broadcast) (have gdm, kdm, whatever running with XDMCP enabled somewhere)
2. after login, start Xnest with -broadcast again, for example
3. login again, now you will be using display :1
4. this is treated as a console user, and commands only available to console users can be run, such as reboot. 		

- 漏洞信息

1478
Linux pam_console XDMCP Remote Reboot
Remote / Network Access Denial of Service
Loss of Availability Third-Party Solution
Exploit Public Third-party Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2000-07-27 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站