CVE-2000-0701
CVSS4.6
发布时间 :2000-10-20 00:00:00
修订时间 :2008-09-10 15:05:39
NMCOS    

[原文]The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly cleanse untrusted format strings, which allows local users to gain privileges.


[CNNVD]GNU Mailman本地格式化字符串漏洞(CNNVD-200010-055)

        mailman 2.0beta3和2.0beta4版本的wrapper程序不能正确不可信格式化字符串。本地用户可以利用该漏洞提升特权。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:gnu:mailman:2.0:beta4GNU Mailman 2.0 beta4
cpe:/o:redhat:linuxRed Hat Linux
cpe:/o:conectiva:linux:5.1Conectiva Conectiva Linux 5.1
cpe:/o:conectiva:linux:5.0Conectiva Conectiva Linux 5.0
cpe:/a:gnu:mailman:2.0:beta3GNU Mailman 2.0 beta3
cpe:/o:conectiva:linux:4.2Conectiva Conectiva Linux 4.2
cpe:/o:conectiva:linux:4.1Conectiva Conectiva Linux 4.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0701
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0701
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200010-055
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/1539
(VENDOR_ADVISORY)  BID  1539
http://www.securityfocus.com/archive/1/73220
(VENDOR_ADVISORY)  BUGTRAQ  20000801 Advisory: mailman local compromise
http://archives.neohapsis.com/archives/bugtraq/2000-07/0474.html
(VENDOR_ADVISORY)  BUGTRAQ  20000802 CONECTIVA LINUX SECURITY ANNOUNCEMENT - mailman
http://www.redhat.com/support/errata/RHSA-2000-030.html
(UNKNOWN)  REDHAT  RHSA-2000:030
http://archives.neohapsis.com/archives/bugtraq/2000-07/0479.html
(VENDOR_ADVISORY)  BUGTRAQ  20000802 MDKSA-2000:030 - Linux-Mandrake not affected by mailman problem
http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000802105050.A11733@rak.isternet.sk
(UNKNOWN)  CONFIRM  http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000802105050.A11733@rak.isternet.sk

- 漏洞信息

GNU Mailman本地格式化字符串漏洞
中危 格式化字符串
2000-10-20 00:00:00 2005-10-20 00:00:00
本地  
        mailman 2.0beta3和2.0beta4版本的wrapper程序不能正确不可信格式化字符串。本地用户可以利用该漏洞提升特权。

- 公告与补丁

        This vulnerability is fixed in version 2.0beta5 of Mailman.
        GNU Mailman 2.0 beta3
        
        GNU Mailman 2.0 beta4
        

- 漏洞信息

13256
mailman Wrapper Program Format String
Local / Remote, Context Dependent Input Manipulation
Loss of Integrity Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2000-08-01 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.0 beta5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

GNU Mailman Local Format String Vulnerability
Input Validation Error 1539
No Yes
2000-08-01 12:00:00 2009-07-11 02:56:00
This vulnerability was posted to the Bugtraq mailing list on August 2, 2000 by Stan Bubrouski <secnet@crosswinds.net>

- 受影响的程序版本

GNU Mailman 2.0 beta4
- BSDI BSD/OS 4.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- HP HP-UX 11.0
- HP HP-UX 10.20
- IBM AIX 4.3
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
+ RedHat Secure Web Server 3.2 i386
+ RedHat Secure Web Server 3.1 sparc
+ RedHat Secure Web Server 3.1 i386
+ RedHat Secure Web Server 3.1 alpha
+ RedHat Secure Web Server 3.0 i386
- SGI IRIX 6.5
- Sun Solaris 8_sparc
- Sun Solaris 7.0
GNU Mailman 2.0 beta3
- BSDI BSD/OS 4.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- HP HP-UX 11.0
- HP HP-UX 10.20
- IBM AIX 4.3
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
+ RedHat Secure Web Server 3.2 i386
+ RedHat Secure Web Server 3.1 sparc
+ RedHat Secure Web Server 3.1 i386
+ RedHat Secure Web Server 3.1 alpha
+ RedHat Secure Web Server 3.0 i386
- SGI IRIX 6.5
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Conectiva Linux 5.1
Conectiva Linux 5.0
Conectiva Linux 4.2
Conectiva Linux 4.1
S.u.S.E. Linux 7.0
Mandriva Linux Mandrake 7.1
Mandriva Linux Mandrake 6.1
Mandriva Linux Mandrake 6.0
GNU Mailman 2.0 beta5
+ RedHat Secure Web Server 3.2 i386
GNU Mailman 1.1
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
GNU Mailman 1.0
+ Debian Linux 2.1

- 不受影响的程序版本

S.u.S.E. Linux 7.0
Mandriva Linux Mandrake 7.1
Mandriva Linux Mandrake 6.1
Mandriva Linux Mandrake 6.0
GNU Mailman 2.0 beta5
+ RedHat Secure Web Server 3.2 i386
GNU Mailman 1.1
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
GNU Mailman 1.0
+ Debian Linux 2.1

- 漏洞讨论

A vulnerability exists in the GNU Mailman list package. Versions 2.0beta3 and 2.0beta4 contain a vulnerability which can yield group mailman access. By supplying a well formed string, containing format strings, it may be possible to overwrite values on the stack of the running process, and execute arbitrary commands with the privileges of the 'wrapper' program. This program is installed setgid mailman. Upon acquiring GID mailman, it may be possible for an attacker to modify other binaries, and further elevate access.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

This vulnerability is fixed in version 2.0beta5 of Mailman.


GNU Mailman 2.0 beta3

GNU Mailman 2.0 beta4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站