CVE-2000-0845
CVSS6.4
发布时间 :2000-11-14 00:00:00
修订时间 :2008-09-05 16:22:00
NMCOS    

[原文]kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to read arbitrary files by specifying the full file name in the initialization packet.


[CNNVD]Compaq Tru64 kdebugd远程任意文件写入漏洞(CNNVD-200011-036)

        Digital Unix 4.0F版本中的kdebug守护进程存在漏洞。远程攻击者通过指明初始化数据包中的空文件名读取任意文件。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0845
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0845
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200011-036
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/bugtraq/2000-09/0204.html
(VENDOR_ADVISORY)  BUGTRAQ  20000918 [ENIGMA] Digital UNIX/Tru64 UNIX remote kdebug Vulnerability

- 漏洞信息

Compaq Tru64 kdebugd远程任意文件写入漏洞
中危 访问验证错误
2000-11-14 00:00:00 2005-10-20 00:00:00
远程  
        Digital Unix 4.0F版本中的kdebug守护进程存在漏洞。远程攻击者通过指明初始化数据包中的空文件名读取任意文件。

- 公告与补丁

        Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 漏洞信息

8764
Digital Unix kdebugd Remote Arbitrary File Access
Remote / Network Access Input Manipulation
Loss of Confidentiality Solution Unknown

- 漏洞描述

Unknown or Incomplete

- 时间线

2000-09-19 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Compaq Tru64 kdebugd Remote Arbitrary File Write Vulnerability
Access Validation Error 1693
Yes No
2000-09-19 12:00:00 2009-07-11 03:56:00
First made public in Enigma security advisory EN18090001, published on September 19, 2000.

- 受影响的程序版本

Digital (Compaq) TRU64/DIGITAL UNIX 5.0
Digital (Compaq) TRU64/DIGITAL UNIX 4.0 f
Digital (Compaq) TRU64/DIGITAL UNIX 4.0 e
Digital (Compaq) TRU64/DIGITAL UNIX 4.0 d

- 漏洞讨论

Compaq's Tru64 (formerly known as 'Digital Unix') ships with a daemon that is vulnerable to a serious remote attack. The kdebugd daemon (which is started by inetd), accepts an initiation packet when a client connects to it. This packet contains two strings, "kdebugd" and an optional filename to where the session can be logged on the server running kdebugd. The file that is specified is then written to by kdebugd with root priviliges, with most of what is written being input from the client.

This can lead to a complete remote compromise of the system if appropriate files are written to properly. An example of this is writing to /etc/hosts.equiv, where "+ +" can be appended to the file which would then allow anybody from any host to log into the target system without password authentication (using r-services). Because some extra data is written to the target "log file" (that is not directly from the client..), more "syntax dependent" attacks such as adding an entry to /etc/passwd may not be feasible. Another thing to note is that the file must already exist on the system, so an attacker can't create "/.rhosts" if it doesn't exist.

This vulnerability can also be used to read any file on the filesystem. The attacker can use this vulnerability to write to /etc/remote and enter filenames which they wish to read, such as /etc/passwd. After doing this, they can re-connect to kdebugd and request the new entry that they previously wrote to /etc/remote. This will result in kdebugd opening the file, reading it and sending its contents to the client.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站