CVE-2001-0131
CVSS1.2
发布时间 :2001-03-12 00:00:00
修订时间 :2016-10-17 22:09:48
NMCOS    

[原文]htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack.


[CNNVD]Apache漏洞(CNNVD-200103-014)

        Apache 2.0a9,1.3.14,和其他版本的htpasswd和htdigest存在漏洞。本地用户借助符号链接攻击改写任意文件。

- CVSS (基础分值)

CVSS分值: 1.2 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:redhat:linux:7.0Red Hat Linux 7.0
cpe:/a:immunix:immunix:7.0_beta
cpe:/a:apache:http_serverApache Software Foundation Apache HTTP Server

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0131
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0131
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200103-014
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=97916374410647&w=2
(UNKNOWN)  BUGTRAQ  20010110 Immunix OS Security update for lots of temp file problems
http://www.debian.org/security/2001/dsa-021
(VENDOR_ADVISORY)  DEBIAN  DSA-021
http://www.securityfocus.com/bid/2182
(VENDOR_ADVISORY)  BID  2182
http://xforce.iss.net/static/5926.php
(UNKNOWN)  XF  linux-apache-symlink(5926)

- 漏洞信息

Apache漏洞
低危 竞争条件
2001-03-12 00:00:00 2006-09-15 00:00:00
本地  
        Apache 2.0a9,1.3.14,和其他版本的htpasswd和htdigest存在漏洞。本地用户借助符号链接攻击改写任意文件。

- 公告与补丁

        Upgrades available:
        Apache Software Foundation Apache 1.3.9
        
        Wirex Immunix OS 7.0 -Beta
        

- 漏洞信息

9696
Apache HTTP Server htpasswd Local Symlink Arbitrary File Overwrite
Local Access Required Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-01-10 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Apache /tmp File Race Vulnerability
Race Condition Error 2182
No Yes
2001-01-10 12:00:00 2009-07-11 04:46:00
This vulnerability was announced by Greg KH <greg@wirex.com> on January 10, 2001 via Bugtraq.

- 受影响的程序版本

Wirex Immunix OS 7.0 -Beta
RedHat Linux 7.0
Apache Software Foundation Apache 2.0 a9
Apache Software Foundation Apache 2.0
Apache Software Foundation Apache 1.3.14
+ EnGarde Secure Linux 1.0.1
- MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ SGI IRIX 6.5.11
+ SGI IRIX 6.5.10
+ SGI IRIX 6.5.9
+ SGI IRIX 6.5.8
+ SGI IRIX 6.5.7
+ SGI IRIX 6.5.6
+ SGI IRIX 6.5.5
+ SGI IRIX 6.5.4
+ SGI IRIX 6.5.3
+ SGI IRIX 6.5.2
+ SGI IRIX 6.5.1
+ SGI IRIX 6.5
Apache Software Foundation Apache 1.3.12
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ OpenBSD OpenBSD 2.8
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0
+ Sun Cobalt ManageRaQ v2 3599BD
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ4 3001R
Apache Software Foundation Apache 1.3.11
Apache Software Foundation Apache 1.3.9
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ NetScreen NetScreen-Global PRO Express Policy Manager Server
+ NetScreen NetScreen-Global PRO Policy Manager Server
+ Sun Solaris 8_x86
+ Sun Solaris 8_sparc
+ Sun SunOS 5.8 _x86
+ Sun SunOS 5.8

- 漏洞讨论

Apache web server is a popular http daemon, distributed with many variants of the UNIX Operating System and maintained by the Apache Project. Immunix is a hardened Linux distribution maintained by the Immunix team at the WireX Corporation.

A problem has been discovered in the Apache httpd distributed with the Immunix Linux distribution, a distribution based off the RedHat Linux distribution. Apache programs htdigest and htpasswd are used to offer advanced features to users of the web server. However, these two helper programs insecurely create files in the /tmp directory, which could allow for /tmp file guessing. This makes it possible for a user with malicious motives to symlink attack files writable by the UID of the Apache process.

- 漏洞利用

There is no exploit required.

- 解决方案

Upgrades available:


Apache Software Foundation Apache 1.3.9

Wirex Immunix OS 7.0 -Beta

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站