CVE- ineseName" -->通用漏洞与披 inul Cb_CVE<" ineseName" -->通用漏洞与披 inul Cb_CVE<" Cb_CVE<" 通用漏洞与="db_icon_%\" style 库">CNNVD
  • CVE-2001-0235
    CVSS2.1
    发布时间 :2001-03-26 00:00:00
    修订时间 :2017-10-09 21:29:39
    NMCO    

    [原文]Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.


    [CNNVD]Crontab文件泄露漏洞(CNNVD-200103-105)

            Crontab存在漏洞。本地用户可以在运行crontab时,通过移动已编辑的临时文件读取其他用户的crontab文件。

    - CVSS (基础分值)

    CVSS分值: 2.1 [轻微(LOW)]
    机密性影响: PARTIAL [很可能造成信息泄露]
    完整性影响: NONE [不会对系统完整性产生影响]
    可用性影响: NONE [对系统可用性无影响]
    攻击复杂度: LOW [漏洞利用没有访问限制 ]
    攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
    身份认证: NONE [漏洞利用无需身份认证]

    - CPE (受影响的平台与产品)

    产品及版本信息(CPE)暂不可用

    - OVAL (用于检测的技术细节)

    未找到相关OVAL定义

    - 官方数据库链接

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0235
    (官方数据源) MITRE
    http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0235
    (官方数据源) NVD
    http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200103-105
    (官方数据源) CNNVD

    - 其它链接及资源

    ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:09.crontab.v1.1.asc
    (VENDOR_ADVISORY)  FREEBSD  FreeBSD-SA-01:09
    http://www.debian.org/security/2001/dsa-024
    (VENDOR_ADVISORY)  DEBIAN  DSA-024
    http://www.securityfocus.com/bid/2332
    (UNKNOWN)  BID  2332
    https://exchange.xforce.ibmcloud.com/vulnerabilities/6225
    (UNKNOWN)  XF  crontab-read-files(6225)

    - 漏洞信息

    Crontab文件泄露漏洞
    低危 访问验证错误
    2001-03-26 00:00:00 2005-05-02 00:00:00
    本地  
            Crontab存在漏洞。本地用户可以在运行crontab时,通过移动已编辑的临时文件读取其他用户的crontab文件。

    - 公告与补丁

    urity/2001fn ibsp;&nbarget="_blank">httm_be?="d>httm_be?="d> nbsin-)
      &nbs n id="p n id="pi1 nbsin-)
       td>urity/2001fn ibsp;&nbarget="_blank">httm_be?="d>httm_be?="d> nbsin-)
      &nbs n id="p n id="pi nbsin-)
       td>urity/2001fn ibsp;&nbarget="_blank">httm_be?="d>httm_be?="d> nbsin-)
      &nbs n id="p n id="pi3 nbsin-)
       td>urity/2001fn ibsp;&nbarget="_blank">httm_be?="d>httm_be?="d> nbsin-)
      &nbs n id="p n id="pi4 nbsin-)
       td>urity/2001fn ibsp;&nbarget="_blank">httm_be?="d>httm_be?="d> nbsin-)
      &nbs n id="p n id="pi5 nbsin-)
       td>urity/2001fn ibsp;&nbarget="_blank">httm_be?="d>httm_be?="d> nbsin-)
      &nbs n id="p n id="pi51 nbsin-)
       td>urity/2001fn ibsp;&nbarget="_blank">httm_be?="d>httm_be?="d> nbsin-)
      &nbs n id="p n id="p4.0 alph_ nbsin-)
       td>urity/2001fn ibsp;&nbarget="_blank">httm_be?="d>httm_be?="d> nbsin-)
      &nbs n id="p n id="p4.0 nbsin-)
       td>urity/2001fn ibsp;&nbarget="_blank">httm_be?="d>httm_be?="d> nbsin-)
      &nbs n id="p n id="p4.1 nbsin-)
       td>urity/2001fn ibsp;&nbarget="_blank">httm_be?="d>httm_be?="d> nbsin-)
      &nbs n id="p n id="p4.1.1 nbsin-)
       td>urity/2001fn ibsp;&nbarget="_blank">httm_be?="d>httm_be?="d> nbsin-
    来ty以在运行crontab时,通过移动已编id="cID文件读crontab旼">CCE来>来/584s"> tr td label { 584s ss"> 其他用户的crontab文件。 /label>访问验证错误 洞2001-03-26 00:00:00 > /ind文件读 L自Access R库red:2005-05-02 00:00:00 "90%" b式文件读 In; ; 其他用户的crontab文件。 td> > [漏洞> Los洞Confidel>ia di.ico" > 称:Crontab文di.ico" > a漏洞 描述> width="13%">低危 di.ico" > timSD/CERT/advisories/Fretd> timS a漏洞 )
    &abel>紧急程度:低危 timS 日期:2001-03-26 00:00:00 n1034介绍: 1-23:2005-05-02 00:00:00 "细介绍: 其他用户的crontab文件。 td> "90%" bo介绍:
    width="13%">低危 solu > bg o#FFFFFFplain" title="轻微 width="13%">低危 ="h ty以在运行crontab时,通过移动 http://web.nvd.nist.gov/viecv_cnnvdid/CNNVD-200103-105ity/show/cv_c (see度so:旼">CCEhttp:/blancfm?.nvd.nishow/cv_cnnvdid/CNNVD-200103-105> ) > idgesBugt]https://exchange.xfo6225 > idgesISS X-Foat: IDud.com/vulnerabilfloat: lss.netlfloat:lfl//css"> tr td label { idgesO(httpA://wwwspURL: (VENDOR_ADVISORY)  FREEBSD  FreeBSD-SA-01:09 ="ft 义 authorttp://cve.mitre.org/ctd> author a漏洞 者> author ty以在运行crontab时,通过移Unknown or In } lete ter"> l> ershee()Editable name=width="13%"><35.1紧急程度:低
            FreeBSD patch obtained from OpenBSD (Todd Miller )
            Debian Lin-)
            Debian Lin-)
            Debian Lin-57.2_clasid/2 nbsin-)
      &nbsrce.ibmd.com/vuid/2332h.js"d.or/updme="d tienary-clas/=tini利>57.2_clasid/2";    Debian Lin-h.js"d.or/updme="d tienary-clas/=tin    Debian Lin- nbsin-)
      &nbs n id="p n id="pi nbsin-)
       td>
    低危
      &nidth="90%" 文件读取其他用 &n1034式文件读Vendor Verified>
     &
    ="ftp://ftp.FreeBSD.org/ptd> solu > 称:Crontab文solu > a漏洞
     & to read c& to to
    CNNVD ">Products> & 洞 bg o#FFFFFFpl p://ftp.FreeBSD.org/ptd> ="http://cve.mitre.org/ctd> ="h a漏洞
    http://www.debian.org/security/2001/dsa-024
    http://www.securityfocus.com/bid/2332
    (UNKNOWN)  BI > id c
    低危
    CVE-2001-0235r">
    C(官方数据h="32Baidu Bvascr BEGIN class=dth="13%bdsharS a漏洞 iv> CVE-2001-0235="13%bdsharS_.ui.dataE-2>CVEult.s&u"135376177" unction() { $( document ).tooltip(); }"13%bdsh <_$(function() { $( document ).tooltip(); { iv> bds_config = {'bdT).t':'"static/styles/style.css" rel="stylesheent="CVE-2001-0235'};
    C低_icon_cnnvd">C duoshuoQs(); = {type=_d.ni:" dsse/cse.js?cx=' + cx; var s = docu dsElementsByTagName('script'dsEs.parentNode.in dsEe(gcse'rce.ibmd
    :00 E
    h
    htphp? type="recipt> 最新"st列表

    anceEndEd idtod.orehol急输入ali键字或"st_识"cnnvd.o23-09 21:29:按照"stati13-0707、ti130707"pm"式输入查看"st,或者输入ali键字检索。"/ avascrip= docusub_bl2 sub_bl2 nt('script'); gub_blype = 'text/jsend" (func查看/检索"

    ineseName" -->通用漏洞与披 inul
    通用漏洞与披 inp 洞 值,并不td>攷度去衡量h2>" idimg nt('script'); test_2ype = alteateEleme2 00:00:0/span>
    (="100%"> >i (="100%"> >i "st/CWE/gn="cE- />(n1"pm"册商_,它们tabl%" border="0" cE htp://www.securityf />(n1"pmize="0" /> (="100%"> >iwb:fo-avascr u"13"1418901063ton" /> red_4me2 00:00300/span>" class="db_icoo read cron库">CNNVD
  • CNNVD n>CCE. C">ht.于NVD/M="http://w inVDB>CNNVD< o:#FFFpl京ICP备14000297号-2于NVD/Mi
  • b5-05-02 00:0080> (="100%"> >iul ul_friend <> li!-- Instai_friend <> li!-- Instai_friend <> li!-- Instai_friend <> li!-- Instai_friend <>)

    li!-- Instai_friend <> li!-- Instai_friend <> li!-- Instai_friend <> li!-- Instai_friend <> li!-- Instai_friend <> li!-- Instai_friend <> li!-- Instai_friend <>htp://www.securityfVSS (埔防实验室 ss"> li!-- Instai_friend <> li!-- Instai_friend <> li!-- Instai_friend <> li!-- Instai_friend <> li!-- Instai_friend <> li!-- Instai_friend <> s.jmton//www.securityf瑞鹏天乘科技 ss"> li!-- Instai_friend <> li!-- Instai_friend <>-- /军n盟 ss"> li!-- Instai_friend <> li!-- Instai_friend <> li!-- Instai_friend <> li!-- Instai_friend <> li!-- Instai_friend <> >
    c/script库">CNNVD"ipt $( document ).tooltip(); { iv> _bdhmPript> ) ? " width:" : " with:");
    <+ "hm.baidut="_bh.js%3Fca227db14814d01f2e44fi1433e48552'ocumenByTagName('script%3E%3Cr-left-%3E")inEditable name=/scriptme=="32Piwik class="cve_id">CVE-2001-0235n e" siv> _paq LinkTrack d= s); , g=dx=' + cx; var s = d, s=dxlass="clr">