CVE-2001-0424
CVSS7.2
发布时间 :2001-07-02 00:00:00
修订时间 :2016-10-17 22:11:09
NMCOS    

[原文]BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.


[CNNVD]FreeBSD BubbleMon特权提升漏洞(CNNVD-200107-014)

        BubbleMon 1.31版本在执行程序之前不能正确终止组特权。本地用户执行带kmem组id的任意命令。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:timecop:bubblemon:1.0pl1
cpe:/a:timecop:bubblemon:1.0pl2
cpe:/a:timecop:bubblemon:1.1test3
cpe:/a:timecop:bubblemon:1.2
cpe:/a:timecop:bubblemon:1.0pl6
cpe:/a:timecop:bubblemon:1.0pl3
cpe:/a:timecop:bubblemon:1.1test4
cpe:/a:timecop:bubblemon:1.1test2
cpe:/a:timecop:bubblemon:1.1test5
cpe:/a:timecop:bubblemon:1.1test1
cpe:/a:timecop:bubblemon:1.31
cpe:/a:timecop:bubblemon:1.3
cpe:/a:timecop:bubblemon:1.21test1
cpe:/a:timecop:bubblemon:1.1
cpe:/a:timecop:bubblemon:1.0
cpe:/a:timecop:bubblemon:1.1test7
cpe:/a:timecop:bubblemon:1.1test6
cpe:/a:timecop:bubblemon:1.21
cpe:/a:timecop:bubblemon:1.23
cpe:/o:freebsd:freebsd:6.2:stable
cpe:/a:timecop:bubblemon:1.0pl4
cpe:/a:timecop:bubblemon:1.0pl9
cpe:/a:timecop:bubblemon:1.2test1
cpe:/a:timecop:bubblemon:1.0pl7
cpe:/a:timecop:bubblemon:1.22
cpe:/a:timecop:bubblemon:1.0pl8

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0424
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0424
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200107-014
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=98744422105430&w=2
(UNKNOWN)  BUGTRAQ  20010415 BubbleMon 1.31
http://www.securityfocus.com/bid/2609
(VENDOR_ADVISORY)  BID  2609

- 漏洞信息

FreeBSD BubbleMon特权提升漏洞
高危 访问验证错误
2001-07-02 00:00:00 2005-10-20 00:00:00
本地  
        BubbleMon 1.31版本在执行程序之前不能正确终止组特权。本地用户执行带kmem组id的任意命令。

- 公告与补丁

        This issue has been remedied in the current version of BubbleMon.
        Timecop BubbleMon 1.0 pl4
        
        Timecop BubbleMon 1.0 pl2
        
        Timecop BubbleMon 1.0
        
        Timecop BubbleMon 1.0 pl6
        
        Timecop BubbleMon 1.0 pl7
        
        Timecop BubbleMon 1.0 pl8
        
        Timecop BubbleMon 1.0 pl3
        
        Timecop BubbleMon 1.0 pl9
        
        Timecop BubbleMon 1.0 pl1
        
        Timecop BubbleMon 1.1 test7
        
        Timecop BubbleMon 1.1 test2
        
        Timecop BubbleMon 1.1 test3
        
        Timecop BubbleMon 1.1
        
        Timecop BubbleMon 1.1 test1
        
        Timecop BubbleMon 1.1 test4
        
        Timecop BubbleMon 1.1 test6
        
        Timecop BubbleMon 1.1 test5
        
        Timecop BubbleMon 1.2
        
        Timecop BubbleMon 1.2 test1
        
        Timecop BubbleMon 1.21
        
        Timecop BubbleMon 1.21 test1
        
        Timecop BubbleMon 1.22
        
        Timecop BubbleMon 1.23
        
        Timecop BubbleMon 1.3
        
        Timecop BubbleMon 1.31
        

- 漏洞信息

12208
BubbleMon kmem Privilege Local Escalation

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-04-16 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

FreeBSD BubbleMon Privilege Elevation Vulnerability
Access Validation Error 2609
No Yes
2001-04-16 12:00:00 2009-07-11 06:06:00
Reported to Bugtraq by Christer <dim@imthere.com> on Mon, 16 Apr, 2001.

- 受影响的程序版本

Timecop BubbleMon 1.31
Timecop BubbleMon 1.23
Timecop BubbleMon 1.22
Timecop BubbleMon 1.21 test1
Timecop BubbleMon 1.21
Timecop BubbleMon 1.3
Timecop BubbleMon 1.2 test1
Timecop BubbleMon 1.2
Timecop BubbleMon 1.1 test7
Timecop BubbleMon 1.1 test6
Timecop BubbleMon 1.1 test5
Timecop BubbleMon 1.1 test4
Timecop BubbleMon 1.1 test3
Timecop BubbleMon 1.1 test2
Timecop BubbleMon 1.1 test1
Timecop BubbleMon 1.1
Timecop BubbleMon 1.0 pl9
Timecop BubbleMon 1.0 pl8
Timecop BubbleMon 1.0 pl7
Timecop BubbleMon 1.0 pl6
Timecop BubbleMon 1.0 pl4
Timecop BubbleMon 1.0 pl3
Timecop BubbleMon 1.0 pl2
Timecop BubbleMon 1.0 pl1
Timecop BubbleMon 1.0
Timecop BubbleMon 1.32

- 不受影响的程序版本

Timecop BubbleMon 1.32

- 漏洞讨论

BubbleMon is a visual system monitor utility.

A feature of BubbleMon allows users to specify up to two programs or shell-scripts, with arguments, which will be executed on a lef- or middle-mouse click within the BubbleMon icon.

FreeBSD releases of BubbleMon, prior to the current version (1.32), willl execute these supplied commands with inappropriately high privilege. By creating a malicious script, then specifying its path to BubbleMon, an attacker can execute arbitrary commands with the privilege level of kmem.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

This issue has been remedied in the current version of BubbleMon.


Timecop BubbleMon 1.0 pl4

Timecop BubbleMon 1.0 pl2

Timecop BubbleMon 1.0

Timecop BubbleMon 1.0 pl6

Timecop BubbleMon 1.0 pl7

Timecop BubbleMon 1.0 pl8

Timecop BubbleMon 1.0 pl3

Timecop BubbleMon 1.0 pl9

Timecop BubbleMon 1.0 pl1

Timecop BubbleMon 1.1 test7

Timecop BubbleMon 1.1 test2

Timecop BubbleMon 1.1 test3

Timecop BubbleMon 1.1

Timecop BubbleMon 1.1 test1

Timecop BubbleMon 1.1 test4

Timecop BubbleMon 1.1 test6

Timecop BubbleMon 1.1 test5

Timecop BubbleMon 1.2

Timecop BubbleMon 1.2 test1

Timecop BubbleMon 1.21

Timecop BubbleMon 1.21 test1

Timecop BubbleMon 1.22

Timecop BubbleMon 1.23

Timecop BubbleMon 1.3

Timecop BubbleMon 1.31

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站