CVE-2001-0529漏洞详情 - SCAP中文社区

CVE-2001-0529

CVSS

7.2

发布时间 :2001-08-14 00:00:00

修订时间 :2008-09-05 16:24:19

NMCO

[原文]OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.

[CNNVD]OpenSSH删除任意文件名'cookies'漏洞(CNNVD-200108-047)

OpenSSH 2.9及其早期版本存在漏洞。当X转送启用时，本地攻击者借助一个符号链接攻击删除任意文件名'cookies'。

NVD
CNNVD
OSVDB

- CVSS (基础分值)

CVSS分值:	7.2	[严重(HIGH)]
机密性影响:	COMPLETE	[完全的信息泄露导致所有系统文件暴露]
完整性影响:	COMPLETE	[系统完整性可被完全破坏]
可用性影响:	COMPLETE	[可能导致系统完全宕机]
攻击复杂度:	LOW	[漏洞利用没有访问限制 ]
攻击向量:	LOCAL	[漏洞利用需要具有物理访问权限或本地帐户]
身份认证:	NONE	[漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0529 (官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0529 (官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200108-047 (官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/655259
(UNKNOWN) CERT-VN VU#655259

http://www.securityfocus.com/bid/2825
(VENDOR_ADVISORY) BID 2825

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc
(VENDOR_ADVISORY) NETBSD NetBSD-SA2001-010

http://www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt
(VENDOR_ADVISORY) CALDERA CSSA-2001-023.0

http://archives.neohapsis.com/archives/bugtraq/2001-06/0007.html
(VENDOR_ADVISORY) BUGTRAQ 20010604 Re: SSH allows deletion of other users files...

http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html
(VENDOR_ADVISORY) BUGTRAQ 20010604 SSH allows deletion of other users files...

http://xforce.iss.net/static/6676.php
(UNKNOWN) XF openssh-symlink-file-deletion(6676)

http://www.osvdb.org/1853
(UNKNOWN) OSVDB 1853

http://www.openbsd.org/errata29.html
(UNKNOWN) OPENBSD 20010612

http://online.securityfocus.com/archive/1/188737
(UNKNOWN) BUGTRAQ 20010605 OpenSSH_2.5.2p2 RH7.0 <- version info

http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01
(UNKNOWN) IMMUNIX IMNX-2001-70-034-01

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431
(UNKNOWN) CONECTIVA CLA-2001:431

- 漏洞信息

漏洞名称:OpenSSH删除任意文件名'cookies'漏洞
紧急程度:高危	漏洞类型:未知
发布日期:2001-08-14 00:00:00	更新日期:2006-03-28 00:00:00
攻击路径:本地
详细介绍:
OpenSSH 2.9及其早期版本存在漏洞。当X转送启用时，本地攻击者借助一个符号链接攻击删除任意文件名'cookies'。

- 公告与补丁

- 漏洞信息

OSVDBID: 1853
漏洞名称:OpenSSH Symbolic Link 'cookies' File Removal
漏洞位置: Local Access Required	利用方式: Race Condition
漏洞影响:Loss of Availability	解决方式:
漏洞利用:Exploit Public	公开方式:

- 漏洞描述

OpenSSH versions 2.9 and earlier contains a flaw that, with X forwarding enabled, may allow a malicious local user to delete any file named 'cookies' via a symlink attack. The issue is triggered when X forwarding is enabled and the user is able to delete their cookies file and make a symlink linking the cookies file of another user to their temp directory. It is possible that the flaw may allow the users to delete the cookies files of others when logging out, resulting in a loss of availability of that file.

- 时间线

公开日期: 2001-06-04	发现日期: Unknow
利用日期:2001-06-04	解决日期:Unknow

- 解决方案

Upgrade to version 2.9.9 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch, or by turning off X11 forwarding.

- 相关参考

CVE ID: 2001-0529 (see also: NVD)
Bugtraq ID: 2825
CERT VU: 655259
ISS X-Force ID: 6676
Vendor Specific Advisory URL: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2001-023.0.txt http://www.linuxsecurity.com/advisories/other_advisory-1654.html
http://www.linuxsecurity.com/advisories/other_advisory-1666.html
http://www.openbsd.org/errata29.html
Vendor Specific Solution URL: ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/006_sshcookie.patch
Generic Exploit URL: http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-06/0011.html
Generic Informational URL: http://mail-index.netbsd.org/netbsd-announce/2001/07/24/0001.html
Vendor URL: http://www.openssh.org/security.html

- 漏洞作者

CVE数据库

检索CVE

关于CVE

CVE资源

Wise Words

人生的价值，并不是用时间，而是用深度去衡量的。

-- 列夫·托尔斯泰

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息，请查阅[关于本站]。

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标，它们的官方数据源均保存在MITRE公司的相关网站。

CVE 通用漏洞与披露Common Vulnerabilities and Exposures

- CVSS (基础分值)

- CPE (受影响的平台与产品)

- OVAL (用于检测的技术细节)

- 官方数据库链接

- 其它链接及资源

- 漏洞信息

- 公告与补丁

- 漏洞信息

- 漏洞描述

- 时间线

- 解决方案

- 相关参考

- 漏洞作者

CVE数据库

检索CVE

关于CVE

CVE资源

Wise Words

关于SCAP中文社区

版权声明