CVE-2001-0556
CVSS7.2
发布时间 :2001-08-22 00:00:00
修订时间 :2008-09-10 15:08:24
NMCOS    

[原文]The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file or portions of a file.


[CNNVD]NEdit 临时文件符号链接漏洞(CNNVD-200108-112)

        CVE(CAN) ID: CAN-2001-0556
        
        
        
        NEdit 是 Nirvana editor 的缩写,一种自由发放的文本编辑器,很多Unix系统携带
        
        它。NEdit提供了一个图形化前端,功能类似微软平台和苹果机上的文本编辑器。
        
        
        
        当用户使用NEdit时,会在当前目录下创建使用两个临时文件,一个是~filename,一
        
        个是filename.bck。如果当前目录是全局可写的,恶意的本地用户可以提前建立两个
        
        符号链接,使用NEdit的用户可能破坏任意自己有权写入的文件。
        
        
        
        <* 来源:Jarno Huuskonen (Jarno.Huuskonen@uku.fi) *>
        
        
        
        

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0556
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0556
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200108-112
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/2667
(VENDOR_ADVISORY)  BID  2667
http://www.redhat.com/support/errata/RHSA-2001-061.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2001:061
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-042.php3
(VENDOR_ADVISORY)  MANDRAKE  MDKSA-2001:042
http://www.debian.org/security/2001/dsa-053
(VENDOR_ADVISORY)  DEBIAN  DSA-053
http://www.securityfocus.com/archive/1/180237
(UNKNOWN)  BUGTRAQ  20010428 More nedit problems ? (was Re: PROGENY-SA-2001-10...)
http://www.novell.com/linux/security/advisories/2001_014_nedit.html
(UNKNOWN)  SUSE  SuSE-SA:2001:14
http://www.nedit.org/archives/develop/2001-Feb/0391.html
(UNKNOWN)  CONFIRM  http://www.nedit.org/archives/develop/2001-Feb/0391.html

- 漏洞信息

NEdit 临时文件符号链接漏洞
高危 访问验证错误
2001-08-22 00:00:00 2005-10-20 00:00:00
本地  
        CVE(CAN) ID: CAN-2001-0556
        
        
        
        NEdit 是 Nirvana editor 的缩写,一种自由发放的文本编辑器,很多Unix系统携带
        
        它。NEdit提供了一个图形化前端,功能类似微软平台和苹果机上的文本编辑器。
        
        
        
        当用户使用NEdit时,会在当前目录下创建使用两个临时文件,一个是~filename,一
        
        个是filename.bck。如果当前目录是全局可写的,恶意的本地用户可以提前建立两个
        
        符号链接,使用NEdit的用户可能破坏任意自己有权写入的文件。
        
        
        
        <* 来源:Jarno Huuskonen (Jarno.Huuskonen@uku.fi) *>
        
        
        
        

- 公告与补丁

        
        
         暂无

- 漏洞信息

14295
Nirvana Editor (NEdit) /tmp Files Symlink Arbitrary File Overwrite
Local Access Required Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-04-27 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

NEdit Incremental Backup File Symbolic Link Vulnerability
Access Validation Error 2667
No Yes
2001-04-28 12:00:00 2009-07-11 06:06:00
This vulnerability was announced to Bugtraq by Jarno Huuskonen <Jarno.Huuskonen@uku.fi> on April 28, 2001, and was originally discovered by Eddy De Greef <degreef@imec.be>.

- 受影响的程序版本

NEdit NEdit 5.1.1
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Progeny Debian 1.0
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
+ S.u.S.E. Linux 6.3 alpha
+ S.u.S.E. Linux 6.3
+ SGI IRIX 6.5.13
+ SGI IRIX 6.5.12
+ SGI IRIX 6.5.11
+ SGI IRIX 6.5.10
+ SGI IRIX 6.5.9
+ SGI IRIX 6.5.8
+ SGI IRIX 6.5.7
+ SGI IRIX 6.5.6
+ SGI IRIX 6.5.5
+ SGI IRIX 6.5.4
+ SGI IRIX 6.5.3
+ SGI IRIX 6.5.2
+ SGI IRIX 6.5.1
+ SGI IRIX 6.5

- 漏洞讨论

NEdit is the Nirvana editor, a freely availabe text editor included with various implementations of the UNIX Operating system. It provides a graphic front end, and features designed to emulate the functions of text editors for Microsoft Windows and Macintosh Operating Systems.

A problem with the software could allow local users to corrupt files owned by other users. If a user of the editor is editing a file in a world writable directory, it is possible to create a symbolic link using the name of the file prefixed with a tilde (~) to a file writable by the nedit user. At each incremental backup of the file being edited, the editor overwrites the file linked to ~filename. This problem also affects files created with the .bck extension by the editor.

This problem makes it possible for a local user to corrupt and destroy files owned by other users.

- 漏洞利用

See discussion.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


NEdit NEdit 5.1.1

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站