发布时间 :2001-08-02 00:00:00
修订时间 :2017-12-18 21:29:23

[原文]kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.

[CNNVD]KDE kfm获取额外特权漏洞(CNNVD-200108-002)

        包含在KDE 1.x版本中的kfm存在漏洞。本地攻击者借助/tmp中kfm缓冲目录的一个符号链接攻击获取额外的特权。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:suse:suse_linux:7.0SuSE SuSE Linux 7.0
cpe:/o:suse:suse_linux:7.0:alphaSuSE SuSE Linux 7.0 alpha

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20010418 Insecure directory handling in KFM file manager
(UNKNOWN)  XF  kfm-tmpfile-symlink(6428)

- 漏洞信息

KDE kfm获取额外特权漏洞
中危 未知
2001-08-02 00:00:00 2005-10-20 00:00:00
        包含在KDE 1.x版本中的kfm存在漏洞。本地攻击者借助/tmp中kfm缓冲目录的一个符号链接攻击获取额外的特权。

- 公告与补丁


- 漏洞信息 (20781)

SUSE 7.0 KFM Insecure TMP File Creation Vulnerability (EDBID:20781)
linux local
2001-04-18 Verified
0 Paul Starzetz
N/A [点击下载]

KFM is the KDE File Manager, included with version 1 of the KDE base package in most Linux installations. KFM is designed as a graphical, easily navigated interface to the Linux Filesystem.

A problem with KFM could allow the overwriting of files owned by the KFM user. KFM insecurely creates a directory to store it's cache contents. Prior to creation, the existance of this directory, which is predictable in name, is not checked. Additionally, permissions are also not checked. Files beneath the directory can be created as symbolic links, making it possible to overwrite linked files.

This vulnerability makes it possible for a local user to overwrite and corrupt files owned by the KFM user. 

root@ps:/tmp/kfm-cache-500 > ls -la
drwxrwxrwx 2 rws uboot 4096 Apr 18 21:18 .
drwxrwxrwt 15 root root 770048 Apr 18 21:16 ..
lrwxrwxrwx 1 rws uboot 18 Apr 18 21:18 index.html ->
-rw-r--r-- 1 rws uboot 0 Apr 18 21:16 index.txt

root@ps:/tmp/kfm-cache-500 > ls -la /home/paul/.bashrc
-rw-r--r-- 1 paul users 1458 Jan 23 13:56

and after running kfm as user 500:

root@ps:/tmp/kfm-cache-500 > ls -la /home/paul/.bashrc
-rw-r--r-- 1 paul users 271 Apr 18 21:19


- 漏洞信息

KDE kfm Cache Directory Symlink Arbitrary File Overwrite
Local Access Required Race Condition
Loss of Integrity Solution Unknown
Exploit Public Uncoordinated Disclosure

- 漏洞描述

- 时间线

2001-04-18 Unknow
Unknow Unknow

- 解决方案

OSVDB is not aware of a solution for this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete