CVE-2001-0890
CVSS2.1
发布时间 :2001-12-11 00:00:00
修订时间 :2008-09-10 15:09:09
NMCOS    

[原文]Certain backend drivers in the SANE library 1.0.3 and earlier, as used in frontend software such as XSane, allows local users to modify files via a symlink attack on temporary files.


[CNNVD]SANE不安全临时文件创建漏洞(CNNVD-200112-089)

        SANE library 1.0.3及其更早版本的某个后端驱动在前端软件如XSane使用时存在漏洞。本地用户可以借助临时文件上的符号链接攻击修改文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:sane:sane:1.0.6
cpe:/a:sane:sane:1.0.5
cpe:/a:sane:sane:1.0.2
cpe:/a:sane:sane:1.0.3
cpe:/a:sane:sane:1.0.1
cpe:/a:sane:sane:1.0.4
cpe:/a:sane:sane:1.0.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0890
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0890
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200112-089
(官方数据源) CNNVD

- 其它链接及资源

http://www.iss.net/security_center/static/7714.php
(VENDOR_ADVISORY)  XF  xsane-temp-symlink(7714)
http://rhn.redhat.com/errata/RHSA-2001-171.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2001:171
http://www.securityfocus.com/bid/3987
(UNKNOWN)  BID  3987

- 漏洞信息

SANE不安全临时文件创建漏洞
低危 设计错误
2001-12-11 00:00:00 2005-10-20 00:00:00
本地  
        SANE library 1.0.3及其更早版本的某个后端驱动在前端软件如XSane使用时存在漏洞。本地用户可以借助临时文件上的符号链接攻击修改文件。

- 公告与补丁

        This issue has been addressed in SANE 1.0.7-beta1 and later. Additional upgrades are also available.
        Conectiva Linux has released an advisory (CLA-2003:769) to address this issue. Please see the referenced advisory for more information.
        SANE SANE 1.0 .0
        
        SANE SANE 1.0.1
        
        SANE SANE 1.0.2
        
        SANE SANE 1.0.3
        
        SANE SANE 1.0.4
        
        SANE SANE 1.0.5
        

- 漏洞信息

13983
SANE Library Backend Driver Symlink Arbitrary File Modification
Local Access Required Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-12-17 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

SANE Insecure Temporary File Creation Vulnerability
Design Error 3987
No Yes
2001-12-11 12:00:00 2009-07-11 09:56:00
This vulnerability was first publicized in the changelog for SANE version 1.0.7-beta1.

- 受影响的程序版本

SANE SANE 1.0.6
SANE SANE 1.0.5
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3
SANE SANE 1.0.4
SANE SANE 1.0.3
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
SANE SANE 1.0.2
SANE SANE 1.0.1
SANE SANE 1.0 .0
SANE SANE 1.0.7 -beta2
SANE SANE 1.0.7 -beta1

- 不受影响的程序版本

SANE SANE 1.0.7 -beta2
SANE SANE 1.0.7 -beta1

- 漏洞讨论

SANE (Scanner Access Now Easy) is a scanner application programming interface. It will run on most Unix and Linux variants and is often front-ended by xSANE graphical user interface.

SANE creates temporary files in the /tmp directory which have predictable file names. As a result, it is possible for a local user to create a symbolic link to any file that is write-accessible by the user executing SANE, and overwrite the contents of the file.

The impact is that a local attacker may overwrite files, possibly resulting in a loss of critical data, a denial of service or escalation of privileges.

- 漏洞利用

No exploit is required for this vulnerability.

- 解决方案

This issue has been addressed in SANE 1.0.7-beta1 and later. Additional upgrades are also available.

Conectiva Linux has released an advisory (CLA-2003:769) to address this issue. Please see the referenced advisory for more information.


SANE SANE 1.0 .0

SANE SANE 1.0.1

SANE SANE 1.0.2

SANE SANE 1.0.3

SANE SANE 1.0.4

SANE SANE 1.0.5

SANE SANE 1.0.6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站