发布时间 :2001-08-17 00:00:00
修订时间 :2008-09-10 15:09:45

[原文]fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.

[CNNVD]多个BSD FTS目录遍历竞争条件漏洞(CNNVD-200108-087)

        FreeBSD 4.3版本及之前版本,NetBSD 1.5.2之前版本,以及OpenBSD 2.9版本及之前版本的fts程序在当前目录之上的目录被移动时,可能被强迫改变(改变当前工作目录)成与预期不同的目录,该漏洞可能导致脚本对错误目录执行危险行为。

- CVSS (基础分值)

CVSS分值: 6.2 [中等(MEDIUM)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:freebsd:freebsd:4.3FreeBSD 4.3
cpe:/o:openbsd:openbsd:2.9OpenBSD 2.9
cpe:/o:netbsd:netbsd:1.5.1NetBSD 1.5.1
cpe:/o:netbsd:netbsd:1.5NetBSD 1.5

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  OPENBSD  20010530 029: SECURITY FIX: May 30, 2001
(UNKNOWN)  BID  3205
(UNKNOWN)  XF  bsd-fts-race-condition(8715)

- 漏洞信息

多个BSD FTS目录遍历竞争条件漏洞
中危 竞争条件
2001-08-17 00:00:00 2005-05-02 00:00:00
        FreeBSD 4.3版本及之前版本,NetBSD 1.5.2之前版本,以及OpenBSD 2.9版本及之前版本的fts程序在当前目录之上的目录被移动时,可能被强迫改变(改变当前工作目录)成与预期不同的目录,该漏洞可能导致脚本对错误目录执行危险行为。

- 公告与补丁

        Patches available:
        NetBSD NetBSD 1.5
        NetBSD NetBSD 1.5.1
        OpenBSD OpenBSD 2.8
        FreeBSD FreeBSD 4.3 -STABLE
        FreeBSD FreeBSD 4.3 -RELEASE

- 漏洞信息

Multiple BSD fts Routines chdir Arbitrary Directory Access
Local Access Required Race Condition
Loss of Integrity
Exploit Unknown

- 漏洞描述

Some BSD derived systems contain a flaw that may allow a malicious user to have actions performed in an unintended file system hierarchy. The issue is triggered when a directory is moved while a command is being executed. It is possible that the race condition may allow commands to run resulting in a loss of integrity.

- 时间线

2001-06-04 Unknow
Unknow Unknow

- 解决方案

Upgrade operating system to newer version, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. FreeBSD users should upgrade to 4.3-STABLE after the correction date 2001-06-01. NetBSD users should upgrade to NetBSD-1.5 branch: 2001-08-22 (1.5.2 includes the fix) or NetBSD-current after the correction date 2001-07-09. OpenBSD users should upgrade to version 2.9 or OpenBSD-current after the correction date 2001-05-30.

- 相关参考

- 漏洞作者

Unknown or Incomplete