CVE-2001-1180
CVSS7.2
发布时间 :2001-07-10 00:00:00
修订时间 :2008-09-05 16:25:53
NMCO    

[原文]FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.


[CNNVD]FreeBSD权限漏洞(CNNVD-200107-063)

        FreeBSD 4.3版本当执行过程的时候不能正确清除共享的信号处理器,本地用户可以通过调用具有共享信号处理器的rfork,通过执行setuid程序的子进程,以及通过向子进程中发送信号来提升权限。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:freebsd:freebsd:4.2FreeBSD 4.2
cpe:/o:freebsd:freebsd:4.3FreeBSD 4.3
cpe:/o:freebsd:freebsd:4.0FreeBSD 4.0
cpe:/o:freebsd:freebsd:4.1FreeBSD 4.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1180
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1180
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200107-063
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/943633
(VENDOR_ADVISORY)  CERT-VN  VU#943633
http://www.securityfocus.com/bid/3007
(VENDOR_ADVISORY)  BID  3007
http://archives.neohapsis.com/archives/bugtraq/2001-07/0179.html
(VENDOR_ADVISORY)  BUGTRAQ  20010710 FreeBSD 4.3 local root, yet Linux and *BSD much better than Windows
http://xforce.iss.net/static/6829.php
(VENDOR_ADVISORY)  XF  bsd-rfork-signal-handlers(6829)
http://www.osvdb.org/1897
(UNKNOWN)  OSVDB  1897
http://ciac.llnl.gov/ciac/bulletins/l-111.shtml
(UNKNOWN)  CIAC  L-111
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:42.signal.v1.1.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-01:42

- 漏洞信息

FreeBSD权限漏洞
高危 未知
2001-07-10 00:00:00 2005-05-02 00:00:00
本地  
        FreeBSD 4.3版本当执行过程的时候不能正确清除共享的信号处理器,本地用户可以通过调用具有共享信号处理器的rfork,通过执行setuid程序的子进程,以及通过向子进程中发送信号来提升权限。

- 公告与补丁

        

- 漏洞信息

1897
FreeBSD exec() Inherited Signal Handler
Local Access Required Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user calls exec() and rfork(RFPROC|RFSIGSHARE) fails to prevent signal handlers from being shared in other processes. This flaw may lead to a loss of integrity.

- 时间线

2001-07-10 Unknow
2001-07-10 Unknow

- 解决方案

Upgrade to version 4.3-STABLE after the correction date, as it has been reported to fix this vulnerability. Also, FreeBSD has released a patch.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站