CVE-2001-1256
CVSS1.2
发布时间 :2001-06-11 00:00:00
修订时间 :2009-03-04 00:10:08
NMCOS    

[原文]kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create arbitrary world-writeable files via a symlink attack on the (1) /tmp/.kmmodreg_lock and (2) /tmp/kmpath.tmp temporary files.


[CNNVD]HPUX 11.0 kmmodreg 本地符号链接漏洞(CNNVD-200106-058)

        CVE(CAN) ID: CAN-2001-1256
        
        
        
        HPUX 11.0 所带的kmmodreg程序存在一个符号链接攻击漏洞。
        
        
        
        kmmodreg在执行时会在/tmp下创建两个文件:
        
        /tmp/.kmmodreg_lock 和 /tmp/kmpath.tmp
        
        
        
        创建时没有检查这两个文件是否存在以及是不是符号链接。攻击者可以事先在/tmp
        
        目录下创建两个符号链接,指向系统文件,当kmmodreg运行时,就会创建或改变系统文件
        
        以及属性(666).
        
        
        
        攻击者可以利用这个漏洞获取本地root权限。
        
        
        
        

- CVSS (基础分值)

CVSS分值: 1.2 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:hp:hp-ux:11.04HP HP-UX 11.04
cpe:/o:hp:hp-ux:11.00HP-UX 11.00
cpe:/o:hp:hp-ux:11.11HP-UX 11.11

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:5628HP-UX kmmodreg (1M), Local Denial of Service (DoS), Increased Privilege
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1256
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1256
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200106-058
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/TJSL-4Z5Q92
(UNKNOWN)  CONFIRM  http://www.kb.cert.org/vuls/id/TJSL-4Z5Q92
http://www.kb.cert.org/vuls/id/127435
(UNKNOWN)  CERT-VN  VU#127435
http://ciac.llnl.gov/ciac/bulletins/l-093.shtml
(VENDOR_ADVISORY)  CIAC  L-093
http://xforce.iss.net/static/6656.php
(UNKNOWN)  XF  hpux-kmmodreg-symlink(6656)
http://www.securityfocus.com/bid/2821
(UNKNOWN)  BID  2821
http://www.securityfocus.com/archive/1/188568
(VENDOR_ADVISORY)  BUGTRAQ  20010604 yet another sym link followers
http://online.securityfocus.com/advisories/3354
(VENDOR_ADVISORY)  HP  HPSBUX0106-153

- 漏洞信息

HPUX 11.0 kmmodreg 本地符号链接漏洞
低危 其他
2001-06-11 00:00:00 2009-03-04 00:00:00
本地  
        CVE(CAN) ID: CAN-2001-1256
        
        
        
        HPUX 11.0 所带的kmmodreg程序存在一个符号链接攻击漏洞。
        
        
        
        kmmodreg在执行时会在/tmp下创建两个文件:
        
        /tmp/.kmmodreg_lock 和 /tmp/kmpath.tmp
        
        
        
        创建时没有检查这两个文件是否存在以及是不是符号链接。攻击者可以事先在/tmp
        
        目录下创建两个符号链接,指向系统文件,当kmmodreg运行时,就会创建或改变系统文件
        
        以及属性(666).
        
        
        
        攻击者可以利用这个漏洞获取本地root权限。
        
        
        
        

- 公告与补丁

        
        
        HP已经为此提供了一个补丁程序,补丁号为:PHCO_24112
        
        
        
        您可以在HP支持中心下载相应补丁:
        
        
        http://us-support2.external.hp.com/common/bin/doc.pl

        
        
        

- 漏洞信息

9625
HP-UX kmmodreg .kmmodreg_lock Symlink Privilege Escalation
Local Access Required Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-06-04 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

HP-UX kmmodreg Symbolic Link Vulnerability
Origin Validation Error 2821
No Yes
2001-06-04 12:00:00 2009-07-11 06:06:00
This vulnerability was posted to BugTraq by Graf Potozky <potozky@hushmail.com> on June 4th, 2001.

- 受影响的程序版本

HP HP-UX (VVOS) 11.0.4
HP HP-UX 11.11
HP HP-UX 11.0

- 漏洞讨论

HP-UX is a variant of the UNIX Operating System distributed and maintained by Hewlett Packard. HP-UX is designed for use on systems from small, single-processor servers to enterprise, multiprocessor servers.

A problem with the kmmodreg program used in HP-UX makes it possible for a local user to potentially gain elevated privileges, or deny service to the system. kmmodreg creates symbolic links insecurely, making it possible to overwrite files as root when the system is rebooted.

Therefore, it's possible for a local user to launch a symbolic link attack, potentially denying service to legitimate users, or gaining elevated privileges at the next system reboot.

- 漏洞利用

There is no exploit required.

- 解决方案

The vendor has been notified and has supplied a patch to remedy this issue.


HP HP-UX 11.0

HP HP-UX (VVOS) 11.0.4

HP HP-UX 11.11

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站