CVE-2001-1272
CVSS4.6
发布时间 :2001-12-06 00:00:00
修订时间 :2008-09-05 16:26:07
NMCOS    

[原文]wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option.


[CNNVD]wmtv 本地root权限漏洞(CNNVD-200112-049)

        CVE(CAN) ID: CAN-2001-1272
        
        
        
        wmtv是一款针对windowmaker的Linux视频电视播放器。
        
        
        
        该程序存在一个安全问题,可能导致本地用户以root权限执行任意代码。
        
        
        
        当双击视频电视窗口时,该程序允许你运行一个外部命令,该命令由"-e"参数指定,
        
        由于wmtv是suid程序,因此本地用户可能以root权限执行任意代码。
        
        
        
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1272
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1272
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200112-049
(官方数据源) CNNVD

- 其它链接及资源

http://www.iss.net/security_center/static/7669.php
(VENDOR_ADVISORY)  XF  wmtv-execute-commands(7669)
http://www.securityfocus.com/bid/3658
(VENDOR_ADVISORY)  BID  3658
http://www.debian.org/security/2001/dsa-092
(VENDOR_ADVISORY)  DEBIAN  DSA-092

- 漏洞信息

wmtv 本地root权限漏洞
中危 配置错误
2001-12-06 00:00:00 2005-10-20 00:00:00
本地  
        CVE(CAN) ID: CAN-2001-1272
        
        
        
        wmtv是一款针对windowmaker的Linux视频电视播放器。
        
        
        
        该程序存在一个安全问题,可能导致本地用户以root权限执行任意代码。
        
        
        
        当双击视频电视窗口时,该程序允许你运行一个外部命令,该命令由"-e"参数指定,
        
        由于wmtv是suid程序,因此本地用户可能以root权限执行任意代码。
        
        
        
        

- 公告与补丁

        临时解决方法:
        
        
        
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        
        
        
        * 暂时去掉wmtv程序的suid属性
        
         #chmod a-s `which wmtv`
        
        
        
        厂商补丁:
        
        
        
        Debian已经发布了安全公告(DSA-092-1)和相应补丁程序:
        
        
        
        Debian Linux:
        
        
        http://www.debian.org/security/2001/dsa-092

        
        
        
        Source archives:
        
        
        
        
        2potato1.diff.gz>
        http://security.debian.org/dists/stable/updates/main/source/wmtv_0.6.5-
        
        2potato1.diff.gz

        
         MD5 checksum: 71436864099e31a54191828eba1a5af1
        
        
        
        
        2potato1.dsc>
        http://security.debian.org/dists/stable/updates/main/source/wmtv_0.6.5-
        
        2potato1.dsc

        
         MD5 checksum: fcfed7fae275bcd74f135db0fb315e27
        
        
        
        
        orig.tar.gz>
        http://security.debian.org/dists/stable/updates/main/source/wmtv_0.6.5.
        
        orig.tar.gz

        
         MD5 checksum: 2ee18b3f1261137e8772d4f6a9dd0031
        
        
        
        Alpha architecture:
        
        
        
        
        0.6.5-2potato1_alpha.deb>
        http://security.debian.org/dists/stable/updates/main/binary-alpha/wmtv_
        
        0.6.5-2potato1_alpha.deb

        
         MD5 checksum: da07aa390b028396000c8c8ebf180c44
        
        
        
        ARM architecture:
        
        
        
        
        6.5-2potato1_arm.deb>
        http://security.debian.org/dists/stable/updates/main/binary-arm/wmtv_0.
        
        6.5-2potato1_arm.deb

        
         MD5 checksum: b0ee729c7de7dfb2b3e1c4c7a8f37e69
        
        
        
        Intel IA-32 architecture:
        
        
        
        
        .6.5-2potato1_i386.deb>
        http://security.debian.org/dists/stable/updates/main/binary-i386/wmtv_0
        
        .6.5-2potato1_i386.deb

        
         MD5 checksum: fd3ce69d983ae4b316114628c7c5fc74
        
        
        
        Motorola 680x0 architecture:
        
        
        
        
        .6.5-2potato1_m68k.deb>
        http://security.debian.org/dists/stable/updates/main/binary-m68k/wmtv_0
        
        .6.5-2potato1_m68k.deb

        
         MD5 checksum: 774a7f254a1a1f27cd7a03f66ac11308
        
        
        
        PowerPC architecture:
        
        
        
        
        v_0.6.5-2potato1_powerpc.deb>
        http://security.debian.org/dists/stable/updates/main/binary-powerpc/wmt
        
        v_0.6.5-2potato1_powerpc.deb

        
         MD5 checksum: 3b98c87d44c9570e4001ceec82d832be
        
        
        
        Sun Sparc architecture:
        
        
        
        
        0.6.5-2potato1_sparc.deb>
        http://security.debian.org/dists/stable/updates/main/binary-sparc/wmtv_
        
        0.6.5-2potato1_sparc.deb

        
         MD5 checksum: 7ecfd9e694e3b22b101c52c7f8c4f627
        
        
        

- 漏洞信息

12327
wmtv -e Parameter Arbitrary Privileged Command Execution

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-12-06 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

wmtv local root Vulnerability
Configuration Error 3658
No Yes
2001-12-06 12:00:00 2009-07-11 09:06:00
Debian's security advisory credits Nicolas Boullis with discovery.

- 受影响的程序版本

wliang wmtv 0.6.5
- Debian Linux 2.2

- 漏洞讨论

wmtv, a video4linux TV player for windowmaker, is installed setuid root. This program can run an external command when you double click on the TV window, with the command specified by the -e command line option. Since the program is suid root this command is run with root privileges, allowing for extremely trivial exploit.

Debian GNU/Linux 2.2 systems which have wmtv installed are vulnerable to this, other distributionts may suffer from it as well.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站