CVE-2001-1409
CVSS3.6
发布时间 :2003-07-24 00:00:00
修订时间 :2010-05-25 00:10:35
NMCOS    

[原文]dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system.


[CNNVD]XFree86 Dexconf Dev/Dri目录权限不安全漏洞(CNNVD-200307-038)

        
        XFree86是一款流行的X服务器。
        XFree86包含的dexconf工具不正确设置目录权限,本地攻击者可以利用这个漏洞删除或者修改目录中搜集的数据。
        dexconf工具在设置/dev/dri目录时以666权限建立,因此任意攻击者可以修改和删除此目录下的文件和数据,或者使用恶意程序代替正常文件,可能导致权限提升。
        

- CVSS (基础分值)

CVSS分值: 3.6 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1409
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-1409
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200307-038
(官方数据源) CNNVD

- 其它链接及资源

http://www.redhat.com/support/errata/RHSA-2003-067.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2003:067
http://groups.google.com/groups?selm=20010829121505.A16004%40compusol.com.au
(VENDOR_ADVISORY)  CONFIRM  http://groups.google.com/groups?selm=20010829121505.A16004%40compusol.com.au
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1017429.1-1
(UNKNOWN)  SUNALERT  1017429
http://sunsolve.sun.com/search/document.do?assetkey=1-66-228529-1
(UNKNOWN)  SUNALERT  228529

- 漏洞信息

XFree86 Dexconf Dev/Dri目录权限不安全漏洞
低危 配置错误
2003-07-24 00:00:00 2010-01-28 00:00:00
本地  
        
        XFree86是一款流行的X服务器。
        XFree86包含的dexconf工具不正确设置目录权限,本地攻击者可以利用这个漏洞删除或者修改目录中搜集的数据。
        dexconf工具在设置/dev/dri目录时以666权限建立,因此任意攻击者可以修改和删除此目录下的文件和数据,或者使用恶意程序代替正常文件,可能导致权限提升。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * Brendan O'Dea <bod@debian.org>提供如下未测试的补丁:
        --- xc/programs/Xserver/hw/xfree86/os-support/linux/drm/xf86drm.c.orig Fri May 18 20:26:45 2001
        +++ xc/programs/Xserver/hw/xfree86/os-support/linux/drm/xf86drm.c Mon Aug 27 00:08:14 2001
        @@ -174,7 +174,6 @@
        stat_t st;
        char buf[64];
        int fd;
        - mode_t dirmode = DRM_DEV_DIRMODE;
        mode_t devmode = DRM_DEV_MODE;
        int isroot = !geteuid();
        #if defined(XFree86Server)
        @@ -184,23 +183,17 @@
        #if defined(XFree86Server)
        devmode = xf86ConfigDRI.mode ? xf86ConfigDRI.mode : DRM_DEV_MODE;
        - dirmode = (devmode & S_IRUSR) ? S_IXUSR : 0;
        - dirmode |= (devmode & S_IRGRP) ? S_IXGRP : 0;
        - dirmode |= (devmode & S_IROTH) ? S_IXOTH : 0;
        - dirmode |= devmode;
        devmode &= ~(S_IXUSR|S_IXGRP|S_IXOTH);
        group = (xf86ConfigDRI.group >= 0) ? xf86ConfigDRI.group : DRM_DEV_GID;
        #endif
        - if (stat(DRM_DIR_NAME, &st)) {
        + if (stat(DRM_DIR_NAME, &st) || !S_ISDIR(st.st_mode)) {
        if (!isroot) return DRM_ERR_NOT_ROOT;
        remove(DRM_DIR_NAME);
        - mkdir(DRM_DIR_NAME, dirmode);
        + mkdir(DRM_DIR_NAME, 0755);
        + chown(DRM_DIR_NAME, 0, 0); /* root:root */
        + chmod(DRM_DIR_NAME, 0755);
        }
        -#if defined(XFree86Server)
        - chown(DRM_DIR_NAME, user, group);
        - chmod(DRM_DIR_NAME, dirmode);
        -#endif
        sprintf(buf, DRM_DEV_NAME, DRM_DIR_NAME, minor);
        if (stat(buf, &st) || st.st_rdev != dev) {
        厂商补丁:
        RedHat
        ------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        RedHat XFree86-100dpi-fonts-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-100dpi-fonts-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-100dpi-fonts-4.2.1-20.i386.rpm
        RedHat XFree86-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-4.2.1-20.i386.rpm
        RedHat XFree86-75dpi-fonts-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-75dpi-fonts-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-75dpi-fonts-4.2.1-20.i386.rpm
        RedHat XFree86-ISO8859-15-100dpi-fonts-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-ISO8859-15-100dpi-fonts-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-15-100dpi-fonts-4.2.1-20.i386.rpm
        RedHat XFree86-ISO8859-15-75dpi-fonts-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-ISO8859-15-75dpi-fonts-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-15-75dpi-fonts-4.2.1-20.i386.rpm
        RedHat XFree86-ISO8859-2-100dpi-fonts-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-ISO8859-2-100dpi-fonts-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-2-100dpi-fonts-4.2.1-20.i386.rpm
        RedHat XFree86-ISO8859-2-75dpi-fonts-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-ISO8859-2-75dpi-fonts-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-2-75dpi-fonts-4.2.1-20.i386.rpm
        RedHat XFree86-ISO8859-9-100dpi-fonts-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-ISO8859-9-100dpi-fonts-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-9-100dpi-fonts-4.2.1-20.i386.rpm
        RedHat XFree86-ISO8859-9-75dpi-fonts-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-ISO8859-9-75dpi-fonts-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-ISO8859-9-75dpi-fonts-4.2.1-20.i386.rpm
        RedHat XFree86-Mesa-libGL-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-Mesa-libGL-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Mesa-libGL-4.2.1-20.i386.rpm
        RedHat XFree86-Mesa-libGLU-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-Mesa-libGLU-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Mesa-libGLU-4.2.1-20.i386.rpm
        RedHat XFree86-Xnest-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-Xnest-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Xnest-4.2.1-20.i386.rpm
        RedHat XFree86-Xvfb-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-Xvfb-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-Xvfb-4.2.1-20.i386.rpm
        RedHat XFree86-base-fonts-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-base-fonts-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-base-fonts-4.2.1-20.i386.rpm
        RedHat XFree86-cyrillic-fonts-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-cyrillic-fonts-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-cyrillic-fonts-4.2.1-20.i386.rpm
        RedHat XFree86-devel-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-devel-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-devel-4.2.1-20.i386.rpm
        RedHat XFree86-doc-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-doc-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-doc-4.2.1-20.i386.rpm
        RedHat XFree86-font-utils-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-font-utils-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-font-utils-4.2.1-20.i386.rpm
        RedHat XFree86-libs-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-libs-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-libs-4.2.1-20.i386.rpm
        RedHat XFree86-tools-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-tools-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-tools-4.2.1-20.i386.rpm
        RedHat XFree86-truetype-fonts-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-truetype-fonts-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-truetype-fonts-4.2.1-20.i386.rpm
        RedHat XFree86-twm-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-twm-4.2.1-20.i386.rpm
        ftp://updates.redhat.com/8.0/en/os/i386/XFree86-twm-4.2.1-20.i386.rpm
        RedHat XFree86-xauth-4.2.0-72.i386.rpm :
        RedHat Upgrade XFree86-xauth-4.2.1-20.i386.rpm
        

- 漏洞信息

11886
XFree86 Xserver dexconf /dev/dri Weak Permission Privilege Escalation

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-08-28 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

XFree86 Dexconf Dev/Dri Directory Insecure Permissions Vulnerability
Configuration Error 8032
No Yes
2001-08-28 12:00:00 2009-07-11 10:56:00
Discovery of this vulnerability has been credited to Brendan O'Dea <bod@debian.org>.

- 受影响的程序版本

XFree86 X11R6 4.1 .0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 7.0
Sun Linux 5.0.6
RedHat XFree86-Xvfb-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-Xnest-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-xfs-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-xdm-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-xauth-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-twm-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-truetype-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-tools-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-Mesa-libGLU-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-Mesa-libGL-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-libs-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-ISO8859-9-75dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-ISO8859-9-100dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-ISO8859-2-75dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-ISO8859-2-100dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-ISO8859-15-75dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-ISO8859-15-100dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-font-utils-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-doc-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-devel-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-cyrillic-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-base-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-75dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386
RedHat XFree86-100dpi-fonts-4.2.0-72.i386.rpm
+ RedHat Linux 8.0 i386

- 漏洞讨论

dexconf has been reported prone to an insecure directory permission vulnerability.

It has been reported that the dexconf utility sets the /dev/dri directory with world writeable permissions; this may provide a local attacker with a window of opportunity to alter or delete collected data from the affected directory. The attacker may also place arbitrary files in the directory.

- 漏洞利用

There is no exploit required.

- 解决方案

Red Hat has released an advisory (RHSA-2003:064-01) to address this issue. Details on obtaining and applying fixes are contained in the referenced advisory.

Red Hat has released a revised advisory (RHSA-2003:067-02) to address this issue. Fixes from the previous advisory (RHSA-2003:067-01) are functional but contain debugging info. The revised advisory includes new fixes that do not contain debugging info. Details on obtaining and applying fixes are contained in the revised advisory.

Sun Linux updates are available.


RedHat XFree86-ISO8859-9-75dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-xdm-4.2.0-72.i386.rpm

RedHat XFree86-xfs-4.2.0-72.i386.rpm

RedHat XFree86-base-fonts-4.2.0-72.i386.rpm

RedHat XFree86-Xnest-4.2.0-72.i386.rpm

RedHat XFree86-cyrillic-fonts-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-15-75dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-libs-4.2.0-72.i386.rpm

RedHat XFree86-tools-4.2.0-72.i386.rpm

RedHat XFree86-devel-4.2.0-72.i386.rpm

RedHat XFree86-Xvfb-4.2.0-72.i386.rpm

RedHat XFree86-truetype-fonts-4.2.0-72.i386.rpm

RedHat XFree86-75dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-9-100dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-Mesa-libGLU-4.2.0-72.i386.rpm

RedHat XFree86-100dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-xauth-4.2.0-72.i386.rpm

RedHat XFree86-twm-4.2.0-72.i386.rpm

RedHat XFree86-Mesa-libGL-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-2-100dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-15-100dpi-fonts-4.2.0-72.i386.rpm

RedHat XFree86-doc-4.2.0-72.i386.rpm

RedHat XFree86-font-utils-4.2.0-72.i386.rpm

RedHat XFree86-ISO8859-2-75dpi-fonts-4.2.0-72.i386.rpm

Sun Linux 5.0.6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站