发布时间 :2002-05-29 00:00:00
修订时间 :2008-09-10 20:00:38

[原文]nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file.

[CNNVD]SGI Irix nsd符号链接攻击漏洞(CNNVD-200205-063)

        SGI IRIX 6.5.11之前版本的nsd存在漏洞。本地用户可以借助nsd.dump文件上的符号链接攻击覆盖任意文件并且获取根权限。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:sgi:irix:6.5.8SGI IRIX 6.5.8
cpe:/o:sgi:irix:6.5.5SGI IRIX 6.5.5
cpe:/o:sgi:irix:6.5.4SGI IRIX 6.5.4
cpe:/o:sgi:irix:6.5.10SGI IRIX 6.5.10
cpe:/o:sgi:irix:6.5.6SGI IRIX 6.5.6
cpe:/o:sgi:irix:6.5.3SGI IRIX 6.5.3
cpe:/o:sgi:irix:6.5.1SGI IRIX 6.5.1
cpe:/o:sgi:irix:6.5.9SGI IRIX 6.5.9
cpe:/o:sgi:irix:6.5.2SGI IRIX 6.5.2
cpe:/o:sgi:irix:6.5SGI IRIX 6.5
cpe:/o:sgi:irix:6.5.7SGI IRIX 6.5.7

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  SGI  20020501-01-I
(UNKNOWN)  BID  4655
(UNKNOWN)  XF  irix-nsd-symlink(8981)

- 漏洞信息

SGI Irix nsd符号链接攻击漏洞
高危 访问验证错误
2002-05-29 00:00:00 2005-05-02 00:00:00
        SGI IRIX 6.5.11之前版本的nsd存在漏洞。本地用户可以借助nsd.dump文件上的符号链接攻击覆盖任意文件并且获取根权限。

- 公告与补丁

        SGI has stated that patches will not be made available for this vulnerability. It is recommended that administrators upgrade to versions 6.5.11 or greater.

- 漏洞信息

IRIX nsd Symlink Overwrite Arbitrary File
Local Access Required Race Condition
Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

Irix contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The nsd utility does not properly check the permissions and ownership of its dump file (/var/tmp/nsd.dump) prior to writing to it. If an attacker creates a symlink to an arbitrary file before nsd writes to the dump file, they can send a USR1 signal to the nsd process and force the dump to occur, overwriting the arbitrary file. This flaw may lead to a loss of integrity and/or availability.

- 时间线

2002-05-01 Unknow
2002-05-01 Unknow

- 解决方案

Upgrade to Irix version 6.5.11 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete