CVE-2002-0875
CVSS2.1
发布时间 :2002-09-05 00:00:00
修订时间 :2008-09-10 15:13:05
NMCOE    

[原文]Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.


[CNNVD]SGI FAM可获取任意root属主目录文件列表漏洞(CNNVD-200209-018)

        
        fam是一款由SGI开发和维护的开放源代码文件更改监视工具,也可以使用在其他Linux和Unix操作系统下。
        fam存在设计错误,本地攻击者可以利用这个漏洞获得高权限属主目录下的敏感文件名。
        当执行FAM对某一个目录进行监视时,对于只属于组成员的用户来说,本应该只会返回Exists和EndExist事件,如:
        # ls -ld /root
        drwxr-x--- ... root root ... /root
        # fam
        % ./test -d /root
        FAMMonitorDirectory("/root")
        FAMMonitorDirectory("/root")
        DIR /root: /root Exists
        DIR /root: /root EndExist
        但是,由于设计错误,执行FAM的时候会返回如下信息:
        % ./test -d /root
        FAMMonitorDirectory("/root")
        FAMMonitorDirectory("/root")
        DIR /root: /root Exists
        DIR /root: .gnome Exists
        DIR /root: Desktop Exists
        ...
        导致泄露高权限目录中的敏感文件名。
        

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:sgi:fam:2.6.8SGI FAM 2.6.8
cpe:/o:sgi:irix:6.5.16SGI IRIX 6.5.16
cpe:/o:sgi:irix:6.5.17SGI IRIX 6.5.17
cpe:/o:sgi:irix:6.5.15SGI IRIX 6.5.15
cpe:/a:sgi:fam:2.6.6SGI FAM 2.6.6
cpe:/o:debian:debian_linux:3.0Debian Debian Linux 3.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0875
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0875
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200209-018
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2002/dsa-154
(VENDOR_ADVISORY)  DEBIAN  DSA-154
http://www.securityfocus.com/bid/5487
(UNKNOWN)  BID  5487
http://www.redhat.com/support/errata/RHSA-2005-005.html
(UNKNOWN)  REDHAT  RHSA-2005:005
http://www.iss.net/security_center/static/9880.php
(UNKNOWN)  XF  sgi-fam-insecure-permissions(9880)
ftp://patches.sgi.com/support/free/security/advisories/20000301-03-I
(UNKNOWN)  SGI  20000301-03-I
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
(UNKNOWN)  FREEBSD  FreeBSD-SN-02:05

- 漏洞信息

SGI FAM可获取任意root属主目录文件列表漏洞
低危 设计错误
2002-09-05 00:00:00 2005-05-02 00:00:00
本地  
        
        fam是一款由SGI开发和维护的开放源代码文件更改监视工具,也可以使用在其他Linux和Unix操作系统下。
        fam存在设计错误,本地攻击者可以利用这个漏洞获得高权限属主目录下的敏感文件名。
        当执行FAM对某一个目录进行监视时,对于只属于组成员的用户来说,本应该只会返回Exists和EndExist事件,如:
        # ls -ld /root
        drwxr-x--- ... root root ... /root
        # fam
        % ./test -d /root
        FAMMonitorDirectory("/root")
        FAMMonitorDirectory("/root")
        DIR /root: /root Exists
        DIR /root: /root EndExist
        但是,由于设计错误,执行FAM的时候会返回如下信息:
        % ./test -d /root
        FAMMonitorDirectory("/root")
        FAMMonitorDirectory("/root")
        DIR /root: /root Exists
        DIR /root: .gnome Exists
        DIR /root: Desktop Exists
        ...
        导致泄露高权限目录中的敏感文件名。
        

- 公告与补丁

        厂商补丁:
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-154-1)以及相应补丁:
        DSA-154-1:New fam packages fix privilege escalation
        链接:
        http://www.debian.org/security/2002/dsa-154

        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2.dsc

        Size/MD5 checksum: 582 c85dc0471332fee4a8c479a4da7f8c3c
        
        http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2.diff.gz

        Size/MD5 checksum: 7630 47737eb840520df5d7c1424866627ff7
        
        http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1.orig.tar.gz

        Size/MD5 checksum: 289005 fb1e2a2c01a2a568c2c0f67fa9b90e41
        Alpha architecture:
        
        http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_alpha.deb

        Size/MD5 checksum: 79350 3b81338188807cb5bca93b1ec6fb57cc
        
        http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_alpha.deb

        Size/MD5 checksum: 33064 60940e8809a4bb24c66a3de71acbbcab
        
        http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_alpha.deb

        Size/MD5 checksum: 36188 bfa26a28c9841cb7f27f359bc4f5db1d
        ARM architecture:
        
        http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_arm.deb

        Size/MD5 checksum: 60328 6407969c77d75c542d588ddbe0894326
        
        http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_arm.deb

        Size/MD5 checksum: 29980 1cc6627f802ab8404d48ef2e909f45c8
        
        http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_arm.deb

        Size/MD5 checksum: 27844 295f117c1f04a5026a9d1063e5d3ba30
        Intel IA-32 architecture:
        
        http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_i386.deb

        Size/MD5 checksum: 59410 ad9b2cb638c5a8c6516ca7762543c418
        
        http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_i386.deb

        Size/MD5 checksum: 29398 e38857597943d466c5e897dc780a4755
        
        http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_i386.deb

        Size/MD5 checksum: 32352 caa455f94ae2762987ae7787fc5dde46
        Intel IA-64 architecture:
        
        http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_ia64.deb

        Size/MD5 checksum: 88934 4391dd719917f6daccfa531523e50cd0
        
        http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_ia64.deb

        Size/MD5 checksum: 35612 67210b45b17bd2b8b1e3a0f8637fb0df
        
        http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_ia64.deb

        Size/MD5 checksum: 45790 a98b08fe026f84fb91f8bff9664538e0
        HP Precision architecture:
        
        http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_hppa.deb

        Size/MD5 checksum: 70668 a6471f295233dab67161c7a0dd64d33f
        
        http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_hppa.deb

        Size/MD5 checksum: 32162 382fe3ba40ded1397b710d4bf777e0d9
        
        http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_hppa.deb

        Size/MD5 checksum: 33464 057620d63f5a8d384e33bb38ba91e6e2
        Motorola 680x0 architecture:
        
        http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_m68k.deb

        Size/MD5 checksum: 57592 6b37b2878101173347e17f374e84f721
        
        http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_m68k.deb

        Size/MD5 checksum: 29124 2c1dfc0ec88e3f07fa701ca69aaa44bc
        
        http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_m68k.deb

        Size/MD5 checksum: 32912 b9936e5818e30388b16531a81ba2ff07
        Big endian MIPS architecture:
        
        http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_mips.deb

        Size/MD5 checksum: 74602 6df218b9cf0d02ac80b14e804577398a
        
        http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_mips.deb

        Size/MD5 checksum: 31370 b4de3a6b76911da3444ca6639989c38e
        
        http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_mips.deb

        Size/MD5 checksum: 31894 fd8cce0df31ed5e90c8e7414f0c0fcd9
        Little endian MIPS architecture:
        
        http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_mipsel.deb

        Size/MD5 checksum: 73924 17385ca599e2c96bf29b3ad629462d12
        
        http://security.debian.org/pool/updates/main/f/fam/libfam-dev_2.6.6.1-5.2_mipsel.deb

        Size/MD5 checksum: 31458 6ded23d5b78f63ae2464cfd2186daec0
        
        http://security.debian.org/pool/updates/main/f/fam/libfam0_2.6.6.1-5.2_mipsel.deb

        Size/MD5 checksum: 31724 c195749053e15ce4c58083e8bb19045a
        PowerPC architecture:
        
        http://security.debian.org/pool/updates/main/f/fam/fam_2.6.6.1-5.2_powerpc.deb

        Size/MD5 checksum: 58322 2d6c9f5656603d038927a58f8471fd4f
        

- 漏洞信息 (21720)

SGI IRIX 6.5.x FAM Arbitrary Root Owned Directory File Listing Vulnerability (EDBID:21720)
irix local
2002-08-16 Verified
0 Michael Wardle
N/A [点击下载]
source: http://www.securityfocus.com/bid/5487/info

fam is a freely available, open source file alteration monitor. It is maintained and distributed by SGI, and will work on the Linux and Unix operating systems.

It is possible for a user to execute fam to discover a list of monitored files. This list, while it may have been created by a user of elevated privileges, could leak information to an attacker that may be sensitive. This vulnerability requires only that the directory being 'fammed' already have had the program executed against it by a privileged user.

# ls -ld /root
drwxr-x--- ... root root ... /root
# fam

% groups | grep root

ERRONEOUS BEHAVIOR
% ./test -d /root
FAMMonitorDirectory("/root")
FAMMonitorDirectory("/root")
DIR /root: /root Exists
DIR /root: .gnome Exists
DIR /root: Desktop Exists
...

CORRECT BEHAVIOR
% ./test -d /root
FAMMonitorDirectory("/root")
FAMMonitorDirectory("/root")
DIR /root: /root Exists
DIR /root: /root EndExist
---------------------------------------- 
(% indicates a command run as an unprivileged user)		

- 漏洞信息

12739
File Alteration Monitor (fam) Monitored File List Local Disclosure
Local Access Required Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

- 时间线

2002-08-15 Unknow
2002-08-15 Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站