CVE-2002-1119
CVSS4.6
发布时间 :2002-10-04 00:00:00
修订时间 :2016-10-17 22:23:50
NMCOS    

[原文]os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.


[CNNVD]Python os.py可预测临时文件名本地命令执行漏洞(CNNVD-200210-213)

        
        Python是一种优秀的编程语言。
        Python中的os.py模块os._execvpe函数存在问题,本地攻击者可以利用这个漏洞执行任意代码。
        Python中的os.py模块os._execvpe函数在产生临时文件时,使用可预测临时文件名,而且没有对临时文件是否存在进行判断,本地攻击者可以利用这个漏洞以Python进程的权限在系统上执行任意代码。
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1119
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1119
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-213
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-045.0.txt
(UNKNOWN)  CALDERA  CSSA-2002-045.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000527
(UNKNOWN)  CONECTIVA  CLA-2002:527
http://mail.python.org/pipermail/python-dev/2002-August/027229.html
(UNKNOWN)  MISC  http://mail.python.org/pipermail/python-dev/2002-August/027229.html
http://marc.info/?l=bugtraq&m=104333092200589&w=2
(UNKNOWN)  BUGTRAQ  20030123 [OpenPKG-SA-2003.006] OpenPKG Security Advisory (python)
http://www.debian.org/security/2002/dsa-159
(VENDOR_ADVISORY)  DEBIAN  DSA-159
http://www.iss.net/security_center/static/10009.php
(VENDOR_ADVISORY)  XF  python-execvpe-tmpfile-symlink(10009)
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-082.php
(UNKNOWN)  MANDRAKE  MDKSA-2002:082
http://www.redhat.com/support/errata/RHSA-2002-202.html
(UNKNOWN)  REDHAT  RHSA-2002:202
http://www.redhat.com/support/errata/RHSA-2003-048.html
(UNKNOWN)  REDHAT  RHSA-2003:048
http://www.securityfocus.com/bid/5581
(VENDOR_ADVISORY)  BID  5581

- 漏洞信息

Python os.py可预测临时文件名本地命令执行漏洞
中危 设计错误
2002-10-04 00:00:00 2005-05-13 00:00:00
本地  
        
        Python是一种优秀的编程语言。
        Python中的os.py模块os._execvpe函数存在问题,本地攻击者可以利用这个漏洞执行任意代码。
        Python中的os.py模块os._execvpe函数在产生临时文件时,使用可预测临时文件名,而且没有对临时文件是否存在进行判断,本地攻击者可以利用这个漏洞以Python进程的权限在系统上执行任意代码。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 暂时去掉Python脚本的执行属性,尽快打上补丁。
        厂商补丁:
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-159)以及相应补丁:
        DSA-159:New Python packages fix insecure temporary file use
        链接:
        http://www.debian.org/security/2002/dsa-159

        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/main/p/python/python_1.5.2-10potato12.dsc

        Size/MD5 checksum: 814 d4368a244ae130c0a879dc583d74ebb6
        
        http://security.debian.org/pool/updates/main/p/python/python_1.5.2-10potato12.diff.gz

        Size/MD5 checksum: 85380 cef4ee264c041385d26a6e7a914f66cf
        
        http://security.debian.org/pool/updates/main/p/python/python_1.5.2.orig.tar.gz

        Size/MD5 checksum: 2533053 e9d677ae6d5a3efc6937627ed8a3e752
        Alpha architecture:
        
        http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_alpha.deb

        Size/MD5 checksum: 928612 9cbc6a1fc341c7f5668da7f14ddfd336
        ARM architecture:
        
        http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_arm.deb

        Size/MD5 checksum: 848442 778e22c98169028d94ba9fe3634dd113
        Intel IA-32 architecture:
        
        http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_i386.deb

        Size/MD5 checksum: 825052 a2b34f89248287e5f61e1a9ae051b6ae
        Motorola 680x0 architecture:
        
        http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_m68k.deb

        Size/MD5 checksum: 837528 550655222273b7ed3b5f19ced5bb35cc
        PowerPC architecture:
        
        http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_powerpc.deb

        Size/MD5 checksum: 872370 6e45dfbc1694e89f4707e1803f65943a
        Sun Sparc architecture:
        
        http://security.debian.org/pool/updates/main/p/python/python-base_1.5.2-10potato12_sparc.deb

        Size/MD5 checksum: 854034 3ef80fbe6213c198d713046a4405cdff
        Debian GNU/Linux 3.0 alias woody
        - --------------------------------
        Source archives:
        
        http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1.dsc

        Size/MD5 checksum: 916 59cda94465a7108d34294050e141b0ba
        
        http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1.diff.gz

        Size/MD5 checksum: 147550 0246bc4b24874e3c0f8b6c6af47b262d
        
        http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2.orig.tar.gz

        Size/MD5 checksum: 2533570 d9ade0d7613466e0353561d277ff02fe
        
        http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1.dsc

        Size/MD5 checksum: 1283 2193a191f73cac617edc851ce1dc0874
        
        http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1.diff.gz

        Size/MD5 checksum: 70192 eacc3d64dd0717ecf47fb2793a6b94c2
        
        http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3.orig.tar.gz

        Size/MD5 checksum: 6194246 1ae739aa5824de263923df3516eeaf80
        
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1.dsc

        Size/MD5 checksum: 1150 029ee1aa079f8884283d57d765889d37
        
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1.diff.gz

        Size/MD5 checksum: 91682 de92eb806eea24f0a00289a9179cce7a
        
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1.orig.tar.gz

        Size/MD5 checksum: 6536167 88aa07574673ccfaf35904253c78fc7d
        Alpha architecture:
        
        http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_alpha.deb

        Size/MD5 checksum: 993386 157f481ea4625e923668cf5bba1c7fe6
        
        http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_alpha.deb

        Size/MD5 checksum: 1804142 e02a244d71cfbe2f17c6bdf615c0d75e
        
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_alpha.deb

        Size/MD5 checksum: 2139238 ee19156d488c1362a0035b005b2479f0
        ARM architecture:
        
        http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_arm.deb

        Size/MD5 checksum: 893284 b0f4521515c2fe08bddacea2ca58a6f1
        
        http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_arm.deb

        Size/MD5 checksum: 1646358 5d15c914dd3f0a6839357a40bd3badf7
        
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_arm.deb

        Size/MD5 checksum: 1952280 ec6986def88675cc6c341a10108c4b34
        Intel IA-32 architecture:
        
        http://security.debian.org/pool/updates/main/p/python1.5/python1.5_1.5.2-23.1_i386.deb

        Size/MD5 checksum: 865684 475adc23a0cd7b706dfb50bd2beb4a61
        
        http://security.debian.org/pool/updates/main/p/python2.1/python2.1_2.1.3-3.1_i386.deb

        Size/MD5 checksum: 1592036 643613afe8b24e5cc808cfa6150cd15a
        
        http://security.debian.org/pool/updates/main/p/python2.2/python2.2_2.2.1-4.1_i386.deb

        Size/MD5 checksum: &nb

- 漏洞信息

14496
Python os.py Predictable Temp File Symlink Privilege Escalation
Local Access Required Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-08-28 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Python os.py Predictable Temporary Filename Command Execution Vulnerability
Design Error 5581
No Yes
2002-08-28 12:00:00 2009-07-11 03:56:00
Discovery of this vulnerability credited to Zack Weinberg.

- 受影响的程序版本

Python Software Foundation Python 2.3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
Python Software Foundation Python 2.2.2
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.2
+ RedHat Linux 7.3
+ RedHat Linux 7.3
+ S.u.S.E. Linux Personal 8.2
+ S.u.S.E. Linux Personal 8.2
Python Software Foundation Python 2.2.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ OpenPKG OpenPKG 1.1
+ S.u.S.E. Linux 8.1
Python Software Foundation Python 2.2
+ Conectiva Linux 8.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
Python Software Foundation Python 2.1.3
+ Debian Linux 3.0
Python Software Foundation Python 2.1.2
Python Software Foundation Python 2.1.1
+ RedHat Linux 7.2
+ Sun Linux 5.0.7
Python Software Foundation Python 2.1
+ Conectiva Linux 7.0
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Python Software Foundation Python 2.0.1
Python Software Foundation Python 2.0
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Python Software Foundation Python 1.6.1
Python Software Foundation Python 1.6
Python Software Foundation Python 1.5.2
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 6.0
+ Debian Linux 3.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ Red Hat Linux 6.2
+ RedHat Linux 7.3
+ RedHat Linux 7.2
+ RedHat Linux 7.1
+ RedHat Linux 7.0
+ RedHat Linux for iSeries 7.1
+ RedHat Linux for pSeries 7.1
+ Sun Linux 5.0.7
+ Trustix Secure Linux 1.5
Python Software Foundation Python 2.3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0

- 不受影响的程序版本

Python Software Foundation Python 2.3
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0

- 漏洞讨论

It has been reported that some versions of Python create temporary files in an insecure manner. The vulnerability occurs in the os._execvpe function found in os.py.

It has been reported that exploitation of this vulnerability could lead to the execution of arbitrary code.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Sun Linux 5.0 security alert (Alert ID: 56122) available.

Sun have made fixes available to address this issue in Sun Linux 5.0.7. Fixes are linked below.

Debian and Conectiva have released fixes addressing this issue.

Gentoo Linux has released an advisory. It is highly advised that users who have installed dev-lang/python-2.2.1-r4 and earlier update their systems by issuing the following commands:

emerge rsync
emerge fetchmail
emerge clean

SCO has released a security advisory containing fixes which address this issue.

Mandrake has relased an updated advisory, MDKSA-2002:082-1, that include fixes for Mandrake Linux 9.0. Information about obtaining and applying fixes are available in the referenced advisory.

RedHat has released a security advisory (RHSA-2002:202-25) that includes fixes. Users are advised to upgrade as soon as possible.


Python Software Foundation Python 1.5.2

Python Software Foundation Python 2.0

Python Software Foundation Python 2.1

Python Software Foundation Python 2.1.1

Python Software Foundation Python 2.1.3

Python Software Foundation Python 2.2

Python Software Foundation Python 2.2.1

Python Software Foundation Python 2.2.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站