CVE-2002-1160
CVSS7.2
发布时间 :2003-02-19 00:00:00
修订时间 :2016-10-17 22:24:16
NMCOS    

[原文]The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.


[CNNVD]PAM pam_xauth模块未计划X会话cookie访问漏洞(CNNVD-200302-046)

        Pam_xauth模块的默认设置将MIT-Magic-Cookies转送到新X会话,本地用户可以利用该漏洞,通过从临时.xauth文件窃取cookie获取根权限,该文件在根使用su创建后具有原始用户的证书。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:redhat:linux:7.1Red Hat Linux 7.1
cpe:/o:redhat:linux:8.0Red Hat Linux 8.0
cpe:/o:redhat:linux:7.2Red Hat Linux 7.2
cpe:/o:redhat:linux:7.3Red Hat Linux 7.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1160
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1160
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200302-046
(官方数据源) CNNVD

- 其它链接及资源

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693
(UNKNOWN)  CONECTIVA  CLA-2003:693
http://marc.info/?l=bugtraq&m=104431622818954&w=2
(UNKNOWN)  BUGTRAQ  20021214 BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55760
(UNKNOWN)  SUNALERT  55760
http://www.iss.net/security_center/static/11254.php
(VENDOR_ADVISORY)  XF  linux-pamxauth-gain-privileges(11254)
http://www.kb.cert.org/vuls/id/911505
(VENDOR_ADVISORY)  CERT-VN  VU#911505
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:017
(UNKNOWN)  MANDRAKE  MDKSA-2003:017
http://www.redhat.com/support/errata/RHSA-2003-028.html
(UNKNOWN)  REDHAT  RHSA-2003:028
http://www.redhat.com/support/errata/RHSA-2003-035.html
(UNKNOWN)  REDHAT  RHSA-2003:035
http://www.securityfocus.com/bid/6753
(UNKNOWN)  BID  6753

- 漏洞信息

PAM pam_xauth模块未计划X会话cookie访问漏洞
高危 其他
2003-02-19 00:00:00 2005-05-13 00:00:00
本地  
        Pam_xauth模块的默认设置将MIT-Magic-Cookies转送到新X会话,本地用户可以利用该漏洞,通过从临时.xauth文件窃取cookie获取根权限,该文件在根使用su创建后具有原始用户的证书。

- 公告与补丁

        Mandrake has released a security advisory (MDKSA-2003:017) containing fixes to address this issue.
        Red Hat has released security advisory (RHSA-2003:035-10) containing fixes to address this issue. Users are advised to upgrade as soon as possible.
        Red Hat has also released a security advisory (RHSA-2003:028-12) to address this issue in Enterprise Linux. Fixes have been made available via the Red Hat Network (RHN). Further information can be found in the attached advisory.
        Conectiva has released updates to correct this issue. See the referenced advisory for more details.
        Sun has released a fix for Sun Linux 5.0.6.
        Fixes available:
        pam_xauth pam_xauth 0.74
        
        pam_xauth pam_xauth 0.75
        

- 漏洞信息

14505
pam_xauth Module MIT-Magic-Cookies Local Disclosure Privilege Escalation

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-02-03 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PAM pam_xauth Module Unintended X Session Cookie Access Vulnerability
Failure to Handle Exceptional Conditions 6753
No Yes
2003-02-03 12:00:00 2009-07-11 08:06:00
The discovery of this vulnerability has been credited to Bedatec Security H VC <overclocking_a_la_abuela@hotmail.com>.

- 受影响的程序版本

RedHat Linux 8.0
RedHat Linux 7.3
RedHat Linux 7.2
RedHat Linux 7.1
pam_xauth pam_xauth 0.75
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ RedHat Linux Advanced Work Station 2.1
+ RedHat Linux for iSeries 7.1
+ RedHat Linux for pSeries 7.1
+ Sun Linux 5.0.6
pam_xauth pam_xauth 0.74
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1
RedHat Linux 7.0

- 不受影响的程序版本

RedHat Linux 7.0

- 漏洞讨论

A vulnerability has been discovered on default RedHat Linux installations which potentially allows a malicious local user to obtain elevated privileges. The problem occurs when a user is running the su utility, in conjunction with the PAM pam_xauth module, to assume the identity of another user. The issue occurs due to the use of a temporary .xauth-file accessible by the real user whose identity is being assumed. Exploiting this issue may allow an attacker to connect to the X session of the user executing su.

- 漏洞利用

No exploit is required.

- 解决方案

Mandrake has released a security advisory (MDKSA-2003:017) containing fixes to address this issue.

Red Hat has released security advisory (RHSA-2003:035-10) containing fixes to address this issue. Users are advised to upgrade as soon as possible.

Red Hat has also released a security advisory (RHSA-2003:028-12) to address this issue in Enterprise Linux. Fixes have been made available via the Red Hat Network (RHN). Further information can be found in the attached advisory.

Conectiva has released updates to correct this issue. See the referenced advisory for more details.

Sun has released a fix for Sun Linux 5.0.6.

Fixes available:


pam_xauth pam_xauth 0.74

pam_xauth pam_xauth 0.75

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站