CVE-2002-1227
CVSS7.5
发布时间 :2002-10-28 00:00:00
修订时间 :2008-09-05 16:30:05
NMCOS    

[原文]PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.


[CNNVD]Debian Linux PAM验证绕过漏洞(CNNVD-200210-310)

        
        Linux PAM可以用来对用户访问和资源等进行限制。
        Debian Linux PAM验证机制存在漏洞,远程攻击者可以利用这个漏洞无需密码访问系统。
        PAM 0.76版本把"锁住"的密码(口令文件中的密码字段为'*')作为空密码处理,并可以通过正常的登录过程对系统进行访问。密码文件中所有密码字段为'*'的帐户,并且相关SHELL不为/bin/false的情况下,远程攻击者可以利用这些帐户访问受限制的系统。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1227
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1227
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-310
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2002/dsa-177
(VENDOR_ADVISORY)  DEBIAN  DSA-177
http://www.iss.net/security_center/static/10405.php
(VENDOR_ADVISORY)  XF  pam-disabled-bypass-authentication(10405)
http://www.securityfocus.com/bid/5994
(UNKNOWN)  BID  5994

- 漏洞信息

Debian Linux PAM验证绕过漏洞
高危 访问验证错误
2002-10-28 00:00:00 2005-09-14 00:00:00
远程  
        
        Linux PAM可以用来对用户访问和资源等进行限制。
        Debian Linux PAM验证机制存在漏洞,远程攻击者可以利用这个漏洞无需密码访问系统。
        PAM 0.76版本把"锁住"的密码(口令文件中的密码字段为'*')作为空密码处理,并可以通过正常的登录过程对系统进行访问。密码文件中所有密码字段为'*'的帐户,并且相关SHELL不为/bin/false的情况下,远程攻击者可以利用这些帐户访问受限制的系统。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 修改/etc/passwd,确保密码字段为'*'的帐户其相关SHELL为/bin/false。
        厂商补丁:
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-177-1)以及相应补丁:
        DSA-177-1:New PAM packages fix serious security violation in Debian/unstable
        链接:
        http://www.debian.org/security/2002/dsa-177

        补丁下载:
        Source archives:
        
        http://ftp.debian.org/debian/pool/main/p/pam/pam_0.76-6.dsc

        Size/MD5 checksum: 732 c7661ad0dcbc7df4ca967e58e93edd2e
        
        http://ftp.debian.org/debian/pool/main/p/pam/pam_0.76-6.diff.gz

        Size/MD5 checksum: 87185 39d8f45620b6750b34ad9128814328e7
        
        http://ftp.debian.org/debian/pool/main/p/pam/pam_0.76.orig.tar.gz

        Size/MD5 checksum: 424671 22dd4019934cbd71bc67f13a5c2e10ec
        Architecture independent components:
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam-doc_0.76-6_all.deb

        Size/MD5 checksum: 651724 b3fc72ee81ac4e4413c696ec42fa4ef3
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam-runtime_0.76-6_all.deb

        Size/MD5 checksum: 51922 28398b55b183e122984c4bf1a64183a9
        Alpha architecture:
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_alpha.deb

        Size/MD5 checksum: 53808 462dcd1a02dd799b761a05687cf08699
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_alpha.deb

        Size/MD5 checksum: 179588 e2719b40c82af6891471c7182d8008f7
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_alpha.deb

        Size/MD5 checksum: 74146 727185b2d9c55a084105e2e4c43afcd0
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_alpha.deb

        Size/MD5 checksum: 116148 970c63cf78a3b7311e122069225caa06
        ARM architecture:
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_arm.deb

        Size/MD5 checksum: 52268 c8f6709b9b92cac992168bfa957762cd
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_arm.deb

        Size/MD5 checksum: 153494 12a21eb18e0cb8fb3043c23a78b410a8
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_arm.deb

        Size/MD5 checksum: 67952 bf8953d4d7227a5f8c837921da2745c4
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_arm.deb

        Size/MD5 checksum: 110738 10ecfcb5e44bb5af98deb4f5b27c16cb
        Intel IA-32 architecture:
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_i386.deb

        Size/MD5 checksum: 52116 f91a3a10c47a08aae349bd16d161a644
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_i386.deb

        Size/MD5 checksum: 146290 88216fe253c9e5042e8a6902bc807153
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_i386.deb

        Size/MD5 checksum: 67504 a02c56dfa8949cf9abc071fc3b75ade1
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_i386.deb

        Size/MD5 checksum: 107490 366d7a40aecdc674920c76f8c71684b3
        Intel IA-64 architecture:
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_ia64.deb

        Size/MD5 checksum: 56320 a52fc9867c6af83788e5d999fb3c5289
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_ia64.deb

        Size/MD5 checksum: 204086 1b85b7156e03bef224c783e45c4f8f36
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_ia64.deb

        Size/MD5 checksum: 81374 76d3f1c7665854f137457f7d0e75d995
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_ia64.deb

        Size/MD5 checksum: 118930 31ff873794cfaf4da938340fbf87c275
        HP Precision architecture:
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_hppa.deb

        Size/MD5 checksum: 53646 10dce03fd0f16e7bb25cc7263b679cd2
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_hppa.deb

        Size/MD5 checksum: 171266 23439afca3810b039e65e3ff5a626336
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_hppa.deb

        Size/MD5 checksum: 72066 166e7a5b1f72b0585b1d1fa06d5ac4f0
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_hppa.deb

        Size/MD5 checksum: 113166 bb97068c08d1e98c37a439ff044dfe0c
        Motorola 680x0 architecture:
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam-cracklib_0.76-6_m68k.deb

        Size/MD5 checksum: 51886 aa1a506bbabef00284d5761e891edd3d
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam-modules_0.76-6_m68k.deb

        Size/MD5 checksum: 151202 6064da7ddbc9ecf958e52e586b4d5fe0
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam0g_0.76-6_m68k.deb

        Size/MD5 checksum: 67578 3586a306ffe39e0b57b6ebd37196fbc7
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam0g-dev_0.76-6_m68k.deb

        Size/MD5 checksum: 106684 db2c282058e7b2d78cb41bd7ab1bc082
        Big endian MIPS architecture:
        
        http://ftp.debian.org/debian/pool/main/p/pam/libpam-

- 漏洞信息

5003
PAM Reads Disabled Passwords as Blank Passwords

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-04-08 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux PAM Authentication Bypass Vulnerability
Access Validation Error 5994
Yes No
2002-10-17 12:00:00 2009-07-11 06:06:00
Attributed to Paul Aurich and Samuele Giovanni Tonon.

- 受影响的程序版本

Andrew G. Morgan Linux PAM 0.76
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0

- 漏洞讨论

Debian has reported a vulnerability in Linux PAM that may result in remote intruders gaining unauthorized access to systems. According to the report, vulnerable versions of PAM treat "locked" passwords (value of "*" in /etc/passwd) as no password. Consequently, remote users may login as blocked users without supplying any credentials. Provided that a functional shell is designated for the user, remote attackers may exploit this vulnerability to gain local access to target systems.

- 漏洞利用

There is no exploit code required.

- 解决方案

Debian has made fixes available for their unstable release. It is believed that other releases are not vulnerable.

Fixes available:


Andrew G. Morgan Linux PAM 0.76

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站