CVE-2003-0119
CVSS7.5
发布时间 :2004-02-03 00:00:00
修订时间 :2008-09-05 16:33:31
NMCOS    

[原文]The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities.


[CNNVD]IBM AIX secldapclntd远程未授权数据访问漏洞(CNNVD-200402-004)

        
        IBM AIX是一款商业性质UNIX操作系统。
        IBM AIX包含的secldapclntd守护程序对恶意LDAP消息缺少正确处理,远程攻击者可以利用这个漏洞未授权访问系统数据。
        secldapclntd守护程序接收LDAP可装载模块的请求,并转发请求到LDAP服务器,并传递服务器的结果给LDAP模块,secldapclntd守护程序使用Internet套接口进行通信,远程攻击者可以构建特殊的LDAP消息未授权访问数据,有可能修改LDAP服务器上的用户帐户。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:ibm:aix:5.1IBM AIX 5.1
cpe:/o:ibm:aix:5.2IBM AIX 5.2
cpe:/o:ibm:aix:4.3.3IBM AIX 4.3.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0119
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0119
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200402-004
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/624713
(VENDOR_ADVISORY)  CERT-VN  VU#624713
http://www.securityfocus.com/bid/7264
(VENDOR_ADVISORY)  BID  7264
http://www-1.ibm.com/services/continuity/recover1.nsf/4699c03b46f2d4f68525678c006d45ae/85256a3400529a8685256cde0008ddde?OpenDocument
(UNKNOWN)  IBM  MSS-OAR-E01-2003:0245.1
http://secunia.com/advisories/8221
(UNKNOWN)  SECUNIA  8221

- 漏洞信息

IBM AIX secldapclntd远程未授权数据访问漏洞
高危 输入验证
2004-02-03 00:00:00 2005-10-20 00:00:00
远程  
        
        IBM AIX是一款商业性质UNIX操作系统。
        IBM AIX包含的secldapclntd守护程序对恶意LDAP消息缺少正确处理,远程攻击者可以利用这个漏洞未授权访问系统数据。
        secldapclntd守护程序接收LDAP可装载模块的请求,并转发请求到LDAP服务器,并传递服务器的结果给LDAP模块,secldapclntd守护程序使用Internet套接口进行通信,远程攻击者可以构建特殊的LDAP消息未授权访问数据,有可能修改LDAP服务器上的用户帐户。
        

- 公告与补丁

        厂商补丁:
        IBM
        ---
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        IBM AIX 4.3.3:
        IBM Hotfix secldap_efix.tar.Z
        ftp://aix.software.ibm.com/aix/efixes/security/secldap_efix.tar.Z
        This is a temporary fix.
        IBM APAR IY40510
        
        http://techsupport.services.ibm.com/rs6k/fixdb.html

        IBM AIX 5.1:
        IBM Hotfix secldap_efix.tar.Z
        ftp://aix.software.ibm.com/aix/efixes/security/secldap_efix.tar.Z
        This is a temporary fix.
        IBM APAR IY40228
        
        http://techsupport.services.ibm.com/server/aix.fdc

        This APAR will be available approximately 28/04/2003.
        IBM AIX 5.2:
        IBM APAR IY40157
        
        http://techsupport.services.ibm.com/server/aix.fdc

        补丁安装:
        1、建立临时efix目录并转移到此目录:
        # mkdir /tmp/efix
        # cd /tmp/efix
        2、把efix移到/tmp/efix,解压补丁:
        # uncompress secldap_efix.tar.Z
        # tar xvf secldap_efix.tar
        # cd secldap_efix
        3、修改补丁文件以适应用户自身的系统,并设置属主和权限:
        # mv secldapclntd.xxx secldapclntd # where xxx is 433 or 510
        # chown root.security secldapclntd
        # chmod 500 secldapclntd
        4、建立原始二进制程序的备份,并去掉相关权限:
        # cd /usr/sbin
        # cp secldapclntd secldapclntd.orig
        # chmod 0 secldapclntd.orig
        5、停止secldapclntd守护进程:
        # kill `ps -e|grep secldapclntd|awk '{ print $1 }'`
        6、使用补丁过的二进制程序代替当前系统程序,使用-p选项维持文件权限:
        # cp -p /tmp/efix/secldap_efix/secldapclntd /usr/sbin/secldapclntd
        7、重新启动secldapclntd.
        # /usr/sbin/secldapclntd

- 漏洞信息

7995
IBM AIX secldapclntd loadmod Remote Command Execution
Remote / Network Access Authentication Management, Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

IBM AIX contains a flaw that may allow a malicious user to modify user accounts. The issue is triggered when a specially crafted LDAP request is sent to the secldapclntd daemon. It is possible that the flaw may allow modification of user accounts resulting in a loss of integrity.

- 时间线

2003-02-21 Unknow
Unknow Unknow

- 解决方案

Upgrade AIX using the APAR numbers AIX 4.3.3: IY40510, AIX 5.1.0:  IY40228 and AIX 5.2.0:  IY40517 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

IBM AIX secldapclntd Unauthorized Data Access Vulnerability
Input Validation Error 7264
Yes No
2003-03-03 12:00:00 2009-07-11 09:06:00
This vulnerability was reported in a IBM advisory.

- 受影响的程序版本

IBM AIX 4.3.3
IBM AIX 4.3
IBM AIX 5.2
IBM AIX 5.1

- 漏洞讨论

A vulnerability has been reported for IBM AIX systems using LDAP. The vulnerability exists in the secldapclntd service.

An attacker can exploit this vulnerability by crafting a special LDAP message which would allow an attacker to gain unauthorized access to data. In some cases it may be possible for a remote attacker to modify user accounts on the LDAP server.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The following APARs are available:


IBM AIX 5.1

IBM AIX 5.2

IBM AIX 4.3.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站