CVE-2003-0367
CVSS2.1
发布时间 :2003-07-02 00:00:00
修订时间 :2008-09-10 15:18:46
NMCOS    

[原文]znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.


[CNNVD]GZip Znew不安全临时文件创建符号链接攻击漏洞(CNNVD-200307-013)

        Gzip数据包中的znew存在漏洞。本地用户可以借助一个临时文件上的符号链接攻击覆盖任意文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2MandrakeSoft Mandrake Multi Network Firewall 8.2
cpe:/o:turbolinux:turbolinux_server:7.0
cpe:/a:openpkg:openpkg:1.3.5_1.2.0
cpe:/o:turbolinux:turbolinux_server:6.1
cpe:/o:turbolinux:turbolinux_workstation:7.0
cpe:/o:turbolinux:turbolinux_advanced_server:6.0
cpe:/o:turbolinux:turbolinux_workstation:8.0
cpe:/o:mandrakesoft:mandrake_linux:8.2MandrakeSoft Mandrake Linux 8.2
cpe:/a:openpkg:openpkg:1.3.5OpenPKG 1.3.5
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1MandrakeSoft Mandrake Linux Corporate Server 2.1
cpe:/o:mandrakesoft:mandrake_linux:9.0MandrakeSoft Mandrake Linux 9.0
cpe:/o:turbolinux:turbolinux_server:6.5
cpe:/a:openpkg:openpkg:1.3.3_1.1.0
cpe:/o:turbolinux:turbolinux_workstation:6.0
cpe:/o:turbolinux:turbolinux_server:8.0
cpe:/o:mandrakesoft:mandrake_linux:9.1MandrakeSoft Mandrake Linux 9.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0367
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0367
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200307-013
(官方数据源) CNNVD

- 其它链接及资源

http://www.turbolinux.com/security/TLSA-2003-38.txt
(VENDOR_ADVISORY)  TURBO  TLSA-2003-38
http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html
(VENDOR_ADVISORY)  CONFIRM  http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html
http://www.debian.org/security/2003/dsa-308
(VENDOR_ADVISORY)  DEBIAN  DSA-308
http://www.securityfocus.com/bid/7872
(UNKNOWN)  BID  7872
http://www.mandriva.com/security/advisories?name=MDKSA-2003:068
(UNKNOWN)  MANDRAKE  MDKSA-2003:068

- 漏洞信息

GZip Znew不安全临时文件创建符号链接攻击漏洞
低危 设计错误
2003-07-02 00:00:00 2005-10-20 00:00:00
本地  
        Gzip数据包中的znew存在漏洞。本地用户可以借助一个临时文件上的符号链接攻击覆盖任意文件。

- 公告与补丁

        Debian has made fixes available. See referenced advisory DSA-308-1 for additional details.
        Gentoo Linux has released an advisory. Users who have installed sys-apps/gzip are advised to upgrade to gzip-1.3.3-r2 by issuing the following commands:
        emerge sync
        emerge gzip
        emerge clean
        SGI has released advisory 20040104-01-P to address this issue.
        Patch 5424 will be released for IRIX versions later than 6.5.17.
        Users should upgrade to one of these versions and then apply the
        patch when it is available. Further details can be found in the
        attached advisory.
        Fixes have been made available:
        GNU gzip 1.2.4 a
        
        GNU gzip 1.2.4
        
        GNU gzip 1.3.2
        
        GNU gzip 1.3.5
        

- 漏洞信息

4339
gzip znew Insecure Temp File Creation
Local Access Required Race Condition
Loss of Integrity
Exploit Public

- 漏洞描述

gzip contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when the znew script creates temp files insecurely. It is possible that the flaw may allow arbitrary file overwriting resulting in a loss of integrity.

- 时间线

2003-05-15 Unknow
2003-05-15 Unknow

- 解决方案

Upgrade to version 1.3.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

GZip ZNew Insecure Temporary File Creation Symbolic Link Vulnerability
Design Error 7872
No Yes
2003-06-11 12:00:00 2009-07-11 10:06:00
Discovery credited to Paul Szabo.

- 受影响的程序版本

SGI IRIX 6.5.22
SGI IRIX 6.5.21 m
SGI IRIX 6.5.21 f
SGI IRIX 6.5.21
SGI IRIX 6.5.20 m
SGI IRIX 6.5.20 f
SGI IRIX 6.5.20
SGI IRIX 6.5.19 m
SGI IRIX 6.5.19 f
SGI IRIX 6.5.19
SGI IRIX 6.5.18 m
SGI IRIX 6.5.18 f
SGI IRIX 6.5.18
SGI IRIX 6.5.17 m
SGI IRIX 6.5.17 f
SGI IRIX 6.5.17
SGI IRIX 6.5.16 m
SGI IRIX 6.5.16 f
SGI IRIX 6.5.16
SGI IRIX 6.5.15 m
SGI IRIX 6.5.15 f
SGI IRIX 6.5.15
SGI IRIX 6.5.14 m
SGI IRIX 6.5.14 f
SGI IRIX 6.5.14
SGI IRIX 6.5.13 m
SGI IRIX 6.5.13 f
SGI IRIX 6.5.13
SGI IRIX 6.5.12 m
SGI IRIX 6.5.12 f
SGI IRIX 6.5.12
SGI IRIX 6.5.11 m
SGI IRIX 6.5.11 f
SGI IRIX 6.5.11
SGI IRIX 6.5.10 m
SGI IRIX 6.5.10 f
SGI IRIX 6.5.10
SGI IRIX 6.5.9 m
SGI IRIX 6.5.9 f
SGI IRIX 6.5.9
SGI IRIX 6.5.8 m
SGI IRIX 6.5.8 f
SGI IRIX 6.5.8
SGI IRIX 6.5.7 m
SGI IRIX 6.5.7 f
SGI IRIX 6.5.7
SGI IRIX 6.5.6 m
SGI IRIX 6.5.6 f
SGI IRIX 6.5.6
SGI IRIX 6.5.5 m
SGI IRIX 6.5.5 f
SGI IRIX 6.5.5
SGI IRIX 6.5.4 m
SGI IRIX 6.5.4 f
SGI IRIX 6.5.4
SGI IRIX 6.5.3 m
SGI IRIX 6.5.3 f
SGI IRIX 6.5.3
SGI IRIX 6.5.2 m
SGI IRIX 6.5.2 f
SGI IRIX 6.5.2
SGI IRIX 6.5.1
SGI IRIX 6.5 20
SGI IRIX 6.5 .19m
SGI IRIX 6.5 .19f
SGI IRIX 6.5
GNU gzip 1.3.5
+ Conectiva Linux 10.0
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
GNU gzip 1.3.3
+ Conectiva Linux 9.0
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
GNU gzip 1.3.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
GNU gzip 1.3
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
GNU gzip 1.2.4 a
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Mandriva Linux Mandrake 7.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ SGI IRIX 6.5.15 m
+ SGI IRIX 6.5.15 f
+ SGI IRIX 6.5.14 m
+ SGI IRIX 6.5.14 f
+ SGI IRIX 6.5.13 m
+ SGI IRIX 6.5.13 f
+ SGI IRIX 6.5.12 m
+ SGI IRIX 6.5.12 f
+ SGI IRIX 6.5.11 m
+ SGI IRIX 6.5.11 f
+ SGI IRIX 6.5.10
+ SGI IRIX 6.5.9
+ SGI IRIX 6.5.8
+ SGI IRIX 6.5.7
+ SGI IRIX 6.5.6
+ SGI IRIX 6.5.5
+ SGI IRIX 6.5.4
+ SGI IRIX 6.5.3
+ SGI IRIX 6.5.2
+ SGI IRIX 6.5.1
+ SGI IRIX 6.5
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
GNU gzip 1.2.4
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ RedHat Linux 6.0 sparc
+ RedHat Linux 6.0 alpha
+ RedHat Linux 6.0
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 alpha
+ Slackware Linux 8.0
+ Slackware Linux 7.1
+ Slackware Linux 7.0
+ Sun Solaris 8_x86
+ Sun Solaris 8_sparc
SGI IRIX 6.5.23

- 不受影响的程序版本

SGI IRIX 6.5.23

- 漏洞讨论

It has been reported that gzip does not securely handle temporary files in the znew script. Because of this, a local attacker may be able to launch a symbolic link attack against sensitive files.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Debian has made fixes available. See referenced advisory DSA-308-1 for additional details.

Gentoo Linux has released an advisory. Users who have installed sys-apps/gzip are advised to upgrade to gzip-1.3.3-r2 by issuing the following commands:

emerge sync
emerge gzip
emerge clean

SGI has released advisory 20040104-01-P to address this issue.
Patch 5424 will be released for IRIX versions later than 6.5.17.
Users should upgrade to one of these versions and then apply the
patch when it is available. Further details can be found in the
attached advisory.

Fixes have been made available:


GNU gzip 1.2.4 a

GNU gzip 1.2.4

GNU gzip 1.3.2

GNU gzip 1.3.5

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站