CVE-2003-0480
CVSS3.7
发布时间 :2003-08-07 00:00:00
修订时间 :2016-10-17 22:34:22
NMCO    

[原文]VMware Workstation 4.0 for Linux allows local users to overwrite arbitrary files and gain privileges via "symlink manipulation."


[CNNVD]Linux VMware Workstation覆盖任意文件漏洞(CNNVD-200308-045)

        Linux的VMware Workstation 4.0版本存在漏洞。本地用户借助"symlink manipulation"覆盖任意文件。

- CVSS (基础分值)

CVSS分值: 3.7 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0480
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0480
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200308-045
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=105673688529147&w=2
(UNKNOWN)  BUGTRAQ  20030627 VMware Workstation 4.0: Possible privilege escalation on the host
http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019
(VENDOR_ADVISORY)  CONFIRM  http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019

- 漏洞信息

Linux VMware Workstation覆盖任意文件漏洞
低危 未知
2003-08-07 00:00:00 2005-10-20 00:00:00
本地  
        Linux的VMware Workstation 4.0版本存在漏洞。本地用户借助"symlink manipulation"覆盖任意文件。

- 公告与补丁

        

- 漏洞信息

2222
VMware Workstation Symlink Privilege Escalation
Local Access Required Race Condition
Vendor Verified

- 漏洞描述

In-Reply-To: <20030626220825.12388.qmail@www.securityfocus.com> VMware have posted a knowledge base article on 2003-06-27 that describes the workaround to protect a system against potential priviledge escalation. It is at: http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=1019 >Received: (qmail 31575 invoked from network); 27 Jun 2003 17:55:34 -0000 >Received: from outgoing2.securityfocus.com (205.206.231.26) > by mail.securityfocus.com with SMTP; 27 Jun 2003 17:55:34 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing2.securityfocus.com (Postfix) with QMQP > id C44698F6FE; Fri, 27 Jun 2003 11:31:17 -0600 (MDT) >Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@securityfocus.com> >List-Help: <mailto:bugtraq-help@securityfocus.com> >List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com> >List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com> >Delivered-To: mailing list bugtraq@securityfocus.com >Delivered-To: moderator for bugtraq@securityfocus.com >Received: (qmail 18375 invoked from network); 26 Jun 2003 22:05:14 -0000 >Date: 26 Jun 2003 22:08:25 -0000 >Message-ID: <20030626220825.12388.qmail@www.securityfocus.com> >Content-Type: text/plain >Content-Disposition: inline >Content-Transfer-Encoding: binary >MIME-Version: 1.0 >X-Mailer: MIME-tools 5.411 (Entity 5.404) >From: VMware <vmware-security-alert@vmware.com> >To: bugtraq@securityfocus.com >Subject: VMware Workstation 4.0: Possible privilege escalation on the host > via symlink manipulation > > > >It is possible for a user to gain an esclation in privileges on a system >running VMware Workstation 4.0 for Linux systems by symlink manipulation >in a world-writable directory such as /tmp. > >Affected systems: VMware Workstation 4.0 for Linux systems > >Dates: This was reported to VMware on 2003-06-17 and VMware is posting this >to Bugtraq on 2003-06-26. > >Resolutions: >1. VMware has identified a workaround and a Knowledge Base article will be >posted by noon Pacific Time on 2003-06-27 at the following url. > >http://www.vmware.com/kb > >2. VMware plans to release a patch that will resolve this problem >shortly. VMware will announce details when available. >

- 时间线

2003-06-27 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站