CVE-2003-0603
CVSS2.1
发布时间 :2003-08-27 00:00:00
修订时间 :2008-09-05 16:34:45
NMCOS    

[原文]Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.


[CNNVD]Bugzilla不安全临时文件处理漏洞(CNNVD-200308-165)

        
        Bugzilla是一款基于WEB的漏洞跟踪收集系统,使用了Perl和MySQL数据库,可运行在多种Unix和Linux操作系统下。
        Bugzilla建立临时文件不安全,本地攻击者可以利用这个漏洞利用符号链接,对本地系统文件进行攻击,造成拒绝服务。
        目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:mozilla:bugzilla:2.16.1Mozilla Bugzilla 2.16.1
cpe:/a:mozilla:bugzilla:2.17.3Mozilla Bugzilla 2.17.3
cpe:/a:mozilla:bugzilla:2.10Mozilla Bugzilla 2.10
cpe:/a:mozilla:bugzilla:2.12Mozilla Bugzilla 2.12
cpe:/a:mozilla:bugzilla:2.14.4Mozilla Bugzilla 2.14.4
cpe:/a:mozilla:bugzilla:2.16.2Mozilla Bugzilla 2.16.2
cpe:/a:mozilla:bugzilla:2.14.3Mozilla Bugzilla 2.14.3
cpe:/a:mozilla:bugzilla:2.14.1Mozilla Bugzilla 2.14.1
cpe:/a:mozilla:bugzilla:2.14.2Mozilla Bugzilla 2.14.2
cpe:/a:mozilla:bugzilla:2.14.5Mozilla Bugzilla 2.14.5
cpe:/a:mozilla:bugzilla:2.17Mozilla Bugzilla 2.17
cpe:/a:mozilla:bugzilla:2.14Mozilla Bugzilla 2.14
cpe:/a:mozilla:bugzilla:2.17.1Mozilla Bugzilla 2.17.1
cpe:/a:mozilla:bugzilla:2.16Mozilla Bugzilla 2.16

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0603
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0603
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200308-165
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/7412
(VENDOR_ADVISORY)  BID  7412
http://www.bugzilla.org/security/2.16.2/
(UNKNOWN)  CONFIRM  http://www.bugzilla.org/security/2.16.2/
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653
(VENDOR_ADVISORY)  CONECTIVA  CLA-2003:653

- 漏洞信息

Bugzilla不安全临时文件处理漏洞
低危 设计错误
2003-08-27 00:00:00 2005-10-20 00:00:00
本地  
        
        Bugzilla是一款基于WEB的漏洞跟踪收集系统,使用了Perl和MySQL数据库,可运行在多种Unix和Linux操作系统下。
        Bugzilla建立临时文件不安全,本地攻击者可以利用这个漏洞利用符号链接,对本地系统文件进行攻击,造成拒绝服务。
        目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        Mozilla
        -------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        
        http://ftp.mozilla.org/pub/webtools/

        Full release升级和CVS升级指导可从如下地址获得:
        
        http://www.bugzilla.org/download.html

- 漏洞信息

6348
Bugzilla showdependencygraph.cgi Symlink Arbitrary File Overwrite
Local Access Required Input Manipulation, Race Condition
Loss of Integrity
Exploit Public

- 漏洞描述

Bugzilla contains a flaw that may allow a malicious user to overwrite arbitrary files. The problem is that the program creates temporary files in directories with insecure permissions and does not verify that the filename is unused. It is possible that the flaw may allow a malicious user to create a symlink from the showdependencygraph.cgi script and overwrite an arbitrary file, resulting in a loss of integrity or availability.

- 时间线

2003-03-12 Unknow
2003-03-12 Unknow

- 解决方案

Upgrade to version 2.16.3 (stable release) or 2.17.4 (development release) or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Bugzilla Insecure Temporary File Handling Vulnerabilities
Design Error 7412
No No
2003-04-24 12:00:00 2009-07-11 09:07:00
This issue was announced by the vendor.

- 受影响的程序版本

Mozilla Bugzilla 2.17.3
Mozilla Bugzilla 2.17.1
Mozilla Bugzilla 2.17
Mozilla Bugzilla 2.16.2
+ Conectiva Linux 9.0
+ Conectiva Linux 9.0
Mozilla Bugzilla 2.16.1
Mozilla Bugzilla 2.16
- Mandriva Linux Mandrake 9.0
- Mandriva Linux Mandrake 9.0
Mozilla Bugzilla 2.14.5
Mozilla Bugzilla 2.14.4
Mozilla Bugzilla 2.14.3
Mozilla Bugzilla 2.14.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Debian Linux 3.0
Mozilla Bugzilla 2.14.1
Mozilla Bugzilla 2.14
- RedHat Linux 7.1
- RedHat Linux 7.1
- RedHat Linux 7.0
- RedHat Linux 7.0
- RedHat Linux 7.0
- RedHat Linux 7.0
- RedHat Linux 7.0
Mozilla Bugzilla 2.12
Mozilla Bugzilla 2.10
Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.16.3

- 不受影响的程序版本

Mozilla Bugzilla 2.17.4
Mozilla Bugzilla 2.16.3

- 漏洞讨论

Bugzilla creates temporary files insecurely. Multiple instances of this problem were reported. This could permit local attacks to mount symbolic link attacks which could cause files writeable by the web server hosting Bugzilla to be corrupted or overwritten.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Conectiva has released an advisory (CLA-2003:653) and fixes to address this issue. See attached advisory for details on obtaining and applying fixes.

The vendor has addressed this issue in Bugzilla 2.16.3 and 2.17.4. Patches may be obtained at the following location:

http://ftp.mozilla.org/pub/webtools/

Full release upgrades and CVS upgrade instructions will be made available here:

http://www.bugzilla.org/download.html


Mozilla Bugzilla 2.16.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站