发布时间 :2003-11-17 00:00:00
修订时间 :2008-09-05 16:35:29

[原文]Certain scripts in OpenServer before 5.0.6 allow local users to overwrite files and conduct other unauthorized activities via a symlink attack on temporary files.

[CNNVD]SCO OpenServer不安全临时文件漏洞(CNNVD-200311-064)

        OpenServer 5.0.6之前版本的特定脚本存在漏洞。本地用户借助对临时文件的符号链接攻击覆盖文件并进行其他非法活动。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源

- 漏洞信息

SCO OpenServer不安全临时文件漏洞
低危 设计错误
2003-11-17 00:00:00 2005-10-20 00:00:00
        OpenServer 5.0.6之前版本的特定脚本存在漏洞。本地用户借助对临时文件的符号链接攻击覆盖文件并进行其他非法活动。

- 公告与补丁

        SCO has released updates for these issues.
        SCO has released updated information concerning the previous advisory (CSSA-2003-SCO.27) and fix stating that an error has been found in the packaging of the fix. Users who have applied the fix should remove it and wait for a revised version.

- 漏洞信息 (F32125)

CSSA-2003-SCO.27 (PacketStormID:F32125)
2003-11-04 00:00:00

SCO Security Advisory CSSA-2003-SCO.27 - OpenServer 5.0.5 insecurely creates files in /tmp which can lead to a system compromise.

To: full-disclosure@lists.n

Hash: SHA1


			SCO Security Advisory

Subject:		OpenServer 5.0.5 : Insecure creation of files in /tmp
Advisory number: 	CSSA-2003-SCO.27
Issue date: 		2003 October 20
Cross reference:	sr865679 fz521201 erg712072 CAN-2003-0872

1. Problem Description

	Several scripts use files /tmp in a insecure way. These
	filenames can be symlinked to by a malicious user, and cause
	various nefarious things to happen. 

	OpenServer 5.0.6 has previously fixed all these scripts,
	hence this issue does not affect OpenServer 5.0.6 or 5.0.7.	

	The Common Vulnerabilities and Exposures (CVE) project has assigned
        the name CAN-2003-0872 to this issue. This is a candidate for
        inclusion in the CVE list (, which standardizes
        names for security problems. Candidates may change significantly
        before they become official CVE entries.

2. Vulnerable Supported Versions

	System				Binaries
	OpenServer 5.0.5 		/etc/init.d/VDISK

3. Solution

	The proper solution is to install the latest packages.

4. OpenServer 5.0.5

	4.1 Location of Fixed Binaries

	4.2 Verification

	MD5 (VOL.000.000) = 24ea1000e89272a3d2f12d9fd05de83f

	md5 is available for download from

	4.3 Installing Fixed Binaries

	Upgrade the affected binaries with the following sequence:

	1) Download the VOL* files to the /tmp directory

	2) Run the custom command, specify an install from media
	images, and specify the /tmp directory as the location of
	the images.

5. References

	SCO security resources:

	This security fix closes SCO incidents sr865679 fz521201

6. Disclaimer

	SCO is not responsible for the misuse of any of the information
	we provide on this website and/or through our security
	advisories. Our advisories are a service to our customers
	intended to promote secure installation and use of SCO

7. Acknowledgments

        These vulnerabilities were discovered by Tomasz Kusmierz.


Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)


- 漏洞信息

SCO OpenServer /etc/init.d/VDISK Symlink Arbitrary File Overwrite
Local Access Required Race Condition
Loss of Integrity
Exploit Unknown

- 漏洞描述

SCO OpenServer contains a flaw that may allow a malicious local user to corrupt arbitrary files on the system. The issue is due to /etc/init.d/VDISK creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files and may gain elevated privileges.

- 时间线

2003-10-20 Unknow
Unknow Unknow

- 解决方案

Upgrade to version OpenServer 5.0.6 or higher, as it has been reported to fix this vulnerability. SCO has also made new binaries available that correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

SCO OpenServer Insecure Temporary File Vulnerabilities
Design Error 8864
No Yes
2003-10-21 12:00:00 2009-07-11 11:56:00
Discovery is credited to Tomasz Kusmierz.

- 受影响的程序版本

SCO Open Server 5.0.5
SCO Open Server 5.0.7
SCO Open Server 5.0.6

- 不受影响的程序版本

SCO Open Server 5.0.7
SCO Open Server 5.0.6

- 漏洞讨论

SCO has released an advisory for OpenServer 5.0.5 which addresses multiple instances of scripts creating temporary files insecurely. These issues could be exploited by a local attacker to corrupt files via symbolic link attacks. Since there are many scripts which are prone to this behavior, it is more than likely that one of these scripts could allow an attack to corrupt files with custom data, resulting in elevated privileges.

These issues were addressed with the release of OpenServer 5.0.6.

- 漏洞利用

There is no exploit required.

- 解决方案

SCO has released updates for these issues.

SCO has released updated information concerning the previous advisory (CSSA-2003-SCO.27) and fix stating that an error has been found in the packaging of the fix. Users who have applied the fix should remove it and wait for a revised version.

SCO Open Server 5.0.5

- 相关参考