CVE-2004-0108
CVSS4.6
发布时间 :2004-04-15 00:00:00
修订时间 :2008-09-05 16:37:32
NMCOS    

[原文]The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.


[CNNVD]Sysstat/lsag以不安全方式创建临时文件漏洞(CNNVD-200404-030)

        
        Sysstat是一款Linux下收集系统信息的统计程序。
        Sysstat以不安全创建临时文件,本地攻击者可以利用这个漏洞利用符号连接破坏系统文件或造成权限提升。
        本地攻击者可以在/tmp目录下精心构建符号链接覆盖系统文件,造成本地拒绝服务或权限提升。
        其中Sysstat包含的lsag工具用于图形化显示这些统计,也存在同样问题。
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:sysstat:sysstat:4.1.4
cpe:/a:sysstat:sysstat:4.1.5
cpe:/a:sysstat:sysstat:4.1.7
cpe:/a:sysstat:sysstat:4.0.7
cpe:/a:sgi:propack:2.4SGI ProPack 2.4
cpe:/a:redhat:sysstat:4.0.7-3::i386
cpe:/a:sysstat:sysstat:5.0.1
cpe:/a:sysstat:sysstat:4.1.6
cpe:/a:sgi:propack:2.3SGI ProPack 2.3
cpe:/a:sysstat:sysstat:4.1.2
cpe:/a:sysstat:sysstat:4.1.1
cpe:/a:sysstat:sysstat:4.1.3

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9698The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a d...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0108
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0108
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200404-030
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/9844
(VENDOR_ADVISORY)  BID  9844
http://www.redhat.com/support/errata/RHSA-2004-053.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:053
ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc
(PATCH)  SGI  20040302-01-U
http://xforce.iss.net/xforce/xfdb/15437
(UNKNOWN)  XF  sysstat-isag-symlink(15437)
http://www.debian.org/security/2004/dsa-460
(UNKNOWN)  DEBIAN  DSA-460

- 漏洞信息

Sysstat/lsag以不安全方式创建临时文件漏洞
中危 设计错误
2004-04-15 00:00:00 2005-05-13 00:00:00
本地  
        
        Sysstat是一款Linux下收集系统信息的统计程序。
        Sysstat以不安全创建临时文件,本地攻击者可以利用这个漏洞利用符号连接破坏系统文件或造成权限提升。
        本地攻击者可以在/tmp目录下精心构建符号链接覆盖系统文件,造成本地拒绝服务或权限提升。
        其中Sysstat包含的lsag工具用于图形化显示这些统计,也存在同样问题。
        

- 公告与补丁

        厂商补丁:
        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2004:093-01)以及相应补丁:
        RHSA-2004:093-01:Updated sysstat packages fix security vulnerabilities
        链接:https://www.redhat.com/support/errata/RHSA-2004-093.html
        补丁下载:
        RedHat sysstat-4.0.7-3.i386.rpm :
        Red Hat Upgrade sysstat-4.0.7-4.rhl9.1.i386.rpm
        ftp://updates.redhat.com/9/en/os/i386/sysstat-4.0.7-4.rhl9.1.i386.rpm
        Sysstat
        -------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Sysstat Upgrade Sysstat 5.0.2
        
        http://perso.wanadoo.fr/sebastien.godard/download_en.html

- 漏洞信息

4196
sysstat isag Utility Symlink Arbitrary File Overwrite
Local Access Required Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-03-11 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Sysstat Isag Temporary File Creation Vulnerability
Design Error 9844
No Yes
2004-03-10 12:00:00 2009-07-12 03:06:00
Discovery is credited to Alan Cox.

- 受影响的程序版本

Sysstat Sysstat 5.0.1
Sysstat Sysstat 4.1.7
Sysstat Sysstat 4.1.6
Sysstat Sysstat 4.1.5
Sysstat Sysstat 4.1.4
Sysstat Sysstat 4.1.3
Sysstat Sysstat 4.1.2
Sysstat Sysstat 4.1.1
Sysstat Sysstat 4.0.7
+ Red Hat Enterprise Linux AS 3
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
+ RedHat Linux 9.0 i386
Sysstat Sysstat 4.0.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
SGI ProPack 2.4
SGI ProPack 2.3
RedHat sysstat-4.0.7-3.i386.rpm
+ RedHat Linux 9.0 i386
Sysstat Sysstat 5.0.2

- 不受影响的程序版本

Sysstat Sysstat 5.0.2

- 漏洞讨论

The Sysstat Isag command is prone to an issue that may allow malicious local users to corrupt system files, most likely resulting in loss of data or a denial of service.

The source of this vulnerability is that the utility creates temporary files in an insecure manner, facilitating creation of malicious symbolic links in the /tmp directory.

- 漏洞利用

There is no exploit required.

- 解决方案

SGI has released an advisory (20040302-01-U) and fixes to address this issue. Please see the attached advisory for further details on applying and obtaining fixes, fixes are linked below.

Debian has released an advisory (DSA 460-1) and fixes to address this issue. Please see the attached advisory for details on applying and obtaining fixes.

Red Hat has released advisory RHSA-2004:093-01 to address this issue.

Red Hat also released advisory RHSA-2004:053-16 for their enterprise distributions. Please see the attached advisory for details on applying and obtaining fixes.

Trustix Secure Linux has released advisory TSLSA-2004-0011 dealing with this issue. Please see the reference section for more information and details on obtaining fixes.

Debian has released advisory DSA 460-2 as an update to their original advisory (DSA 460-1). They have discovered that the original fixes did not completely resolve the issue. It is strongly recommended that users upgrade who are using the latest fixes.

The vendor has released Sysstat 5.0.2 to address the issue.

Gentoo has released advisory GLSA 200404-04 and fixes for this issue. They advise that users upgrade by taking the following steps at the command line:

# emerge sync
# emerge -pv ">=app-admin/sysstat-5.0.2"
# emerge ">=app-admin/sysstat-5.0.2"

Please see the referenced Gentoo advisory for more information.

SUSE has released an advisory SuSE-SA:2004:009 to address this and other issues. Please see the advisory for more information.


RedHat sysstat-4.0.7-3.i386.rpm

SGI ProPack 2.3

SGI ProPack 2.4

Sysstat Sysstat 4.0.1

Sysstat Sysstat 4.0.7

Sysstat Sysstat 4.1.1

Sysstat Sysstat 4.1.2

Sysstat Sysstat 4.1.3

Sysstat Sysstat 4.1.4

Sysstat Sysstat 4.1.5

Sysstat Sysstat 4.1.6

Sysstat Sysstat 4.1.7

Sysstat Sysstat 5.0.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站