CVE-2004-0279
CVSS7.2
发布时间 :2004-11-23 00:00:00
修订时间 :2016-10-17 22:43:01
NMCOS    

[原文]AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary files via a symlink attack on /tmp/AS.log.


[CNNVD]AIM Sniff临时文件符号链接攻击漏洞(CNNVD-200411-083)

        
        AIM Sniff是用于监视,嗅探AOL通信的工具。
        AIM Sniff存在符号连接漏洞,本地攻击者可以利用这个漏洞破坏系统文件或提升权限。
        由于aimSniff.pl建立临时文件时不安全,建立的临时文件名可以被猜测,利用符号链接,可以运行此工具的用户权限破坏系统文件,造成拒绝服务,调用这个脚本需要root用户权限,有可能导致攻击者获得root用户权限。
        

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:aim_sniff:aim_sniff:0.9
cpe:/a:aim_sniff:aim_sniff:0.8
cpe:/a:aim_sniff:aim_sniff:0.7
cpe:/a:aim_sniff:aim_sniff:0.9b
cpe:/a:aim_sniff:aim_sniff:0.6

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0279
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0279
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200411-083
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=107662243303439&w=2
(UNKNOWN)  BUGTRAQ  20040212 aimSniff.pl file "deletion" (local)
http://www.securityfocus.com/bid/9653
(VENDOR_ADVISORY)  BID  9653
http://xforce.iss.net/xforce/xfdb/15199
(VENDOR_ADVISORY)  XF  aim-sniff-symlink(15199)

- 漏洞信息

AIM Sniff临时文件符号链接攻击漏洞
高危 访问验证错误
2004-11-23 00:00:00 2005-10-20 00:00:00
本地  
        
        AIM Sniff是用于监视,嗅探AOL通信的工具。
        AIM Sniff存在符号连接漏洞,本地攻击者可以利用这个漏洞破坏系统文件或提升权限。
        由于aimSniff.pl建立临时文件时不安全,建立的临时文件名可以被猜测,利用符号链接,可以运行此工具的用户权限破坏系统文件,造成拒绝服务,调用这个脚本需要root用户权限,有可能导致攻击者获得root用户权限。
        

- 公告与补丁

        厂商补丁:
        AIM Sniff
        ---------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        AIM Sniff Upgrade AIM Sniff 0.9d
        
        http://prdownloads.sourceforge.net/aimsniff/aimsniff-0.9d.tar.gz?download

- 漏洞信息

6381
AOL Instant Messenger (AIM) Sniff aimSniff.pl Symlink Arbitrary File Overwrite
Local Access Required Denial of Service, Race Condition
Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

AIMsniff contains a flaw that may allow a malicious user to overwrite any file on your filesystem. The issue is triggered when AIMsniff exists, and writes to /tmp/AS.log. It is possible that the flaw may allow a race condition resulting in a loss of integrity and availability.

- 时间线

2004-02-12 Unknow
2004-02-12 Unknow

- 解决方案

Upgrade to version 0.9d or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): in aimsniff.pl, change the line saying: open(LOG,">/tmp/AS.log") or die "Could not open debug file: $^E\n"; to: unlink("/tmp/AS.log"); sysopen(FH,"/tmp/AS.log",O_WRONLY|O_EXECL|O_CREAT,0600); (or) Change (at line 55): my $debug2=1; to: my $debug2=0;

- 相关参考

- 漏洞作者

- 漏洞信息

AIM Sniff Temporary File Symlink Attack Vulnerability
Access Validation Error 9653
No Yes
2004-02-12 12:00:00 2009-07-12 02:06:00
Discover of this vulnerability has been credited to Martin <broadcast@mail.ptraced.net>.

- 受影响的程序版本

AIM Sniff AIM Sniff 0.9 b
AIM Sniff AIM Sniff 0.9
AIM Sniff AIM Sniff 0.8
AIM Sniff AIM Sniff 0.7
AIM Sniff AIM Sniff 0.6
AIM Sniff AIM Sniff 0.9 d

- 不受影响的程序版本

AIM Sniff AIM Sniff 0.9 d

- 漏洞讨论

AIM Sniff has been reported prone to a Symbolic link vulnerability. The issue presents itself, because the aimSniff.pl script creates temporary files in an insecure manner.

An attacker may exploit this issue to corrupt arbitrary files. This corruption may potentially result in the elevation of privileges, or in a system wide denial of service.

It has been reported that a user will require root privileges to invoke the affected script; this may magnify the impact of this vulnerability.

- 漏洞利用

There is no exploit required.

- 解决方案

The vendor has supplied an upgrade to address this issue:


AIM Sniff AIM Sniff 0.6

AIM Sniff AIM Sniff 0.7

AIM Sniff AIM Sniff 0.8

AIM Sniff AIM Sniff 0.9

AIM Sniff AIM Sniff 0.9 b

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站