CVE-2004-0564
CVSS2.1
发布时间 :2004-12-23 00:00:00
修订时间 :2016-10-17 22:46:08
NMCOPS    

[原文]Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings.


[CNNVD]Roaring Penguin PPPoE覆盖任意文件漏洞(CNNVD-200412-113)

        安装或配置Roaring Penguin pppoe (rp-ppoe)时违反设计运行设置用户标识符根目录产生漏洞。本地用户可以利用该漏洞覆盖任意文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:roaring_penguin:pppoe:3.3
cpe:/a:roaring_penguin:pppoe:3.5
cpe:/o:debian:debian_linux:3.0::ia-32
cpe:/a:roaring_penguin:pppoe:3.0
cpe:/o:debian:debian_linux:3.0::ppc
cpe:/o:debian:debian_linux:3.0::arm
cpe:/o:debian:debian_linux:3.0::mipsel
cpe:/o:debian:debian_linux:3.0::hppa
cpe:/o:debian:debian_linux:3.0::ia-64
cpe:/o:debian:debian_linux:3.0::mips
cpe:/o:debian:debian_linux:3.0::alpha
cpe:/o:debian:debian_linux:3.0::m68k
cpe:/o:debian:debian_linux:3.0::sparc
cpe:/o:debian:debian_linux:3.0Debian Debian Linux 3.0
cpe:/o:debian:debian_linux:3.0::s-390

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0564
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0564
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-113
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110247119200510&w=2
(UNKNOWN)  MANDRAKE  MDKSA-2004:145
http://marc.info/?l=bugtraq&m=110253341209450&w=2
(UNKNOWN)  BUGTRAQ  20041208 Re: MDKSA-2004:145 - Updated rp-pppoe packages fix vulnerability
http://www.debian.org/security/2004/dsa-557
(VENDOR_ADVISORY)  DEBIAN  DSA-557
http://www.fedoralegacy.org/updates/FC1/2005-11-14-FLSA_2005_152794__Updated_rp_pppoe_package_fixes_security_issue.html
(UNKNOWN)  FEDORA  FLSA:152794
http://www.securityfocus.com/bid/11315
(VENDOR_ADVISORY)  BID  11315
http://xforce.iss.net/xforce/xfdb/17576
(VENDOR_ADVISORY)  XF  pppoe-file-overwrite(17576)

- 漏洞信息

Roaring Penguin PPPoE覆盖任意文件漏洞
低危 设计错误
2004-12-23 00:00:00 2005-10-20 00:00:00
本地  
        安装或配置Roaring Penguin pppoe (rp-ppoe)时违反设计运行设置用户标识符根目录产生漏洞。本地用户可以利用该漏洞覆盖任意文件。

- 公告与补丁

        Debian Linux has released an advisory (DSA 557-1) along with fixes dealing with this issue. Please see the referenced advisory for more information.
        MandrakeSoft has issued an advisory (MDKSA-2004:145) along with patched upgrades. Please see the referenced advisory for more information.
        Redhat has released an advisory (FLSA:152794 along with fixes dealing with this issue. Please see the referenced advisory for more information.
        Roaring Penguin Software PPPoE 3.3
        
        Roaring Penguin Software PPPoE 3.5
        

- 漏洞信息 (F34574)

dsa-557.txt (PacketStormID:F34574)
2004-10-13 00:00:00
Max Vozeler  debian.org
advisory,root
linux,debian
CVE-2004-0564
[点击下载]

Debian Security Advisory DSA 557-1 - When the program pppoe is running setuid root, an attacker could overwrite any file on the file system.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 557-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 4th, 2004                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : rp-pppoe, pppoe
Vulnerability  : missing privilegue dropping
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0564

Max Vozeler discovered a vulnerability in pppoe, the PPP over Ethernet
driver from Roaring Penguin.  When the program is running setuid root
(which is not the case in a default Debian installation), an attacker
could overwrite any file on the file system.

For the stable distribution (woody) this problem has been fixed in
version 3.3-1.2.

For the unstable distribution (sid) this problem has been fixed in
version 3.5-4.

We recommend that you upgrade your pppoe package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/r/rp-pppoe/rp-pppoe_3.3-1.2.dsc
      Size/MD5 checksum:      571 20a98e281e9effbdbe253d5f1ec7c07b
    http://security.debian.org/pool/updates/main/r/rp-pppoe/rp-pppoe_3.3-1.2.diff.gz
      Size/MD5 checksum:    17171 840c64159a02c63bcd84ad84acbcfbbe
    http://security.debian.org/pool/updates/main/r/rp-pppoe/rp-pppoe_3.3.orig.tar.gz
      Size/MD5 checksum:   171480 1cd6bc22f7601f769bb654db4a15b15d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_alpha.deb
      Size/MD5 checksum:    83104 ea1e596bbd07d28d272c723ef627b935

  ARM architecture:

    http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_arm.deb
      Size/MD5 checksum:    60492 6f90f09bbb0115dd8b5aa08970fc7007

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_i386.deb
      Size/MD5 checksum:    54276 765e571caff2562b74bdae9636712d58

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_ia64.deb
      Size/MD5 checksum:    90212 c03d1045236ee6aaf0bec77e287b0a50

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_hppa.deb
      Size/MD5 checksum:    64064 8669b8c254a243fbb4620e9cf5ac5905

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_m68k.deb
      Size/MD5 checksum:    51000 23a16fdf89476bdf62107667d9f71d50

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_mips.deb
      Size/MD5 checksum:    68078 750310a89f7f34d0e8921efb45999cda

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_mipsel.deb
      Size/MD5 checksum:    68320 eb2c9ea82226df16363392e78ab04fb1

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_powerpc.deb
      Size/MD5 checksum:    56970 dd068ef0338515cc0a846ed1dfdf0dbc

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_s390.deb
      Size/MD5 checksum:    58376 8b520d4fc7ff356d40e7f7fc1b10b8e3

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/r/rp-pppoe/pppoe_3.3-1.2_sparc.deb
      Size/MD5 checksum:    64326 c5523f8e12ec9bd01a003912df5611a7


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBYSMJW5ql+IAeqTIRAtO0AJ92EvDNM/PdhkdErRBGPecw64hhfACdFHEz
Qyws0FhUZmFPQdgRAVW72Rw=
=GgYg
-----END PGP SIGNATURE-----

    

- 漏洞信息

10547
Roaring Penguin PPPoE -D Option Local Privilege Escalation

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-10-07 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Roaring Penguin PPPoE Arbitrary File Overwrite Vulnerability
Design Error 11315
No Yes
2004-10-04 12:00:00 2009-07-12 07:06:00
Discovery of this issue is credited to Max Vozeler.

- 受影响的程序版本

Roaring Penguin Software PPPoE 3.5
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
Roaring Penguin Software PPPoE 3.3
+ MandrakeSoft Multi Network Firewall 2.0
Roaring Penguin Software PPPoE 3.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
Red Hat Fedora Core1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0

- 漏洞讨论

Roaring Penguin PPPoE is vulnerable to a local arbitrary file overwrite vulnerability. This issue is due to a failure of the affected driver to properly validate the existence of temporary files prior to writing to them.

An attacker may exploit this vulnerability to overwrite any file on the affected computer if the setuid superuser bit is set privileges. It should be noted that this application is not installed with the setuid bit set by default.

The author has stated that the package is not designed to be configured with setuid privileges, and that vendors distributing this package installed in such a manor should immediately correct the situation.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

Debian Linux has released an advisory (DSA 557-1) along with fixes dealing with this issue. Please see the referenced advisory for more information.

MandrakeSoft has issued an advisory (MDKSA-2004:145) along with patched upgrades. Please see the referenced advisory for more information.

Redhat has released an advisory (FLSA:152794 along with fixes dealing with this issue. Please see the referenced advisory for more information.


Roaring Penguin Software PPPoE 3.3

Roaring Penguin Software PPPoE 3.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站