CVE-2004-0581
CVSS4.6
发布时间 :2004-08-06 00:00:00
修订时间 :2008-09-05 16:38:48
NMCOS    

[原文]ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.


[CNNVD]KSymoops KSymoops-GZNM处理不安全的临时文件符号链接漏洞(CNNVD-200408-119)

        Mandrake Linux 9.1到10.0版本以及Corporate Server 2.1版本中的ksymoops-gznm脚本存在漏洞。本地用户可以通过在/ tmp目录文件上的链接攻击删除任意文件。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64
cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64
cpe:/o:mandrakesoft:mandrake_linux:9.2MandrakeSoft Mandrake Linux 9.2
cpe:/o:mandrakesoft:mandrake_linux:9.1::ppc
cpe:/o:mandrakesoft:mandrake_linux:10.0MandrakeSoft Mandrake Linux 10.0
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64
cpe:/a:gnu:ksymoops:2.4.5GNU Ksymoops 2.4.5
cpe:/a:gnu:ksymoops:2.4.9GNU Ksymoops 2.4.9
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1MandrakeSoft Mandrake Linux Corporate Server 2.1
cpe:/o:mandrakesoft:mandrake_linux:9.1MandrakeSoft Mandrake Linux 9.1
cpe:/a:gnu:ksymoops:2.4.8GNU Ksymoops 2.4.8

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0581
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0581
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-119
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/10516
(VENDOR_ADVISORY)  BID  10516
http://xforce.iss.net/xforce/xfdb/16392
(VENDOR_ADVISORY)  XF  ksymoops-symlink(16392)
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:060
(UNKNOWN)  MANDRAKE  MDKSA-2004:060

- 漏洞信息

KSymoops KSymoops-GZNM处理不安全的临时文件符号链接漏洞
中危 访问验证错误
2004-08-06 00:00:00 2005-10-20 00:00:00
本地  
        Mandrake Linux 9.1到10.0版本以及Corporate Server 2.1版本中的ksymoops-gznm脚本存在漏洞。本地用户可以通过在/ tmp目录文件上的链接攻击删除任意文件。

- 公告与补丁

        Mandrake has released an advisory(MDKSA-2004:060) and updates to address this issue in Mandrake Linux. Users are advised to read the referenced advisory for further details regarding obtaining and applying appropriate updates.
        GNU Ksymoops 2.4.5
        
        GNU Ksymoops 2.4.8
        
        GNU Ksymoops 2.4.9
        

- 漏洞信息

6947
Mandrake Linux ksymoops-gznm Arbitrary File Deletion
Local Access Required Race Condition
Loss of Integrity
Exploit Public

- 漏洞描述

Mandrake Linux contains a flaw that may allow a malicious user to perform a symlink attack. The issue is due to insecure tempotary file creation in the "/tmp" directory by the ksymoops-gznm script. It is possible that the flaw may allow a local attacker to delete arbitrary file on the system with a symlink pointing to an arbitrary file, resulting in a loss of integrity.

- 时间线

2004-06-12 Unknow
2004-06-12 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, MandrakeSoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

KSymoops KSymoops-GZNM Insecure Temporary File Handling Symbolic Link Vulnerability
Access Validation Error 10516
No Yes
2004-06-10 12:00:00 2009-07-12 05:16:00
Discovery of this vulnerability is credited to Geoffrey Lee.

- 受影响的程序版本

Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
Mandriva Linux Mandrake 9.2 amd64
Mandriva Linux Mandrake 9.2
Mandriva Linux Mandrake 9.1 ppc
Mandriva Linux Mandrake 9.1
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
GNU Ksymoops 2.4.9
GNU Ksymoops 2.4.8
GNU Ksymoops 2.4.5

- 漏洞讨论

Ksymoops ships with several scripts, one of these scripts is 'ksymoops-gznm'. It is reported that the 'ksymoops-gznm' script is prone to a local insecure temporary file handling symbolic link vulnerability. This issue is due to a design error that allows the application to insecurely write to a temporary file that is created with a predictable file name. The script will write to this file before verifying its existence; this would facilitate a symbolic link attack.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Mandrake has released an advisory(MDKSA-2004:060) and updates to address this issue in Mandrake Linux. Users are advised to read the referenced advisory for further details regarding obtaining and applying appropriate updates.


GNU Ksymoops 2.4.5

GNU Ksymoops 2.4.8

GNU Ksymoops 2.4.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站