CVE-2004-0880
CVSS1.2
发布时间 :2005-01-27 00:00:00
修订时间 :2016-10-17 22:49:35
NMCOS    

[原文]getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.


[CNNVD]getmail Smylink 文件覆盖漏洞(CNNVD-200501-293)

        getmail是一款Linux系统下的邮件收发程序。
        getmail 4.x中4.2.0之前版本存在文件覆盖漏洞。
        当getmail以root身份运行时,本地用户可通过穿件mbox文件链接当方式,覆盖任意文件。

- CVSS (基础分值)

CVSS分值: 1.2 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:slackware:slackware_linux:9.1Slackware Linux 9.1
cpe:/a:getmail:getmail:4.0.12
cpe:/a:getmail:getmail:4.0.11
cpe:/a:getmail:getmail:4.0.13
cpe:/a:getmail:getmail:4.0.5
cpe:/a:getmail:getmail:4.1.4
cpe:/a:getmail:getmail:2.3.7
cpe:/a:getmail:getmail:4.0.4
cpe:/a:getmail:getmail:4.1.3
cpe:/a:getmail:getmail:4.0.10
cpe:/a:getmail:getmail:4.0.7
cpe:/a:getmail:getmail:4.0.6
cpe:/a:getmail:getmail:4.1.5
cpe:/a:getmail:getmail:4.0.1
cpe:/a:getmail:getmail:4.0.3
cpe:/a:getmail:getmail:4.1.2
cpe:/a:getmail:getmail:4.0.2
cpe:/a:getmail:getmail:4.1.1
cpe:/o:slackware:slackware_linux:current
cpe:/a:getmail:getmail:3.x
cpe:/a:getmail:getmail:4.1
cpe:/a:getmail:getmail:4.0
cpe:/o:gentoo:linux:1.4Gentoo Linux 1.4
cpe:/a:getmail:getmail:4.0.9
cpe:/a:getmail:getmail:4.0.8
cpe:/o:slackware:slackware_linux:10.0Slackware Linux 10.0
cpe:/a:getmail:getmail:4.0.0_b10

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0880
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0880
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-293
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109571883130372&w=2
(UNKNOWN)  BUGTRAQ  20040919 Local root compromise possible with getmail
http://security.gentoo.org/glsa/glsa-200409-32.xml
(UNKNOWN)  GENTOO  GLSA-200409-32
http://www.debian.org/security/2004/dsa-553
(UNKNOWN)  DEBIAN  DSA-553
http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG
(UNKNOWN)  CONFIRM  http://www.qcc.ca/~charlesc/software/getmail-4/CHANGELOG
http://xforce.iss.net/xforce/xfdb/17437
(VENDOR_ADVISORY)  XF  getmail-mbox-race-condition(17437)

- 漏洞信息

getmail Smylink 文件覆盖漏洞
低危 竞争条件
2005-01-27 00:00:00 2005-10-20 00:00:00
本地  
        getmail是一款Linux系统下的邮件收发程序。
        getmail 4.x中4.2.0之前版本存在文件覆盖漏洞。
        当getmail以root身份运行时,本地用户可通过穿件mbox文件链接当方式,覆盖任意文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://pyropus.ca/software/getmail/

- 漏洞信息

10072
getmail /tmp Symlink Local Privilege Escalation
Local Access Required Race Condition
Loss of Integrity
Exploit Unknown

- 漏洞描述

Getmail contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local user creates a symlink from a critical file to an mbox file or a subdirectory of maildir. This flaw may lead to a loss of integrity.

- 时间线

2004-09-19 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 4.2.0 or higher, as it has been reported to fix this vulnerability. If using 3.x, upgrade to version 3.2.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Getmail Local Symbolic Link Vulnerability
Race Condition Error 11224
No Yes
2004-09-20 12:00:00 2009-07-12 07:06:00
The discovery of this issue is credited to David Watson.

- 受影响的程序版本

Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux -current
getmail getmail 4.1.5
getmail getmail 4.1.4
getmail getmail 4.1.3
getmail getmail 4.1.2
getmail getmail 4.1.1
getmail getmail 4.1
getmail getmail 4.0.13
getmail getmail 4.0.12
getmail getmail 4.0.11
getmail getmail 4.0.10
getmail getmail 4.0.9
getmail getmail 4.0.8
getmail getmail 4.0.7
getmail getmail 4.0.6
getmail getmail 4.0.5
getmail getmail 4.0.4
getmail getmail 4.0.3
getmail getmail 4.0.2
getmail getmail 4.0.1
getmail getmail 4.0 .0b10
getmail getmail 4.0
getmail getmail 2.3.7
getmail getmail 3.x
Gentoo Linux 1.4
getmail getmail 4.2
getmail getmail 3.2.5

- 不受影响的程序版本

getmail getmail 4.2
getmail getmail 3.2.5

- 漏洞讨论

Reportedly getmail is affected by a local symbolic link vulnerability. This issue is due to a failure of the application to validate files prior to writing to them.

An attacker may leverage this issue to cause arbitrary files to be written to with the privileges of a user that sends messages to an attacker-controlled file. This may facilitate privilege escalation or destruction of data.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

The vendor has released an upgrade dealing with this issue.

Gentoo Linux has released advisory GLSA 200409-32 addressing this issue. Please see the referenced advisory for further information. Users of affected packages are urged to execute the following with superuser privileges:
emerge sync
emerge -pv ">=net-mail/getmail-4.2.0"
emerge ">=net-mail/getmail-4.2.0"

Debian has released an advisory (DSA 553-1) and fixes to address this issue. See the referenced advisory for fix information.

Slackware Linux has released advisory SSA:2004-278-01 along with fixes to address this issue. Please see the referenced advisory for further information.


Slackware Linux -current

Slackware Linux 10.0

getmail getmail 2.3.7

getmail getmail 4.0

getmail getmail 4.0 .0b10

getmail getmail 4.0.1

getmail getmail 4.0.10

getmail getmail 4.0.11

getmail getmail 4.0.12

getmail getmail 4.0.13

getmail getmail 4.0.2

getmail getmail 4.0.3

getmail getmail 4.0.4

getmail getmail 4.0.5

getmail getmail 4.0.6

getmail getmail 4.0.7

getmail getmail 4.0.8

getmail getmail 4.0.9

getmail getmail 4.1

getmail getmail 4.1.1

getmail getmail 4.1.2

getmail getmail 4.1.3

getmail getmail 4.1.4

getmail getmail 4.1.5

Slackware Linux 9.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站