CVE-2004-0968
CVSS2.1
发布时间 :2005-02-09 00:00:00
修订时间 :2016-12-07 21:59:41
NMCOP    

[原文]The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.


[CNNVD]GNU GLibC以不安全方式创建临时文件漏洞(CNNVD-200502-031)

        glibc是绝大多数Linux操作系统中C库的实现。
        GNU GLibC不安全建立临时文件,本地攻击者可以利用这个漏洞破坏系统文件,进行拒绝服务攻击。
        问题是由于应用程序在写临时文件时没有正确验证文件是否存在,攻击者利用此漏洞可以当前用户进程权限覆盖任意系统文件,可造成一定的拒绝服务。目前看起来不能利用此漏洞进行权限提升。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:gnu:glibc:2.3.10GNU glibc 2.3.10
cpe:/a:gnu:glibc:2.1.3.10
cpe:/o:redhat:enterprise_linux:3.0::workstation_server
cpe:/a:gnu:glibc:2.1GNU glibc 2.1
cpe:/a:gnu:glibc:2.2GNU glibc 2.2
cpe:/a:gnu:glibc:2.3GNU glibc 2.3
cpe:/a:gnu:glibc:2.1.9GNU glibc 2.1.9
cpe:/o:redhat:enterprise_linux:3.0::advanced_server
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/a:gnu:glibc:2.0GNU glibc 2.0
cpe:/a:gnu:glibc:2.0.6GNU glibc 2.0.6
cpe:/a:gnu:glibc:2.2.4GNU glibc 2.2.4
cpe:/a:gnu:glibc:2.3.3GNU glibc 2.3.3
cpe:/a:gnu:glibc:2.0.1GNU glibc 2.0.1
cpe:/a:gnu:glibc:2.0.5GNU glibc 2.0.5
cpe:/a:gnu:glibc:2.2.3GNU glibc 2.2.3
cpe:/a:gnu:glibc:2.3.2GNU glibc 2.3.2
cpe:/a:gnu:glibc:2.0.4GNU glibc 2.0.4
cpe:/a:gnu:glibc:2.1.3GNU glibc 2.1.3
cpe:/a:gnu:glibc:2.2.2GNU glibc 2.2.2
cpe:/a:gnu:glibc:2.3.1GNU glibc 2.3.1
cpe:/a:gnu:glibc:2.0.3GNU glibc 2.0.3
cpe:/a:gnu:glibc:2.1.2GNU glibc 2.1.2
cpe:/a:gnu:glibc:2.2.1GNU glibc 2.2.1
cpe:/a:gnu:glibc:2.0.2GNU glibc 2.0.2
cpe:/a:gnu:glibc:2.1.1GNU glibc 2.1.1
cpe:/a:gnu:glibc:2.1.1.6GNU glibc 2.1.1.6
cpe:/a:gnu:glibc:2.2.5GNU glibc 2.2.5
cpe:/a:gnu:glibc:2.3.4GNU glibc 2.3.4
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9523The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0968
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0968
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200502-031
(官方数据源) CNNVD

- 其它链接及资源

http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318
(UNKNOWN)  CONFIRM  http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318
http://security.gentoo.org/glsa/glsa-200410-19.xml
(UNKNOWN)  GENTOO  GLSA-200410-19
http://www.debian.org/security/2005/dsa-636
(UNKNOWN)  DEBIAN  DSA-636
http://www.redhat.com/support/errata/RHSA-2004-586.html
(UNKNOWN)  REDHAT  RHSA-2004:586
http://www.redhat.com/support/errata/RHSA-2005-261.html
(UNKNOWN)  REDHAT  RHSA-2005:261
http://www.securityfocus.com/bid/11286
(VENDOR_ADVISORY)  BID  11286
http://www.trustix.org/errata/2004/0050
(UNKNOWN)  TRUSTIX  2004-0050
http://xforce.iss.net/xforce/xfdb/17583
(VENDOR_ADVISORY)  XF  script-temporary-file-overwrite(17583)
https://www.ubuntu.com/usn/usn-4-1/
(UNKNOWN)  UBUNTU  USN-4-1

- 漏洞信息

GNU GLibC以不安全方式创建临时文件漏洞
低危 设计错误
2005-02-09 00:00:00 2005-10-20 00:00:00
本地  
        glibc是绝大多数Linux操作系统中C库的实现。
        GNU GLibC不安全建立临时文件,本地攻击者可以利用这个漏洞破坏系统文件,进行拒绝服务攻击。
        问题是由于应用程序在写临时文件时没有正确验证文件是否存在,攻击者利用此漏洞可以当前用户进程权限覆盖任意系统文件,可造成一定的拒绝服务。目前看起来不能利用此漏洞进行权限提升。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        GNU glibc 2.1.3
        Trustix glibc-2.1.3-23tr.i586.rpm
        Trustix Secure Linux 1.5
        ftp://ftp.trustix.org/pub/trustix/updates/
        Trustix glibc-devel-2.1.3-23tr.i586.rpm
        Trustix Secure Linux 1.5
        ftp://ftp.trustix.org/pub/trustix/updates/
        Trustix glibc-profile-2.1.3-23tr.i586.rpm
        Trustix Secure Linux 1.5
        ftp://ftp.trustix.org/pub/trustix/updates/
        GNU glibc 2.2.5
        Debian glibc-doc_2.2.5-11.8_all.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.2.5-1 1.8_all.deb
        Debian libc6-dbg_2.2.5-11.8_arm.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-1 1.8_arm.deb
        Debian libc6-dbg_2.2.5-11.8_hppa.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-1 1.8_hppa.deb
        Debian libc6-dbg_2.2.5-11.8_i386.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-1 1.8_i386.deb
        Debian libc6-dbg_2.2.5-11.8_m68k.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-1 1.8_m68k.deb
        Debian libc6-dbg_2.2.5-11.8_mips.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-1 1.8_mips.deb
        Debian libc6-dbg_2.2.5-11.8_mipsel.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-1 1.8_mipsel.deb
        Debian libc6-dbg_2.2.5-11.8_powerpc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-1 1.8_powerpc.deb
        Debian libc6-dbg_2.2.5-11.8_s390.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-1 1.8_s390.deb
        Debian libc6-dbg_2.2.5-11.8_sparc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-1 1.8_sparc.deb
        Debian libc6-dev-sparc64_2.2.5-11.8_sparc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64 _2.2.5-11.8_sparc.deb
        Debian libc6-dev_2.2.5-11.8_arm.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-1 1.8_arm.deb
        Debian libc6-dev_2.2.5-11.8_hppa.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-1 1.8_hppa.deb
        Debian libc6-dev_2.2.5-11.8_i386.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-1 1.8_i386.deb
        Debian libc6-dev_2.2.5-11.8_m68k.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-1 1.8_m68k.deb
        Debian libc6-dev_2.2.5-11.8_mips.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-1 1.8_mips.deb
        Debian libc6-dev_2.2.5-11.8_mipsel.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-1 1.8_mipsel.deb
        Debian libc6-dev_2.2.5-11.8_powerpc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-1 1.8_powerpc.deb
        Debian libc6-dev_2.2.5-11.8_s390.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-1 1.8_s390.deb
        Debian libc6-dev_2.2.5-11.8_sparc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-1 1.8_sparc.deb
        Debian libc6-pic_2.2.5-11.8_arm.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-1 1.8_arm.deb
        Debian libc6-pic_2.2.5-11.8_hppa.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-1 1.8_hppa.deb
        Debian libc6-pic_2.2.5-11.8_i386.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-1 1.8_i386.deb
        Debian libc6-pic_2.2.5-11.8_m68k.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-1 1.8_m68k.deb
        Debian libc6-pic_2.2.5-11.8_mips.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-1 1.8_mips.deb
        Debian libc6-pic_2.2.5-11.8_mipsel.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-1 1.8_mipsel.deb
        Debian libc6-pic_2.2.5-11.8_powerpc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-1 1.8_powerpc.deb
        Debian libc6-pic_2.2.5-11.8_s390.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-1 1.8_s390.deb
        Debian libc6-pic_2.2.5-11.8_sparc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-1 1.8_sparc.deb
        Debian libc6-prof_2.2.5-11.8_arm.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5- 11.8_arm.deb
        Debian libc6-prof_2.2.5-11.8_hppa.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5- 11.8_hppa.deb
        Debian libc6-prof_2.2.5-11.8_i386.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5- 11.8_i386.deb
        Debian libc6-prof_2.2.5-11.8_m68k.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5- 11.8_m68k.deb
        

- 漏洞信息 (F35712)

dsa-636.txt (PacketStormID:F35712)
2005-01-15 00:00:00
 
advisory
linux,debian
CVE-2004-0968
[点击下载]

Debian Security Advisory 636-1 - Several insecure uses of temporary files have been discovered in support scripts in the libc6 package which provides the c library for a GNU/Linux system. Trustix developers found that the catchsegv script uses temporary files insecurely. Openwall developers discovered insecure temporary files in the glibcbug script. These scripts are vulnerable to a symlink attack.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 636-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 12th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : glibc
Vulnerability  : insecure temporary files
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-0968
BugTraq ID     : 11286
Debian Bug     : 279680 278278 205600

Several insecure uses of temporary files have been discovered in
support scripts in the libc6 package which provices the c library for
a GNU/Linux system.  Trustix developers found that the catchsegv
script uses temporary files insecurely.  Openwall developers
discovered insecure temporary files in the glibcbug script.  These
scripts are vulnerable to a symlink attack.

For the stable distribution (woody) these problems have been fixed in
version 2.2.5-11.8.

For the unstable distribution (sid) these problems have been fixed in
version 2.3.2.ds1-20.

We recommend that you upgrade your libc6 package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.8.dsc
      Size/MD5 checksum:     1458 bc2b80a7f76bbf4243fa86f5245f5a50
    http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.8.diff.gz
      Size/MD5 checksum:   399970 4e1576598f13f2a628b3eef2c9bcdc48
    http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5.orig.tar.gz
      Size/MD5 checksum: 11370961 bf5653fdff22ee350bd7d48047cffab9

  Architecture independent components:

    http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.2.5-11.8_all.deb
      Size/MD5 checksum:  2699182 c7a50fe321349d3593a8aa14a1a2c86a
    http://security.debian.org/pool/updates/main/g/glibc/locales_2.2.5-11.8_all.deb
      Size/MD5 checksum:  3387990 8aaa9b854416e5a6e9b1a65b1bf7ea62

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.8_alpha.deb
      Size/MD5 checksum:  4557986 2a37871e21fdb5a514d09110814d43b5
    http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.8_alpha.deb
      Size/MD5 checksum:  1351232 def6755e17e3bc9384f9fa2c0d568b55
    http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.8_alpha.deb
      Size/MD5 checksum:  2981066 41abb2fe30295e762110e4e065c9e188
    http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.8_alpha.deb
      Size/MD5 checksum:  1321546 f41b8bce8503579888203ac22c866344
    http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.8_alpha.deb
      Size/MD5 checksum:  1538778 526584f3262d17309a68b1c8f8888ae6
    http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_alpha.deb
      Size/MD5 checksum:    69866 b7135768c78ffff5f453a3027e811d8b

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_arm.deb
      Size/MD5 checksum:  3686218 05ab21bcfd365fd6e56f6745eb0005fd
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_arm.deb
      Size/MD5 checksum:  2767406 c5d453caa9030ebf82023e3ded3ff844
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_arm.deb
      Size/MD5 checksum:  2863418 4bf8522f010cc826fd494e8deac0a504
    http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_arm.deb
      Size/MD5 checksum:  1182298 6197804eeb01e05a195b4360115cb19d
    http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_arm.deb
      Size/MD5 checksum:  1282776 557442af8531a7dccf5ed38865edfac1
    http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_arm.deb
      Size/MD5 checksum:    59674 c191744f43225bc100f127267dbbd38b

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_i386.deb
      Size/MD5 checksum:  3383144 143978addc25816d4da0e850549a17fb
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_i386.deb
      Size/MD5 checksum:  2433964 efb2d99d347c2bd1f7a0904c1df18201
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_i386.deb
      Size/MD5 checksum:  2390882 78374bee4d59301db2ef508c44517260
    http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_i386.deb
      Size/MD5 checksum:   841904 509a1fb214b2880222014ed345ae0b5b
    http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_i386.deb
      Size/MD5 checksum:   936090 6580c4efcd07515f68cc557a5daeb595
    http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_i386.deb
      Size/MD5 checksum:    59370 07ce697d3001a44f9f69bd821cb4cd4a

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.8_ia64.deb
      Size/MD5 checksum:  4438400 92d599315311e05a48512c09a392aa0e
    http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.8_ia64.deb
      Size/MD5 checksum:  8369602 901aa7a7845578ae6c85ccced230924b
    http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.8_ia64.deb
      Size/MD5 checksum:  3546980 2508ffbed6680d16324fc2948b08e73a
    http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.8_ia64.deb
      Size/MD5 checksum:  1366172 7cc362b3711521d6f5d1b197f7a8b045
    http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.8_ia64.deb
      Size/MD5 checksum:  1638402 f5294fe899e09f7fecbef931110d8d50
    http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_ia64.deb
      Size/MD5 checksum:    69942 a79f9355cd77c4eaadbca7662f618c6a

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_hppa.deb
      Size/MD5 checksum:  4171374 01206d5d4970e85ba0f3ced021f0be87
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_hppa.deb
      Size/MD5 checksum:  3060876 3005ba0066bde9cb5b8a4acf322e236a
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_hppa.deb
      Size/MD5 checksum:  2897412 30a3ee4e876c8e5fbd8f8337c95876c1
    http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_hppa.deb
      Size/MD5 checksum:  1280802 460366989b573c75bf6a87ad0ff12271
    http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_hppa.deb
      Size/MD5 checksum:  1445874 15abac5f1a0ba739fe92a866b9f05e9c
    http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_hppa.deb
      Size/MD5 checksum:    62782 180e79bd7cad42a5bfc8dfc1ff898fdc

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_m68k.deb
      Size/MD5 checksum:  3506132 6944762f2008e8455f6116d01e00712f
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_m68k.deb
      Size/MD5 checksum:  2430672 eb8ed07f4979afa684fc0c13e0aa1608
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_m68k.deb
      Size/MD5 checksum:  2284400 5c51d36868f57600a481e53259733d69
    http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_m68k.deb
      Size/MD5 checksum:   731902 187dddf8ea4bc4404ad1a62b276c8b24
    http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_m68k.deb
      Size/MD5 checksum:   839298 e97e9b57d6fd2dea774ae33739a5486e
    http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_m68k.deb
      Size/MD5 checksum:    58264 75601dccba26cb706ed8caa53ea25a7e

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_mips.deb
      Size/MD5 checksum:  3864828 c9a688e83c24c9098b50602b63e777c4
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_mips.deb
      Size/MD5 checksum:  3846450 4d9aa1133ea550814b553f19ccace4e8
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_mips.deb
      Size/MD5 checksum:  3020726 08425a684bd8b8b363351c099fcec37f
    http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_mips.deb
      Size/MD5 checksum:  1204310 38a52a2e0807bb3400f4d0109cb59609
    http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_mips.deb
      Size/MD5 checksum:  1358842 5de4e0fea3ca4d405bf3f718a54a87f4
    http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_mips.deb
      Size/MD5 checksum:    61308 50ff02f524d05c3cbb5ba261feedad93

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_mipsel.deb
      Size/MD5 checksum:  3732104 7c6bca23f53680184c58b5242e849243
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_mipsel.deb
      Size/MD5 checksum:  3753524 d54f0987fd3f4c498ca1b3c68967046f
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_mipsel.deb
      Size/MD5 checksum:  2990830 4b535ca534ebf3f4ab72fd22ae217257
    http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_mipsel.deb
      Size/MD5 checksum:  1198340 7a25bfbf8be5a06fe49ab1c60e3e1aa3
    http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_mipsel.deb
      Size/MD5 checksum:  1353312 fb493b6a38d0c1c3c3d8ba4ac6445d8c
    http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_mipsel.deb
      Size/MD5 checksum:    61278 be5ad77f538097518a61bacfdb43f6f1

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_powerpc.deb
      Size/MD5 checksum:  3980286 2e30f4f5b255e02cb1c3ccd5b903ee5c
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_powerpc.deb
      Size/MD5 checksum:  2870050 ae157ed4b6887b1cbe7c8e96031cdc50
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_powerpc.deb
      Size/MD5 checksum:  2821732 28fefa99550df3ea8669fef5d673ac87
    http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_powerpc.deb
      Size/MD5 checksum:  1148836 31be5ee73ab206a6b1478b1774b3c1bc
    http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_powerpc.deb
      Size/MD5 checksum:  1343770 4c7ad144576df8cf7ec0600dc3db1b7a
    http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_powerpc.deb
      Size/MD5 checksum:    60310 b8231054deac769a91262010fd20ec8c

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_s390.deb
      Size/MD5 checksum:  3937552 0a06a0800512d0c8c498dc73407e74d5
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_s390.deb
      Size/MD5 checksum:  1229312 11ef3b4b76a1d11e08b61313e2eb5ace
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_s390.deb
      Size/MD5 checksum:  2624946 a7dd12533f70a9b84e7dc4d5f6ce6004
    http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_s390.deb
      Size/MD5 checksum:  1108534 881dc7501c54073766949a47f8060e15
    http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_s390.deb
      Size/MD5 checksum:  1187536 e504a04c00f655373e573f55a82e12d7
    http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_s390.deb
      Size/MD5 checksum:    61312 06d072845af84ffb1487e0eb75c5bfab

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_sparc.deb
      Size/MD5 checksum:  3863658 bc662d54a4174a3de369d3defeec2e4d
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_sparc.deb
      Size/MD5 checksum:  2816612 ec8f0d6d5e23e27446eaf43d840098a5
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_sparc.deb
      Size/MD5 checksum:  2764334 f35d4dce282125476a800a0f79017a55
    http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.2.5-11.8_sparc.deb
      Size/MD5 checksum:  1631776 798a588c7f300c0025d4b3b298d616b5
    http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_sparc.deb
      Size/MD5 checksum:  1146738 a681d60dc0a75f0d30a1a274842a86b1
    http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_sparc.deb
      Size/MD5 checksum:  1258388 551ef7b7b149e288c90e53fec19073e5
    http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.2.5-11.8_sparc.deb
      Size/MD5 checksum:  4184798 9d62c1f3dfc942e8c41e4e3954dc712d
    http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_sparc.deb
      Size/MD5 checksum:    60220 0067b2de58cfd2663380220a489706c0


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB5TN6W5ql+IAeqTIRAv+gAJ9wIt390sMEDVourQbGRh02Pmi5gQCfdx5g
FDQWPYEtQ/L0GidjvQq3XWM=
=nraA
-----END PGP SIGNATURE-----

    

- 漏洞信息

11040
GNU C Library (glibc) catchsegv Script Symlink Arbitrary File Overwrite
Local Access Required Race Condition
Vendor Verified

- 漏洞描述

- 时间线

2004-10-22 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站