CVE-2004-0975
CVSS2.1
发布时间 :2005-02-09 00:00:00
修订时间 :2010-08-21 00:21:34
NMCOS    

[原文]The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.


[CNNVD]OpenSSL DER_CHOP不安全临时文件创建漏洞(CNNVD-200502-020)

        OpenSSL是一套开放源代码的SSL套件。
        Trustix Secure Linux 1.5至2.1以及其他操作系统的openssl程序包中的der_chop脚本,可让本地用户通过象征性的链接攻击临时文件,从而覆盖这些文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64
cpe:/o:mandrakesoft:mandrake_linux:10.1MandrakeSoft Mandrake Linux 10.1
cpe:/a:openssl:openssl:0.9.6aOpenSSL Project OpenSSL 0.9.6a
cpe:/a:mandrakesoft:mandrake_multi_network_firewall:8.2MandrakeSoft Mandrake Multi Network Firewall 8.2
cpe:/a:openssl:openssl:0.9.6OpenSSL Project OpenSSL 0.9.6
cpe:/o:mandrakesoft:mandrake_linux:10.1::x86_64
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64
cpe:/a:openssl:openssl:0.9.6hOpenSSL Project OpenSSL 0.9.6h
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1MandrakeSoft Mandrake Linux Corporate Server 2.1
cpe:/a:openssl:openssl:0.9.6gOpenSSL Project OpenSSL 0.9.6g
cpe:/o:gentoo:linuxGentoo Linux
cpe:/a:openssl:openssl:0.9.6lOpenSSL Project OpenSSL 0.9.6l
cpe:/a:openssl:openssl:0.9.7cOpenSSL Project OpenSSL 0.9.7c
cpe:/a:openssl:openssl:0.9.6fOpenSSL Project OpenSSL 0.9.6f
cpe:/a:openssl:openssl:0.9.6jOpenSSL Project OpenSSL 0.9.6j
cpe:/a:openssl:openssl:0.9.6bOpenSSL Project OpenSSL 0.9.6b
cpe:/a:openssl:openssl:0.9.6cOpenSSL Project OpenSSL 0.9.6c
cpe:/a:openssl:openssl:0.9.7dOpenSSL Project OpenSSL 0.9.7d
cpe:/a:openssl:openssl:0.9.6iOpenSSL Project OpenSSL 0.9.6i
cpe:/a:openssl:openssl:0.9.6eOpenSSL Project OpenSSL 0.9.6e
cpe:/a:openssl:openssl:0.9.6kOpenSSL Project OpenSSL 0.9.6k
cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64
cpe:/o:mandrakesoft:mandrake_linux:9.2MandrakeSoft Mandrake Linux 9.2
cpe:/a:openssl:openssl:0.9.6mOpenSSL Project OpenSSL 0.9.6m
cpe:/a:openssl:openssl:0.9.6dOpenSSL Project OpenSSL 0.9.6d
cpe:/o:mandrakesoft:mandrake_linux:10.0MandrakeSoft Mandrake Linux 10.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:164Trustix Secure Linux der_chop Script Symlink Attack Vulnerability
oval:org.mitre.oval:def:10621The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwri...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0975
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0975
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200502-020
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/11293
(VENDOR_ADVISORY)  BID  11293
http://xforce.iss.net/xforce/xfdb/17583
(VENDOR_ADVISORY)  XF  script-temporary-file-overwrite(17583)
http://www.trustix.org/errata/2004/0050
(UNKNOWN)  TRUSTIX  2004-0050
http://www.gentoo.org/security/en/glsa/glsa-200411-15.xml
(UNKNOWN)  GENTOO  GLSA-200411-15
http://www.debian.org/security/2004/dsa-603
(UNKNOWN)  DEBIAN  DSA-603
http://secunia.com/advisories/12973
(UNKNOWN)  SECUNIA  12973
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302
(UNKNOWN)  CONFIRM  http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136302
http://www.redhat.com/support/errata/RHSA-2005-476.html
(UNKNOWN)  REDHAT  RHSA-2005:476

- 漏洞信息

OpenSSL DER_CHOP不安全临时文件创建漏洞
低危 设计错误
2005-02-09 00:00:00 2005-10-20 00:00:00
本地  
        OpenSSL是一套开放源代码的SSL套件。
        Trustix Secure Linux 1.5至2.1以及其他操作系统的openssl程序包中的der_chop脚本,可让本地用户通过象征性的链接攻击临时文件,从而覆盖这些文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        OpenSSL Project OpenSSL 0.9.6 c

- 漏洞信息

11125
OpenSSL der_chop Script Symlink Arbitrary File Modification
Local Access Required Race Condition
Loss of Integrity
Exploit Public

- 漏洞描述

The OpenSSL der_chop script contains a flaw that may allow a malicious user to overwrite files with the permissions of the user running the script. The issue is due to the creation of world-writeable symlinks with predictable names; attackers may change where these links point, and thus specify the data that will be written, resulting in a loss of integrity.

- 时间线

2004-09-30 Unknow
2004-09-30 Unknow

- 解决方案

Upgrade to version 0.9.7c or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

OpenSSL DER_CHOP Insecure Temporary File Creation Vulnerability
Design Error 11293
No Yes
2004-09-30 12:00:00 2009-07-12 07:06:00
The individual or individuals responsible for the discovery of this issue is currently unknown; Trustix security engineers are credited with these discoveries.

- 受影响的程序版本

Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Home
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
SGI ProPack 3.0
SGI Advanced Linux Environment 3.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Fedora Core3
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
OpenSSL Project OpenSSL 0.9.7 d
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
OpenSSL Project OpenSSL 0.9.7 c
+ OpenPKG OpenPKG 2.0
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux -current
OpenSSL Project OpenSSL 0.9.6 m
OpenSSL Project OpenSSL 0.9.6 l
OpenSSL Project OpenSSL 0.9.6 k
+ Blue Coat Systems CacheOS CA/SA 4.1.10
+ Blue Coat Systems Security Gateway OS 3.1
+ Blue Coat Systems Security Gateway OS 3.0
+ Blue Coat Systems Security Gateway OS 2.1.5001 SP1
+ Blue Coat Systems Security Gateway OS 2.1.9
+ Blue Coat Systems Security Gateway OS 2.0
+ Slackware Linux 8.1
OpenSSL Project OpenSSL 0.9.6 j
OpenSSL Project OpenSSL 0.9.6 i
+ HP Apache-Based Web Server 1.3.27 .01
+ HP Apache-Based Web Server 1.3.27 .00
+ HP HP-UX Apache-Based Web Server 1.0.1 .01
+ HP HP-UX Apache-Based Web Server 1.0 .07.01
+ HP HP-UX Apache-Based Web Server 1.0 .06.02
+ HP HP-UX Apache-Based Web Server 1.0 .06.01
+ HP HP-UX Apache-Based Web Server 1.0 .05.01
+ HP HP-UX Apache-Based Web Server 1.0 .04.01
+ HP HP-UX Apache-Based Web Server 1.0 .03.01
+ HP HP-UX Apache-Based Web Server 1.0 .02.01
+ HP HP-UX Apache-Based Web Server 1.0 .01
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux Personal 8.2
OpenSSL Project OpenSSL 0.9.6 h
OpenSSL Project OpenSSL 0.9.6 g
+ Conectiva Linux Enterprise Edition 1.0
+ FreeBSD FreeBSD 4.7 -RELEASE
+ FreeBSD FreeBSD 4.7
+ HP Apache-Based Web Server 2.0.43 .04
+ HP Apache-Based Web Server 2.0.43 .00
+ HP Webmin-Based Admin 1.0 .01
+ Immunix Immunix OS 7+
+ NetBSD NetBSD 1.6
+ OpenPKG OpenPKG 1.1
OpenSSL Project OpenSSL 0.9.6 f
OpenSSL Project OpenSSL 0.9.6 e
+ FreeBSD FreeBSD 4.6 -RELEASE
+ FreeBSD FreeBSD 4.6
OpenSSL Project OpenSSL 0.9.6 d
+ Slackware Linux 8.1
OpenSSL Project OpenSSL 0.9.6 c
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
OpenSSL Project OpenSSL 0.9.6 b
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ OpenBSD OpenBSD 3.1
+ OpenBSD OpenBSD 3.0
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ RedHat Linux Advanced Work Station 2.1
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux Connectivity Server
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. Office Server
+ S.u.S.E. SuSE eMail Server III
+ Sun Linux 5.0.7
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
+ SuSE SUSE Linux Enterprise Server 7
OpenSSL Project OpenSSL 0.9.6 a
+ Conectiva Linux 7.0
+ NetBSD NetBSD 1.5.3
+ NetBSD NetBSD 1.5.2
+ NetBSD NetBSD 1.5.1
+ NetBSD NetBSD 1.5
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
OpenSSL Project OpenSSL 0.9.6
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 6.0
+ EnGarde Secure Linux 1.0.1
+ HP Secure OS software for Linux 1.0
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ NetBSD NetBSD 1.6 beta
+ NetBSD NetBSD 1.6
+ NetBSD NetBSD 1.5.3
+ NetBSD NetBSD 1.5.2
+ NetBSD NetBSD 1.5.1
+ NetBSD NetBSD 1.5
+ OpenBSD OpenBSD 2.9
+ OpenPKG OpenPKG 1.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
Mandriva Linux Mandrake 9.2 amd64
Mandriva Linux Mandrake 9.2
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Gentoo Linux
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya MN100
Avaya Intuity LX
Avaya Integrated Management 2.1
Avaya Integrated Management
Avaya CVLAN
Avaya Converged Communications Server 2.0

- 漏洞讨论

OpenSSL is affected by an insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it.

An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application. Reportedly this issue is unlikely to facilitate privilege escalation.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

Red Hat has released advisory RHSA-2005:476-08 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Gentoo has released advisory GLSA 200411-15 and an updated eBuild to address this vulnerability and other issues. Users of the affected package are urged to execute the following commands with superuser privileges to install the update:
emerge --sync
emerge --ask --oneshot --verbose ">=dev-libs/openssl-0.9.7d-r2"

Trustix Linux has released an advisory (TSL-2004-0050) along with fixes dealing with this issue. Please see the referenced advisory for more information.

Ubuntu has released an advisory (USN-24-1) to address this issue. Please see the referenced advisory for more information.

Debian has released advisory DSA 603-1 along with fixes dealing with this issue. Please see the referenced advisory for more information.

MandrakeSoft has issued an advisory (MDKSA-2004:147) along with patched upgrades. Please see the referenced advisory for more information.

Turbolinux has released advisory Turbolinux Security Announcement 31/Jan/2005 to address various issues. Please see the referenced advisory for more information.

RedHat Fedora Linux has released advisory FEDORA-2005-389 addressing this issue for Fedora Core 3. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

SGI has released advisory 20050602-01-U to address this, and other issues for SGI Advanced Linux Environment 3, and SGI ProPack 3 Service Pack 5. Please see the referenced advisory for further information.

Avaya has released advisory ASA-2005-170 detailing vulnerable Avaya products. Please see the referenced advisory for further information.


OpenSSL Project OpenSSL 0.9.6 c

OpenSSL Project OpenSSL 0.9.6

OpenSSL Project OpenSSL 0.9.6 m

OpenSSL Project OpenSSL 0.9.6 i

OpenSSL Project OpenSSL 0.9.7 c

OpenSSL Project OpenSSL 0.9.7 d

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站