发布时间 :2005-04-14 00:00:00
修订时间 :2008-09-10 15:29:27

[原文]htmlheadline before 21.8 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

[CNNVD]HTML Headline临时文件符号链接漏洞(CNNVD-200504-052)


- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  XF  htmlheadline-symlink(18737)

- 漏洞信息

HTML Headline临时文件符号链接漏洞
中危 其他
2005-04-14 00:00:00 2005-10-20 00:00:00

- 公告与补丁


- 漏洞信息 (F35587)

dsa-622.txt (PacketStormID:F35587)
2005-01-04 00:00:00

Debian Security Advisory 622-1 - Multiple insecure uses of temporary files could lead to overwriting arbitrary files via a symlink attack in htmlheadline.

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 622-1                                        Martin Schulze
January 3rd, 2005             
- --------------------------------------------------------------------------

Package        : htmlheadline
Vulnerability  : insecure temporary files
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-1181

Javier Fern    

- 漏洞信息

12681 Symlink Arbitrary File Overwrite
Local Access Required Race Condition
Loss of Integrity
Exploit Unknown

- 漏洞描述 contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when temp files are created insecurely. It is possible that the flaw may allow arbitrary files to be overwritten resulting in a loss of integrity.

- 时间线

2005-01-03 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

HTML Headline Temporary File Symbolic Link Vulnerabilities
Origin Validation Error 12147
No Yes
2005-01-03 12:00:00 2009-07-12 09:26:00
Discovery credited to Javier Fernández-Sanguino Peña.

- 受影响的程序版本

Toshiaki Kanosue HtmlHeadline 21.8
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0

- 漏洞讨论

It has been reported that there are numerous instances in HtmlHeadline where insecure temporary files are used. According to the report, it is possible for at least some of these instances to be exploited to corrupt files on the filesystem. It is likely that HtmlHeadline creates and writes to temporary files in the world writeable "/tmp" with predictable filenames.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 解决方案

Debian has issued fixes. See advisory DSA 622-1 in the reference section.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

Toshiaki Kanosue HtmlHeadline 21.8

- 相关参考