CVE-2004-2097
CVSS2.1
发布时间 :2004-12-31 00:00:00
修订时间 :2016-10-17 23:06:07
NMCOS    

[原文]Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd.


[CNNVD]SuSE多个脚本不安全暂时文件处理符号连接漏洞(CNNVD-200412-250)

        SuSE Linux 9.0版本中的多个脚本存在漏洞。本地用户可以借助符号连接攻击覆盖任意文件,该符号连接攻击存在于:(1)由fvwm-bug创建的/tmp/fvwm-bug,(2)由oldmenu2new创建的/tmp/wmmenu,(3)由x11perfcomp创建的/tmp/xf86debug.1.log,(4)由xf86debug创建的/tmp/xf86debug.1.log,(5)由winpopup-send.sh创建的/tmp/.winpopup-new,或(6)由lvmcreate_initrd创建的/tmp/initrd。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2097
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2097
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-250
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=107461582413923&w=2
(UNKNOWN)  BUGTRAQ  20040121 [SuSE 9.0] possible symlink attacks in some scripts
http://marc.info/?l=bugtraq&m=107478920006258&w=2
(UNKNOWN)  BUGTRAQ  20040122 Re: [SuSE 9.0] possible symlink attacks in some scripts
http://securitytracker.com/id?1008781
(UNKNOWN)  SECTRACK  1008781
http://www.securityfocus.com/bid/9457
(UNKNOWN)  BID  9457
http://xforce.iss.net/xforce/xfdb/14963
(UNKNOWN)  XF  suse-multiple-symlink-attack(14963)

- 漏洞信息

SuSE多个脚本不安全暂时文件处理符号连接漏洞
低危 竞争条件
2004-12-31 00:00:00 2005-10-20 00:00:00
本地  
        SuSE Linux 9.0版本中的多个脚本存在漏洞。本地用户可以借助符号连接攻击覆盖任意文件,该符号连接攻击存在于:(1)由fvwm-bug创建的/tmp/fvwm-bug,(2)由oldmenu2new创建的/tmp/wmmenu,(3)由x11perfcomp创建的/tmp/xf86debug.1.log,(4)由xf86debug创建的/tmp/xf86debug.1.log,(5)由winpopup-send.sh创建的/tmp/.winpopup-new,或(6)由lvmcreate_initrd创建的/tmp/initrd。

- 公告与补丁

        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息

5445
FVWM fvwmbug.sh.in Unsafe Temporary File

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-01-20 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

SuSE Multiple Scripts Insecure Temporary File Handling Symbolic Link Vulnerabilities
Race Condition Error 9457
No Yes
2004-01-20 12:00:00 2009-07-12 02:06:00
Discovery of these vulnerabilities have been credited to l0om <l0om@excluded.org>.

- 受影响的程序版本

S.u.S.E. Linux Personal 9.0

- 漏洞讨论

Multiple scripts that are shipped with SuSE 9.0 have been reported prone to insecure temporary file creation and symbolic link vulnerabilities. The following scripts have been reported vulnerable:
/usr/X11R6/bin/fvwm-bug
/usr/X11R6/bin/wm-oldmenu2new
/usr/X11R6/bin/x11perfcomp
/usr/X11R6/bin/xf86debug
/opt/kde3/bin/winpopup-send.sh
/sbin/lvmcreate_initrd

An attacker may exploit these issues to corrupt arbitrary files. This corruption may potentially result in the elevation of privileges, or in a system wide denial of service.

- 漏洞利用

There is no exploit required.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站