CVE-2004-2133
CVSS4.6
发布时间 :2004-01-29 00:00:00
修订时间 :2016-10-17 23:06:51
NMCOS    

[原文]Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages.


[CNNVD]第三方CVSup ELF RPATH库包含不安全路径漏洞(CNNVD-200401-063)

        Cvsup是用于软件发布和更新的应用系统,可以方便的进行镜象所有文件,包括源代码、二进制程序、硬连接、符号连接、设备接点等。
        部分Cvsup二进制程序ELF RPATH信息中包含不安全路径,本地攻击者可以利用这个问题替换程序,可能以cvsup进程权限执行任意恶意程序。
        部分动态连接库构建的CVSup包在ELF RPATH字段中包含不安全路径,如/home/anthon和/usr/src/packages,这些路径可能在部分系统中全局可写,攻击者可以在这些目录中使用恶意程序替换正常程序,当cvsup, cvsupd或cvpasswd执行时可导致恶意程序被执行,造成权限提升。
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:cvsup:cvsup:cvsup-16.1h-43.i586.rpm
cpe:/a:cvsup:cvsup:cvsup-16.1h-36.i586.rpm
cpe:/a:cvsup:cvsup:cvsup-16.1h-2.i386.rpm

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2133
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2133
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200401-063
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0025.html
(VENDOR_ADVISORY)  VULNWATCH  20040129 Security Announcement: untrusted ELF library path in some cvsup binary RPMs
http://marc.info/?l=bugtraq&m=107539776002450&w=2
(UNKNOWN)  BUGTRAQ  20040129 Security Announcement: untrusted ELF library path in some cvsup binary RPMs
http://www.securityfocus.com/bid/9523
(VENDOR_ADVISORY)  BID  9523
http://xforce.iss.net/xforce/xfdb/14994
(VENDOR_ADVISORY)  XF  cvsup-rpath-gain-privileges(14994)

- 漏洞信息

第三方CVSup ELF RPATH库包含不安全路径漏洞
中危 配置错误
2004-01-29 00:00:00 2005-10-20 00:00:00
本地  
        Cvsup是用于软件发布和更新的应用系统,可以方便的进行镜象所有文件,包括源代码、二进制程序、硬连接、符号连接、设备接点等。
        部分Cvsup二进制程序ELF RPATH信息中包含不安全路径,本地攻击者可以利用这个问题替换程序,可能以cvsup进程权限执行任意恶意程序。
        部分动态连接库构建的CVSup包在ELF RPATH字段中包含不安全路径,如/home/anthon和/usr/src/packages,这些路径可能在部分系统中全局可写,攻击者可以在这些目录中使用恶意程序替换正常程序,当cvsup, cvsupd或cvpasswd执行时可导致恶意程序被执行,造成权限提升。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 下面的方法可判断cvsup程序的ELF RPATH信息:
        objdump -p /usr/bin/cvsup | grep RPATH or readelf -d /usr/bin/cvsup | grep RPATH
        如果找到的目录全局可写,建议修改权限。
        厂商补丁:
        S.u.S.E.
        --------
        Suse linux用户建议下载使用SuSE Linux 9.0 cvsup-16.1h-90.i586.rpm:
        
        http://www.suse.de/en/security/

- 漏洞信息

45014
CVSup ELF Unspecified Executables RPATH Field Path Subversion Local Privilege Escalation

- 漏洞描述

- 时间线

2004-01-29 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Third-party CVSup Binary Insecure ELF RPATH Library Replacement Vulnerability
Configuration Error 9523
No Yes
2004-01-29 12:00:00 2009-07-12 02:06:00
Discovery is credited to Matthias Andree.

- 受影响的程序版本

S.u.S.E. cvsup-16.1h-43.i586.rpm
+ S.u.S.E. Linux Personal 9.0
S.u.S.E. cvsup-16.1h-36.i586.rpm
+ S.u.S.E. Linux Personal 9.0
S.u.S.E. cvsup-16.1h-2.i386.rpm
+ S.u.S.E. Linux Personal 8.2
S.u.S.E. cvsup-16.1h-90.i586.rpm
+ S.u.S.E. Linux Personal 9.0

- 不受影响的程序版本

S.u.S.E. cvsup-16.1h-90.i586.rpm
+ S.u.S.E. Linux Personal 9.0

- 漏洞讨论

It has been reported that some third-party vendor-supplied CVSup binaries may have an insecure ELF RPATH that includes world-writeable directories in the path. A local attacker could exploit this issue by placing malicious libraries in these directories, which would be dynamically linked against at run-time when the cvsup, cvsupd or cvpasswd programs are executed. This would result in execution of arbitrary code with elevated privileges.

This issue was reported to affect CVSup RPMs that ship with SuSE Linux. Other distributions may also be affected. Statically linked versions of the software should not be affected by this version.

- 漏洞利用

There is no exploit required.

- 解决方案

SuSE has released an updated RPM for CVSup to address this issue.


S.u.S.E. cvsup-16.1h-2.i386.rpm

S.u.S.E. cvsup-16.1h-36.i586.rpm

S.u.S.E. cvsup-16.1h-43.i586.rpm

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站