CVE-2004-2502
CVSS2.1
发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:44:19
NMCOE    

[原文]im-switch before 11.4-46.1 in Fedora Core 2 allows local users to overwrite arbitrary files via a symlink attack on the imswitcher[PID] temporary file.


[CNNVD]IM-Switch不安全临时文件处理漏洞(CNNVD-200412-1002)

        
        Fedora Core是RedHat发行的Linux系统。
        Fedora Core包含的Im-switch存在符号链接问题,本地攻击者可以利用这个漏洞破坏系统文件或进行权利提升。
        '/usr/bin/im-switch'使用"/tmp/imswitcher$$"作为临时文件,不过由于/tmp/目录可写,并且$$(PID)可云册,因此攻击者可以利用建立符号链接,破坏系统重要文件,可能造成权限提升。
        

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2502
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2502
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-1002
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/16682
(PATCH)  XF  fedora-imswitch-symlink(16682)
http://www.securityfocus.com/bid/10717
(PATCH)  BID  10717
http://secunia.com/advisories/12037
(VENDOR_ADVISORY)  SECUNIA  12037
http://www.osvdb.org/7772
(UNKNOWN)  OSVDB  7772
http://packetstormsecurity.org/0407-advisories/fedora_im-switch_tempfile_race.txt
(VENDOR_ADVISORY)  MISC  http://packetstormsecurity.org/0407-advisories/fedora_im-switch_tempfile_race.txt
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126940
(UNKNOWN)  CONFIRM  http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=126940

- 漏洞信息

IM-Switch不安全临时文件处理漏洞
低危 访问验证错误
2004-12-31 00:00:00 2005-11-11 00:00:00
本地  
        
        Fedora Core是RedHat发行的Linux系统。
        Fedora Core包含的Im-switch存在符号链接问题,本地攻击者可以利用这个漏洞破坏系统文件或进行权利提升。
        '/usr/bin/im-switch'使用"/tmp/imswitcher$$"作为临时文件,不过由于/tmp/目录可写,并且$$(PID)可云册,因此攻击者可以利用建立符号链接,破坏系统重要文件,可能造成权限提升。
        

- 公告与补丁

        厂商补丁:
        im-switch
        ---------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        RedHat Fedora Core2:
        RedHat Upgrade im-sdk-11.4-46.1.svn1587.src.rpm
        
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/i386/SRPMS/im-sdk-11.4-46.1.svn1587.src.rpm

- 漏洞信息 (24278)

IM-Switch Insecure Temporary File Handling Symbolic Link Vulnerability (EDBID:24278)
linux local
2004-07-13 Verified
0 SEKINE Tatsuo
N/A [点击下载]
source: http://www.securityfocus.com/bid/10717/info

IM-Switch Insecure Temporary File Handling Symbolic Link VulnerabilityIt is reported that im-switch is prone to a local insecure temporary file handling symbolic link vulnerability. This issue is due to a design error that allows the application to insecurely write to a temporary file that is created with a predictable file name.

The im-switch utility will write to this temporary file before verifying its existence; this would facilitate a symbolic link attack.

An attacker may exploit this issue to corrupt arbitrary files. This corruption may potentially result in the elevation of privileges, or in a system wide denial of service. 

$ bash -c 'i=1;while [ $i -lt 65536 ]; do ln -s /etc/IMPORTANT_FILE
/tmp/imswitcher$i; let "i++"; done' 
		

- 漏洞信息

7772
Fedora im-switch imswitcher[PID] Temporary File Symlink Arbitrary File Overwrite
Local Access Required Race Condition
Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

Fedora contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the im-switch command uses a predictable filename in the /tmp directory which may allow an attacker to overwrite arbitrary files. This flaw may lead to a loss of integrity.

- 时间线

2004-06-29 Unknow
2004-06-29 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Red Hat has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站