CVE-2005-0069
CVSS4.6
发布时间 :2005-01-13 00:00:00
修订时间 :2016-10-17 23:07:40
NMCOPS    

[原文]The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.


[CNNVD]Vim tcltags/vimspell.sh 文件覆盖漏洞(CNNVD-200501-243)

        vim是一款文本编辑器软件,在类Unix系统中使用较为广泛。
        vim 6.3版本中的tcltags及vimspell.sh脚本存在文件覆盖漏洞。
        本地用户可以通过创建临时文件的符号链接来重写或创建任意文件。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:vim_development_group:vim:6.3.025
cpe:/a:vim_development_group:vim:6.3.030
cpe:/a:vim_development_group:vim:6.3.011
cpe:/a:vim_development_group:vim:6.3.044

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9402The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on tempo...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0069
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0069
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-243
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110608387001863&w=2
(UNKNOWN)  BUGTRAQ  20050118 [USN-61-1] vim vulnerabilities
http://securitytracker.com/id?1012938
(UNKNOWN)  SECTRACK  1012938
http://www.redhat.com/support/errata/RHSA-2005-036.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:036
http://www.redhat.com/support/errata/RHSA-2005-122.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:122
http://xforce.iss.net/xforce/xfdb/18870
(VENDOR_ADVISORY)  XF  vim-symlink(18870)
https://bugzilla.fedora.us/show_bug.cgi?id=2343
(VENDOR_ADVISORY)  FEDORA  FLSA:2343

- 漏洞信息

Vim tcltags/vimspell.sh 文件覆盖漏洞
中危 设计错误
2005-01-13 00:00:00 2005-10-20 00:00:00
本地  
        vim是一款文本编辑器软件,在类Unix系统中使用较为广泛。
        vim 6.3版本中的tcltags及vimspell.sh脚本存在文件覆盖漏洞。
        本地用户可以通过创建临时文件的符号链接来重写或创建任意文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.vim.org/download.php

- 漏洞信息 (F36016)

Mandriva Linux Security Advisory 2005.029 (PacketStormID:F36016)
2005-02-05 00:00:00
Mandriva  mandrakesoft.com
advisory,arbitrary,vulnerability
linux,mandrake
CVE-2005-0069
[点击下载]

Mandrake Linux Security Update Advisory - Javier Fernandez-Sanguino Pena discovered two vulnerabilities in scripts included with the vim editor. The two scripts, tcltags and vimspell.sh created temporary files in an insecure manner which could allow a malicious user to execute a symbolic link attack or to create, or overwrite, arbitrary files with the privileges of the user invoking the scripts.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                 Mandrakelinux Security Update Advisory
 _______________________________________________________________________

 Package name:           vim
 Advisory ID:            MDKSA-2005:029
 Date:                   February 2nd, 2005

 Affected versions:	 10.0, 10.1, Corporate Server 2.1,
			 Corporate Server 3.0
 ______________________________________________________________________

 Problem Description:

 Javier Fernandez-Sanguino Pena discovered two vulnerabilities in
 scripts included with the vim editor.  The two scripts, "tcltags" and
 "vimspell.sh" created temporary files in an insecure manner which could
 allow a malicious user to execute a symbolic link attack or to create,
 or overwrite, arbitrary files with the privileges of the user invoking
 the scripts.
 
 The updated packages are patched to prevent this problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0069
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.0:
 a497615138e30904c32539215c6d903a  10.0/RPMS/vim-X11-6.2-14.3.100mdk.i586.rpm
 d488f55bedf67594dd520297fd3eface  10.0/RPMS/vim-common-6.2-14.3.100mdk.i586.rpm
 85cfc298b9a02967094efea290782997  10.0/RPMS/vim-enhanced-6.2-14.3.100mdk.i586.rpm
 1cc86fc0a1d9ef8afc4ac7ec5d21e178  10.0/RPMS/vim-minimal-6.2-14.3.100mdk.i586.rpm
 c2430368e2a00f10c5f4478031aef8f5  10.0/SRPMS/vim-6.2-14.3.100mdk.src.rpm

 Mandrakelinux 10.0/AMD64:
 65c740cdd93cf118f0388092ca1df805  amd64/10.0/RPMS/vim-X11-6.2-14.3.100mdk.amd64.rpm
 b3b77571fd585b4a203ad38fb67491f4  amd64/10.0/RPMS/vim-common-6.2-14.3.100mdk.amd64.rpm
 fc971fbd7139933cb2310750fd2bfa07  amd64/10.0/RPMS/vim-enhanced-6.2-14.3.100mdk.amd64.rpm
 308e09ca94743cabc8383931343e2f25  amd64/10.0/RPMS/vim-minimal-6.2-14.3.100mdk.amd64.rpm
 d6d5c1fb367631a5817b1adf26a7c088  amd64/10.0/SRPMS/vim-6.3-5.3.101mdk.src.rpm

 Mandrakelinux 10.1:
 7402ce38068ebe6428e255aed9d1b32a  10.1/RPMS/vim-X11-6.3-5.3.101mdk.i586.rpm
 59540cd8bc6175cf354a139e677eae99  10.1/RPMS/vim-common-6.3-5.3.101mdk.i586.rpm
 bb529b506445cb7b683541a80ac8d886  10.1/RPMS/vim-enhanced-6.3-5.3.101mdk.i586.rpm
 0cab225825abe756aaa7af0a43f6a6d8  10.1/RPMS/vim-minimal-6.3-5.3.101mdk.i586.rpm
 d6d5c1fb367631a5817b1adf26a7c088  10.1/SRPMS/vim-6.3-5.3.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 bf3df27d80419a64537f3b05d144439a  x86_64/10.1/RPMS/vim-X11-6.3-5.3.101mdk.x86_64.rpm
 40d259fa79d53d7711fe2fc167d55350  x86_64/10.1/RPMS/vim-common-6.3-5.3.101mdk.x86_64.rpm
 9ffd842e2a1477cda4c9f13de0793b52  x86_64/10.1/RPMS/vim-enhanced-6.3-5.3.101mdk.x86_64.rpm
 fbcf081d2a5e210795d7bd342f4cba0b  x86_64/10.1/RPMS/vim-minimal-6.3-5.3.101mdk.x86_64.rpm
 d6d5c1fb367631a5817b1adf26a7c088  x86_64/10.1/SRPMS/vim-6.3-5.3.101mdk.src.rpm

 Corporate Server 2.1:
 27e02262fe99d2577c72c71e18153b46  corporate/2.1/RPMS/vim-X11-6.1-34.4.C21mdk.i586.rpm
 b5803a5823cd5b6c6b7b0e62cbecc143  corporate/2.1/RPMS/vim-common-6.1-34.4.C21mdk.i586.rpm
 6a814f9b4ca8ffb8368206b332067143  corporate/2.1/RPMS/vim-enhanced-6.1-34.4.C21mdk.i586.rpm
 a270b231cf03663def65755d917d08cf  corporate/2.1/RPMS/vim-minimal-6.1-34.4.C21mdk.i586.rpm
 d5f472d9d348c8e99dbfa83bc873fada  corporate/2.1/SRPMS/vim-6.1-34.4.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 0bc98c9d458f57a4fdcb6ac10658e300  x86_64/corporate/2.1/RPMS/vim-X11-6.1-34.4.C21mdk.x86_64.rpm
 6f35bd36792982781e1bfebc169dd57b  x86_64/corporate/2.1/RPMS/vim-common-6.1-34.4.C21mdk.x86_64.rpm
 5053e63ecd2ab6ed166ede229e51ad74  x86_64/corporate/2.1/RPMS/vim-enhanced-6.1-34.4.C21mdk.x86_64.rpm
 890f3cc6e7dee56eee795edaadddd311  x86_64/corporate/2.1/RPMS/vim-minimal-6.1-34.4.C21mdk.x86_64.rpm
 d5f472d9d348c8e99dbfa83bc873fada  x86_64/corporate/2.1/SRPMS/vim-6.1-34.4.C21mdk.src.rpm

 Corporate Server 3.0:
 faefa2f1b13e3c11153e36d1f1d707e4  corporate/3.0/RPMS/vim-X11-6.2-14.3.C30mdk.i586.rpm
 bae1e23e67078f5690f3394111a6289f  corporate/3.0/RPMS/vim-common-6.2-14.3.C30mdk.i586.rpm
 2df691c870b48daab131a71137b295b5  corporate/3.0/RPMS/vim-enhanced-6.2-14.3.C30mdk.i586.rpm
 ee41e66c0ed6d9a0157f24ec9b0fd0a6  corporate/3.0/RPMS/vim-minimal-6.2-14.3.C30mdk.i586.rpm
 cce31946fe7b92757d3eaad0cea7e753  corporate/3.0/SRPMS/vim-6.2-14.3.C30mdk.src.rpm

 Corporate Server 3.0/x86_64:
 fafa8df15c0676711e63689bd5d11de1  x86_64/corporate/3.0/RPMS/vim-X11-6.2-14.3.C30mdk.x86_64.rpm
 7c088d76fb877d54d90a905a5c5ab52a  x86_64/corporate/3.0/RPMS/vim-common-6.2-14.3.C30mdk.x86_64.rpm
 d125cc150934654a157ec5671ecc678b  x86_64/corporate/3.0/RPMS/vim-enhanced-6.2-14.3.C30mdk.x86_64.rpm
 a9ce3a8cc79cb9d852de8cd4e1bed07d  x86_64/corporate/3.0/RPMS/vim-minimal-6.2-14.3.C30mdk.x86_64.rpm
 cce31946fe7b92757d3eaad0cea7e753  x86_64/corporate/3.0/SRPMS/vim-6.2-14.3.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandrakesoft for security.  You can obtain
 the GPG public key of the Mandrakelinux Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandrakelinux at:

  http://www.mandrakesoft.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  <security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD4DBQFCAXlAmqjQ0CJFipgRAhL7AJdm2F7Yho1bG5Qw7owt2wc2LWHvAJ9gD/78
M5oXt4nsE9BE+StGmDSLGA==
=tcLS
-----END PGP SIGNATURE-----
    

- 漏洞信息

12882
Vim tcltags Script Symlink Arbitrary File Overwrite
Local Access Required Race Condition
Loss of Integrity
Exploit Public

- 漏洞描述

The tcltags script distributed with vim uses an insecure method to create temporary files. This could allow an attacker to read or possibly change files without appropriate permissions, resulting in a loss of integrity.

- 时间线

2005-01-13 Unknow
2005-01-13 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Javier has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Vim TCLTags and VimSpell.sh Scripts Insecure Temporary File Creation Vulnerability
Design Error 12253
No Yes
2005-01-13 12:00:00 2009-07-12 09:27:00
Discovery of this vulnerability is credited to Javier Fernández-Sanguino Peña.

- 受影响的程序版本

VIM Development Group VIM 6.3 .045
VIM Development Group VIM 6.3 .044
+ OpenPKG OpenPKG Current
VIM Development Group VIM 6.3 .030
+ OpenPKG OpenPKG 2.2
VIM Development Group VIM 6.3 .025
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
VIM Development Group VIM 6.3 .011
+ OpenPKG OpenPKG 2.1
VIM Development Group VIM 6.3
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
VIM Development Group VIM 6.2
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Red Hat Fedora Core1
+ SCO OpenLinux Server 3.1.1
+ SCO OpenLinux Workstation 3.1.1
VIM Development Group VIM 6.1
+ Conectiva Linux 8.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ RedHat Linux 9.0 i386
+ RedHat Linux 8.0
+ RedHat Linux for iSeries 7.1
+ RedHat Linux for pSeries 7.1
+ Sun Cobalt Qube 3
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ 550
+ Sun Cobalt RaQ XTR
+ Sun Linux 5.0.6
VIM Development Group VIM 6.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Enterprise Linux 2.0
SGI Advanced Linux Environment 3.0
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1

- 漏洞讨论

Multiple Vim scripts are reported prone to an insecure temporary file creation vulnerability. It is reported that the Vim 'tcltags' and 'vimspell.sh' scripts create temporary files in an insecure manner.

An attacker that has local interactive access to a system may exploit this issue to corrupt arbitrary files with the privileges of the user that is invoking the vulnerable application.

- 漏洞利用

No exploit is required.

- 解决方案

Red Hat has released advisory RHSA-2005:122-04 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Ubuntu Linux has made advisory USN-61-1 along with fixes available dealing with this issue. Please see the referenced advisory for more information.

Mandrake has released advisory MDKSA-2005:029 to address this issue. Please see the referenced advisory for more information.

Fedora Legacy has released advisory FLSA:2343 to adress this issue for various Red Hat Linux releases and Fedora Core 1. Please see the referenced advisory for further information.

Silicon Graphics has released advisory 20050204-01-U dealing with this and other issues for their Advanced Linux Environment packages. Please see the referenced advisories for more information.

Trustix has released advisory TSLSA-2005-0018 to address this and other issues. Please see the referenced advisory for more information.


VIM Development Group VIM 6.1

VIM Development Group VIM 6.2

VIM Development Group VIM 6.3 .025

VIM Development Group VIM 6.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站