CVE-2005-0153
CVSSN/A
发布时间 :2005-01-27 00:00:00
修订时间 :2005-01-27 00:00:00
MOS    

[原文]** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.


[CNNVD]CNNVD数据暂缺。


[机译]**储备**候选人由一个组织或个人将使用它宣布了新的安全问题时,已预留。

- CVSS (基础分值)

CVSS暂不可用

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0153
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0153
(官方数据源) NVD

- 其它链接及资源

- 漏洞信息

13459
Newsgrab Downloaded File Symlink Arbitrary File Overwrite
Local Access Required Race Condition
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-01-28 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.5.0pre4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Newsgrab Multiple Local And Remote Vulnerabilities
Unknown 12428
Yes Yes
2005-02-02 12:00:00 2009-07-12 10:06:00
Discovery of these vulnerabilities is credited to Niels Heinen.

- 受影响的程序版本

Newsgrab Newsgrab 0.5.0pre4

- 漏洞讨论

Newsgrab is reported prone to multiple vulnerabilities. The following individual issues are reported:

Newsgrab is reported prone to a directory traversal vulnerability. This vulnerability exists because the software does not sufficiently sanitize directory traversal sequences from filenames before the filename is employed to store the file onto disk.

A remote attacker may exploit this vulnerability by supplying a malicious file to a target victim. This vulnerability has been assigned the CVE identifier CAN-2005-0153.

Newsgrab is reported prone to an unspecified insecure permissions vulnerability.

A local attacker may exploit this vulnerability to disclose potentially sensitive information that is contained in files that were downloaded using newsgrab. This vulnerability has been assigned the CVE identifier CAN-2005-0154.

- 漏洞利用

The following example is available:

A file containing the name '../../../../etc/rc.local' and the mode 777 could cause newsgrab to drop the file at /etc/rc.local with 777 permissions.

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站