CVE-2005-0159
CVSS4.6
发布时间 :2005-04-27 00:00:00
修订时间 :2008-09-05 16:45:28
NMCOPS    

[原文]The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.


[CNNVD]Debian Toolchain-Source多个不安全临时文件创建漏洞(CNNVD-200504-116)

        Debian 是自由操作系统的合作组织。所创建的操作系统名为 Debian GNU/Linux,简称为 Debian。 Debian 系统目前采用 Linux 内核。
        Debian GNU/Linux 3.0上的toolchain-source 3.0.4包中的tpkg-*脚本让本地用户可以通过对临时文件的symlink攻击来重写任意文件。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:debian:debian_linux:3.0::hppa
cpe:/o:debian:debian_linux:3.0::mips
cpe:/o:debian:debian_linux:3.0::ia-32
cpe:/o:debian:debian_linux:3.0::m68k
cpe:/o:debian:debian_linux:3.0::s-390
cpe:/a:debian:toolchain-source:3.0.3-1Debian toolchain-source 3.0.3.1
cpe:/o:debian:debian_linux:3.0::alpha
cpe:/o:debian:debian_linux:3.0::arm
cpe:/o:debian:debian_linux:3.0::ia-64
cpe:/a:debian:toolchain-source:3.0.3-2Debian toolchain-source 3.0.3.2
cpe:/a:debian:toolchain-source:3.0.3-3Debian toolchain-source 3.0.3.3
cpe:/o:debian:debian_linux:3.0::mipsel
cpe:/a:debian:toolchain-source:3.0.4Debian toolchain-source 3.0.4
cpe:/o:debian:debian_linux:3.0::sparc
cpe:/o:debian:debian_linux:3.0::ppc
cpe:/o:debian:debian_linux:3.0Debian Debian Linux 3.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0159
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0159
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200504-116
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/12540
(VENDOR_ADVISORY)  BID  12540
http://www.debian.org/security/2005/dsa-679
(VENDOR_ADVISORY)  DEBIAN  DSA-679
http://xforce.iss.net/xforce/xfdb/19317
(UNKNOWN)  XF  toolchain-source-symlink(19317)
http://secunia.com/advisories/14277
(UNKNOWN)  SECUNIA  14277

- 漏洞信息

Debian Toolchain-Source多个不安全临时文件创建漏洞
中危 设计错误
2005-04-27 00:00:00 2005-10-20 00:00:00
本地  
        Debian 是自由操作系统的合作组织。所创建的操作系统名为 Debian GNU/Linux,简称为 Debian。 Debian 系统目前采用 Linux 内核。
        Debian GNU/Linux 3.0上的toolchain-source 3.0.4包中的tpkg-*脚本让本地用户可以通过对临时文件的symlink攻击来重写任意文件。

- 公告与补丁

        暂无数据

- 漏洞信息 (F36171)

dsa-679.txt (PacketStormID:F36171)
2005-02-24 00:00:00
 
advisory,arbitrary,local
linux,debian
CVE-2005-0159
[点击下载]

Debian Security Advisory 679-1 - Sean Finney discovered several insecure temporary file uses in toolchain-source, the GNU binutils and GCC source code and scripts. These bugs can lead a local attacker with minimal knowledge to trick the admin into overwriting arbitrary files via a symlink attack. The problems exist inside the Debian-specific tpkg-* scripts.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 679-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
February 14th, 2005                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : toolchain-source
Vulnerability  : insecure temporary files
Problem-Type   : local
Debian-specific: yes
CVE ID         : CAN-2005-0159

Sean Finney discovered several insecure temporary file uses in
toolchain-source, the GNU binutils and GCC source code and scripts.
These bugs can lead a local attacker with minimal knowledge to trick
the admin into overwriting arbitrary files via a symlink attack.  The
problems exist inside the Debian-specific tpkg-* scripts.

For the stable distribution (woody) these problems have been fixed in
version 3.0.4-1woody1.

For the unstable distribution (sid) these problems have been fixed in
version 3.4-5.

We recommend that you upgrade your toolchain-source package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/toolchain-source/toolchain-source_3.0.4-1woody1.dsc
      Size/MD5 checksum:      532 a40a4bd817419cc8230a708920234140
    http://security.debian.org/pool/updates/main/t/toolchain-source/toolchain-source_3.0.4-1woody1.tar.gz
      Size/MD5 checksum: 25951549 f922410b108313705c4c32721403c93f

  Architecture independent components:

    http://security.debian.org/pool/updates/main/t/toolchain-source/toolchain-source_3.0.4-1woody1_all.deb
      Size/MD5 checksum: 25962880 043b5163799735aa36cd163e86f26cfd


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)

iD8DBQFCEI5/W5ql+IAeqTIRAiZAAJ9xzb7f3GRNLyTX2pH3+4+oRMeGIwCdFszl
/SOUYD4+tyC7pzH1nXfUEG0=
=L7v0
-----END PGP SIGNATURE-----

    

- 漏洞信息

13779
Debian toolchain-source Multiple Script Symlink Arbitrary File Overwrite
Local Access Required Race Condition
Loss of Integrity
Exploit Unknown

- 漏洞描述

toolchain-source contains multiple scripts that contain a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when the scripts create temporary files and will blindly follow symlinks, resulting in a loss of integrity.

- 时间线

2005-02-14 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 3.0.4-1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Debian Toolchain-Source Multiple Insecure Temporary File Creation Vulnerabilities
Design Error 12540
No Yes
2005-02-14 12:00:00 2009-07-12 10:06:00
Sean Finney is credited with the discovery of these issues.

- 受影响的程序版本

Debian toolchain-source 3.0.4
Debian toolchain-source 3.0.3 -3
Debian toolchain-source 3.0.3 -2
Debian toolchain-source 3.0.3 -1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Debian toolchain-source 3.0.4 -1

- 不受影响的程序版本

Debian toolchain-source 3.0.4 -1

- 漏洞讨论

toolchain-source is reportedly affected by multiple local insecure temporary file creation vulnerabilities. These issues are likely due to a design error that causes the application to fail to verify the existence of a file before writing to it. These issues affect some Debian-specific scripts supplied with the package.

Debian toolchain-source versions prior to 3.0.4-1woody1 are reported vulnerable to these issues.

- 漏洞利用

An exploit is not required to leverage these issues.

- 解决方案

Debian has released advisory DSA 679-1 to address these issues. Please see the referenced advisory for more information.


Debian toolchain-source 3.0.4

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站