CVE-2005-0392
CVSS7.2
发布时间 :2005-05-19 00:00:00
修订时间 :2008-11-15 00:43:03
NMCOPS    

[原文]ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands.


[CNNVD]PPXP本地提权漏洞(CNNVD-200505-1133)

        ppxp在打开日志文件之前未收回root权限,本地用户可以执行任意命令。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0392
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0392
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-1133
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/13681
(UNKNOWN)  BID  13681
http://www.debian.org/security/2005/dsa-725
(UNKNOWN)  DEBIAN  DSA-725

- 漏洞信息

PPXP本地提权漏洞
高危 设计错误
2005-05-19 00:00:00 2005-10-20 00:00:00
本地  
        ppxp在打开日志文件之前未收回root权限,本地用户可以执行任意命令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        ppxp ppxp 0.2 001080415
        Debian ppxp-dev_0.2001080415-10sarge2_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080 415-10sarge2_amd64.deb
        Debian ppxp-dev_0.2001080415-6woody2_alpha.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080 415-6woody2_alpha.deb
        Debian ppxp-dev_0.2001080415-6woody2_arm.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080 415-6woody2_arm.deb
        Debian ppxp-dev_0.2001080415-6woody2_hppa.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080 415-6woody2_hppa.deb
        Debian ppxp-dev_0.2001080415-6woody2_i386.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080 415-6woody2_i386.deb
        Debian ppxp-dev_0.2001080415-6woody2_ia64.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080 415-6woody2_ia64.deb
        Debian ppxp-dev_0.2001080415-6woody2_m68k.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080 415-6woody2_m68k.deb
        Debian ppxp-dev_0.2001080415-6woody2_mips.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080 415-6woody2_mips.deb
        Debian ppxp-dev_0.2001080415-6woody2_mipsel.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080 415-6woody2_mipsel.deb
        Debian ppxp-dev_0.2001080415-6woody2_powerpc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080 415-6woody2_powerpc.deb
        Debian ppxp-dev_0.2001080415-6woody2_s390.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080 415-6woody2_s390.deb
        Debian ppxp-dev_0.2001080415-6woody2_sparc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080 415-6woody2_sparc.deb
        Debian ppxp-tcltk_0.2001080415-10sarge2_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.20010 80415-10sarge2_amd64.deb
        Debian ppxp-tcltk_0.2001080415-6woody2_alpha.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.20010 80415-6woody2_alpha.deb
        Debian ppxp-tcltk_0.2001080415-6woody2_arm.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.20010 80415-6woody2_arm.deb
        Debian ppxp-tcltk_0.2001080415-6woody2_hppa.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.20010 80415-6woody2_hppa.deb
        Debian ppxp-tcltk_0.2001080415-6woody2_i386.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.20010 80415-6woody2_i386.deb
        Debian ppxp-tcltk_0.2001080415-6woody2_ia64.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.20010 80415-6woody2_ia64.deb
        Debian ppxp-tcltk_0.2001080415-6woody2_m68k.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.20010 80415-6woody2_m68k.deb
        Debian ppxp-tcltk_0.2001080415-6woody2_mips.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.20010 80415-6woody2_mips.deb
        Debian ppxp-tcltk_0.2001080415-6woody2_mipsel.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.20010 80415-6woody2_mipsel.deb
        Debian ppxp-tcltk_0.2001080415-6woody2_powerpc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.20010 80415-6woody2_powerpc.deb
        Debian ppxp-tcltk_0.2001080415-6woody2_s390.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/main/p/ppxp/ppxp-t

- 漏洞信息 (F39284)

Debian Linux Security Advisory 725-1 (PacketStormID:F39284)
2005-08-14 00:00:00
Debian  security.debian.org
advisory,shell,root
linux,debian
CVE-2005-0392
[点击下载]

Debian Security Advisory DSA 725-1 - Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user supplied log files. This can be tricked into opening a root shell.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 725-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
May 19th, 2005                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : ppxp
Vulnerability  : missing privilege release
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-0392

Jens Steube discovered that ppxp, yet another PPP program, does not
release root privileges when opening potentially user supplied log
files.  This can be tricked into opening a root shell.

For the stable distribution (woody) this problem has been fixed in
version 0.2001080415-6woody1.

For the unstable distribution (sid) this problem has been fixed in
version 0.2001080415-11.

We recommend that you upgrade your ppxp package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2.dsc
      Size/MD5 checksum:      706 964d29fc5c29b87e0aa86d4166dcdfa5
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2.diff.gz
      Size/MD5 checksum:     8253 3595338ba6d14102c827fecd776d4c11
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415.orig.tar.gz
      Size/MD5 checksum:   426444 35dc6007ee4eafa9685f5e1e695a1464

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_alpha.deb
      Size/MD5 checksum:   264352 d4bd9bced5e4dc7fa17196a310b5e557
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_alpha.deb
      Size/MD5 checksum:    57274 a4313923dbd89b22e9698d654b091a2c
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_alpha.deb
      Size/MD5 checksum:    61554 1a1c1ce48b78c56fc30ac934d3d03415
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_alpha.deb
      Size/MD5 checksum:    71538 5d5114a8c44791daabc9a83c68137bc9

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_arm.deb
      Size/MD5 checksum:   221798 6152fd047000bb95d4a190bb6379b0b3
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_arm.deb
      Size/MD5 checksum:    48290 5f6df1deda8f29283e205fae5766a899
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_arm.deb
      Size/MD5 checksum:    57450 df72503ab14df19a597892c56e3932d5
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_arm.deb
      Size/MD5 checksum:    60872 27899fde9424dfac635db9769c004433

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_i386.deb
      Size/MD5 checksum:   213140 89cb35820dd2f6d249acece5dbfd0fd9
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_i386.deb
      Size/MD5 checksum:    46656 bb3d151b9171d4ee00399cebf58c16b7
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_i386.deb
      Size/MD5 checksum:    56492 20bd9052ec7241fa8affa417c8ebe8ce
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_i386.deb
      Size/MD5 checksum:    58488 90e34feabbd50fc3624986d0fbaea456

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_ia64.deb
      Size/MD5 checksum:   301726 d5e978bc304639a6433469dddb2331a3
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_ia64.deb
      Size/MD5 checksum:    56466 91ce31c7568cc0a90ff2db609a1c0df4
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_ia64.deb
      Size/MD5 checksum:    66850 c719a6205191021e3e1666f089366c56
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_ia64.deb
      Size/MD5 checksum:    82930 91f5054797b5e06aa93fc6979f84aec1

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_hppa.deb
      Size/MD5 checksum:   241370 b3dd820d17dcbebf08c0db6832ee2794
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_hppa.deb
      Size/MD5 checksum:    52530 7ea0bb8a124915b23557462d84111fb0
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_hppa.deb
      Size/MD5 checksum:    61200 440bf784087e2caeef6180fb68168962
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_hppa.deb
      Size/MD5 checksum:    69298 3d444541b6f4638e1c08fc28bef20b75

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_m68k.deb
      Size/MD5 checksum:   209544 f0367ccf232b1db80c9d9019700d3cd1
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_m68k.deb
      Size/MD5 checksum:    47256 6c87bf5d43d195219abb26a086cb55da
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_m68k.deb
      Size/MD5 checksum:    57572 5d4d73daad751f83543f142463ee2b81
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_m68k.deb
      Size/MD5 checksum:    58838 70b368a6e2c88a2e6f8897f2af6bc746

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_mips.deb
      Size/MD5 checksum:   242930 f1cdc78af11a5525234b5cb729711f85
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_mips.deb
      Size/MD5 checksum:    52216 3c9bdb59cf4e363c7eafe55ad4c98c6d
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_mips.deb
      Size/MD5 checksum:    58002 fad1852775b1ffe31378041d61aa0540
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_mips.deb
      Size/MD5 checksum:    70490 b44d619f785d86a687dfc7e02fcbd17b

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_mipsel.deb
      Size/MD5 checksum:   243254 3023af6b39db97c963f1d42136abddce
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_mipsel.deb
      Size/MD5 checksum:    51134 ba2df4e6d00acfd4e34ed65a4b728539
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_mipsel.deb
      Size/MD5 checksum:    57786 e5ee8bbbc654f5410737a5a25d4109f3
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_mipsel.deb
      Size/MD5 checksum:    68876 6a84fc7283634162786adc8f10a4c4f1

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_powerpc.deb
      Size/MD5 checksum:   226996 fefaf9555d2bc59600bd3cba6df65e7c
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_powerpc.deb
      Size/MD5 checksum:    50698 fa76f73bd51db1f27a95cf58aefb2899
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_powerpc.deb
      Size/MD5 checksum:    58712 62ca9d4cb838da262a83285de145d620
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_powerpc.deb
      Size/MD5 checksum:    63314 b51dcdc8bc0f6e6627819aa4ea91ffb3

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_s390.deb
      Size/MD5 checksum:   223394 8fa85098c05da6035908cf3c00e371d8
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_s390.deb
      Size/MD5 checksum:    48576 6f01949fb43e199475683be2c3f003e9
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_s390.deb
      Size/MD5 checksum:    58740 8f9d6017ab0e0dcd110fe7e3a9a1f5b1
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_s390.deb
      Size/MD5 checksum:    64706 d6a5b703a46e920e98b3bbff4f1a5d87

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-6woody2_sparc.deb
      Size/MD5 checksum:   228070 78c09baee8c1fcf19812cb5901a2e6b0
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-6woody2_sparc.deb
      Size/MD5 checksum:    49538 b113918f1a2aadfb2d3003d36d3ab825
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-6woody2_sparc.deb
      Size/MD5 checksum:    60172 b113214d78c36c80ff6ead9b1c6fdc86
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-6woody2_sparc.deb
      Size/MD5 checksum:    66830 ffb39d3d4daa3e6c9a0b1ff0ab5af9a8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCjLYoW5ql+IAeqTIRAstAAJoCjsleSMdKjhSumTZIn5JlBqiM6gCgptEu
03nhNbRMY6N7F06grJ9xx2o=
=xCNP
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F38493)

Debian Linux Security Advisory 725-2 (PacketStormID:F38493)
2005-07-07 00:00:00
Debian  security.debian.org
advisory,shell,root
linux,debian
CVE-2005-0392
[点击下载]

Debian Security Advisory DSA 725-1 - Jens Steube discovered that ppxp, yet another PPP program, does not release root privileges when opening potentially user supplied log files. This can be tricked into opening a root shell.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 725-2                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 4th, 2005                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : ppxp
Vulnerability  : missing privilege release
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-0392

Jens Steube discovered that ppxp, yet another PPP program, does not
release root privileges when opening potentially user supplied log
files.  This can be tricked into opening a root shell.

For the old stable distribution (woody) this problem has been
fixed in version 0.2001080415-6woody1 (DSA 725-1).

For the stable distribution (sarge) this problem has been fixed in
version 0.2001080415-10sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 0.2001080415-11.

We recommend that you upgrade your ppxp package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2.dsc
      Size/MD5 checksum:      714 0e065407ae76d9ca2f9def7a1d8f92af
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2.diff.gz
      Size/MD5 checksum:     8957 ed343f25afa1ade81217f8b315d25e96
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415.orig.tar.gz
      Size/MD5 checksum:   426444 35dc6007ee4eafa9685f5e1e695a1464

  Alpha architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_alpha.deb
      Size/MD5 checksum:   273842 9ed2250a15a07b317cd277237e80f669
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_alpha.deb
      Size/MD5 checksum:    84818 f405c062f88ad812c57bbe7f5fcb8c26
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_alpha.deb
      Size/MD5 checksum:    63084 2214812bc3da14f06d992322ca9f15d2
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_alpha.deb
      Size/MD5 checksum:    76728 7b2ff4bc2208e1a93f9d123c2c31cc4a

  ARM architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_arm.deb
      Size/MD5 checksum:   225104 f23ae008a1f1261a4b1f4c84afd35c71
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_arm.deb
      Size/MD5 checksum:    66496 0410908c710d224b793b275d375cf76c
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_arm.deb
      Size/MD5 checksum:    57168 5dd01ecdcf92a83cd973de739c518e03
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_arm.deb
      Size/MD5 checksum:    61732 72b35701c12b3046b23ca19db5506c75

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_i386.deb
      Size/MD5 checksum:   222244 027926b5e5ac4cf6c4f22f0cd5890e84
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_i386.deb
      Size/MD5 checksum:    64024 3c59e05e77e2530260734474cf0bb77c
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_i386.deb
      Size/MD5 checksum:    58142 56dc14c3039685d119b16c2b806d5fbd
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_i386.deb
      Size/MD5 checksum:    61534 71d2ad92f1d77ad4d89ecd7de67219f6

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_ia64.deb
      Size/MD5 checksum:   295426 a39f4b9d22a0a0b725bec69d606f1a81
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_ia64.deb
      Size/MD5 checksum:    81148 6b0399263e036d09b66806fb091524ef
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_ia64.deb
      Size/MD5 checksum:    66188 e4fe2c30e754e698f3eb6fe3eb8d9719
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_ia64.deb
      Size/MD5 checksum:    82972 efb913c2bf338a52637cc82c97327a88

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_hppa.deb
      Size/MD5 checksum:   243160 b3835adfae98f76b3efdfcd7853d0171
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_hppa.deb
      Size/MD5 checksum:    69424 d80e5e19b63973e4f80c39ad3233e5a8
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_hppa.deb
      Size/MD5 checksum:    61478 ae640e45c9c4abdd037b085a32bdd03e
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_hppa.deb
      Size/MD5 checksum:    69866 b68592ad39a9284257f5fc49de8cab1f

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_m68k.deb
      Size/MD5 checksum:   213564 9a276b8aec26a867671523ff5035fdd2
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_m68k.deb
      Size/MD5 checksum:    64214 bf06732df6fc3229f8965f59beca5101
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_m68k.deb
      Size/MD5 checksum:    58110 46bb2da34671c0d32d1f4d32dc770ec6
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_m68k.deb
      Size/MD5 checksum:    60158 f386258d996efae327a9fa8fca820a17

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_mips.deb
      Size/MD5 checksum:   247092 6bba1ce186cf00882c3932c10d67cf02
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_mips.deb
      Size/MD5 checksum:    69660 2598103571a690e4bf8f64ecada6b638
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_mips.deb
      Size/MD5 checksum:    59014 18a76c0648817a537c8cfdfa5c3eb793
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_mips.deb
      Size/MD5 checksum:    72436 9e9ae78c5c78f813fcc156aa7e0976be

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_mipsel.deb
      Size/MD5 checksum:   248700 b5cae50b114d4464e7be8d930bee511c
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_mipsel.deb
      Size/MD5 checksum:    69060 ea5ad0c81234a8790da0103773071299
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_mipsel.deb
      Size/MD5 checksum:    58806 d62f0899543feb9a7872c58f0ac7aa6b
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_mipsel.deb
      Size/MD5 checksum:    71030 25c0ed8d3fa575c5d5ea7e48e6ba9fe9

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_powerpc.deb
      Size/MD5 checksum:   238690 ee17a47c6002345e916a75f918e66a05
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_powerpc.deb
      Size/MD5 checksum:    78560 324da53c0df2605a135b2225448f89bf
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_powerpc.deb
      Size/MD5 checksum:    60854 8cd7b904a47136e15de1fa463dc2ab70
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_powerpc.deb
      Size/MD5 checksum:    69402 0e414abed84d60126f0717581ad4fcc2

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_s390.deb
      Size/MD5 checksum:   239410 6d706f726c18dc95123f38ce43ddcd6f
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_s390.deb
      Size/MD5 checksum:   110094 fa0fdb1e1f589f2aa7006a5fcd60cc91
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_s390.deb
      Size/MD5 checksum:    61456 880664c6876b89393102ebcac7eed59f
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_s390.deb
      Size/MD5 checksum:    69660 096e956414ad270ec935502bed3479d8

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/p/ppxp/ppxp_0.2001080415-10sarge2_sparc.deb
      Size/MD5 checksum:   226238 9a230cf800ca7e5d0902e380f193c7d7
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-dev_0.2001080415-10sarge2_sparc.deb
      Size/MD5 checksum:    67016 d2c506f94eee2cb632d64b3a1d95df2d
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-tcltk_0.2001080415-10sarge2_sparc.deb
      Size/MD5 checksum:    57950 fd91ff4f6399226d70ba885c756d7e49
    http://security.debian.org/pool/updates/main/p/ppxp/ppxp-x11_0.2001080415-10sarge2_sparc.deb
      Size/MD5 checksum:    62376 680aca599e7d986519483354f4e61e85



  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCyXqGW5ql+IAeqTIRAo3vAJ9k9kHE2sN9+58Y1sJpYoDj75HlywCfTiA5
UC+s+DKld5VPMSsfk1RjqI8=
=+cFn
-----END PGP SIGNATURE-----

    

- 漏洞信息

16686
PPxP Log File Local Privilege Escalation

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-05-19 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

PPXP Local Privilege Escalation Vulnerability
Design Error 13681
No Yes
2005-05-19 12:00:00 2007-03-01 06:25:00
Discovery is credited to Jens Steube.

- 受影响的程序版本

ppxp ppxp 0.2 001080415
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0

- 漏洞讨论

The 'ppxp' application is prone to a local privilege-escalation vulnerability. An attacker may abuse the issue to open a shell with superuser privileges.

- 漏洞利用

An exploit is not required.

- 解决方案

Debian has released an updated advisory DSA 725-2 to address this vulnerability. Please see the attached advisory for details on obtaining and applying fixes.


ppxp ppxp 0.2 001080415

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站