CVE-2005-0393
CVSS7.2
发布时间 :2005-07-05 00:00:00
修订时间 :2008-09-05 16:46:09
NMCOPS    

[原文]The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors.


[CNNVD]Crip HelperScripts 未知安全漏洞(CNNVD-200507-048)

        crip是基于终端的ripper/解码器/标签工具,用于在UNIX/Linux下创建Ogg Vorbis/FLAC/MP3文件。
        Crip 3.5版本终端帮助程序脚本对临时文件的处理使用存在漏洞,此漏洞的具体利用方式及影响目前尚不明确。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0393
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0393
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200507-048
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2005/dsa-733
(VENDOR_ADVISORY)  DEBIAN  DSA-733

- 漏洞信息

Crip HelperScripts 未知安全漏洞
高危 设计错误
2005-07-05 00:00:00 2005-10-20 00:00:00
本地  
        crip是基于终端的ripper/解码器/标签工具,用于在UNIX/Linux下创建Ogg Vorbis/FLAC/MP3文件。
        Crip 3.5版本终端帮助程序脚本对临时文件的处理使用存在漏洞,此漏洞的具体利用方式及影响目前尚不明确。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://bach.dynet.com/crip/download.html

- 漏洞信息 (F38382)

Debian Linux Security Advisory 733-1 (PacketStormID:F38382)
2005-07-01 00:00:00
Debian  security.debian.org
advisory
linux,debian
CVE-2005-0393
[点击下载]

Debian Security Advisory DSA 733-1 - Justin Rye discovered that crip, a terminal-based ripper, encoder and tagger tool, utilizes temporary files in an insecure fashion in its helper scripts.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 733-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
June 30th, 2005                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : crip
Vulnerability  : insecure temporary files
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-0393
CERT advisory  : 
BugTraq ID     : 
Debian Bug     : 

Justin Rye discovered that crip, a terminal-based ripper, encoder and
tagger tool, utilises temporary files in an insecure fashion in its
helper scripts.

The old stable distribution (woody) does not provide the crip package.

For the stable distribution (sarge) this problem has been fixed in
version 3.5-1sarge2.

For the unstable distribution (sid) this problem has been fixed in
version 3.5-1sarge2.

We recommend that you upgrade your crip package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2.dsc
      Size/MD5 checksum:      572 8586b5bc06ec3a314e4f9920061fb061
    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2.diff.gz
      Size/MD5 checksum:     4427 01c4f0a2b1af58ba1c26828399f3c641
    http://ftp.debian.org/debian/pool/main/c/crip/crip_3.5.orig.tar.gz
      Size/MD5 checksum:    31935 e0b93d38ce19fbdb8c8d7c1d3f2a8676

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_alpha.deb
      Size/MD5 checksum:    45134 ecf643d9d598eaa200a8888f474d2084

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_arm.deb
      Size/MD5 checksum:    44436 52ff32d6ace120ef28d778127f6b624e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_i386.deb
      Size/MD5 checksum:    43710 639c9586b54d2d4538352c3f0a84fd17

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_ia64.deb
      Size/MD5 checksum:    45582 a3e8b6645fbcc5fbe95ba78cb7aa308d

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_hppa.deb
      Size/MD5 checksum:    45298 62be35e7881ad4d1b32b33d213361dee

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_m68k.deb
      Size/MD5 checksum:    44562 08ce1cfa8fdeb0cae763f18dcdf53320

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_mips.deb
      Size/MD5 checksum:    47086 e20d2a33a94d3153b10d3adb8f09a9d7

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_mipsel.deb
      Size/MD5 checksum:    47088 55f8284e194dd8593e5486daa24e1851

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_powerpc.deb
      Size/MD5 checksum:    44830 bf5bb457f8363c76374ec1141db324e7

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_s390.deb
      Size/MD5 checksum:    44810 8ff12262a45ff8a7602f965c240689ed

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/crip/crip_3.5-1sarge2_sparc.deb
      Size/MD5 checksum:    44538 fc5feb3258717d56f48b1be034faf164


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCw7DYW5ql+IAeqTIRAsCIAJsFiiLWcFa/d0cY1w8PpKFcDmGzDgCfXubx
huFjZTHlgKYHwrngTEoNkdg=
=2DCX
-----END PGP SIGNATURE-----

    

- 漏洞信息

17632
crip Insecure Temporary File Creation
Local Access Required Race Condition
Loss of Integrity
Exploit Unknown

- 漏洞描述

crip contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to crip creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

- 时间线

2005-06-30 Unknow
Unknow Unknow

- 解决方案

Upgrade to crip version 3.5-1sarge2 or higher, for Debian GNU/Linux 3.1 (sarge), as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Crip Helper Script Insecure Temporary File Creation Vulnerability
Design Error 14105
No Yes
2005-06-30 12:00:00 2009-07-12 04:06:00
Discovery is credited to Justin Rye.

- 受影响的程序版本

Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Charlton crip 3.5
- Debian Linux 3.1 sparc
- Debian Linux 3.1 s/390
- Debian Linux 3.1 ppc
- Debian Linux 3.1 mipsel
- Debian Linux 3.1 mips
- Debian Linux 3.1 m68k
- Debian Linux 3.1 ia-64
- Debian Linux 3.1 ia-32
- Debian Linux 3.1 hppa
- Debian Linux 3.1 arm
- Debian Linux 3.1 alpha
- Debian Linux 3.1

- 漏洞讨论

The crip helper scripts create temporary files in an insecure manner. An attacker will local access could potentially exploit this issue to overwrite files in the context of the application.

Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. There is also an unconfirmed potential for privilege escalation if the attacker can write custom data in the attack.

This issue is known to affect crip 3.5. Other releases may also be affected.

- 漏洞利用

There is no exploit required.

- 解决方案

Debian has released an advisory to address this vulnerability. For further information on obtaining and applying fixes, please see the attached Debian advisory.

It is not known if the vendor has fixed this vulnerability in upstream releases.

Debian has released security advisory DSA 773-1 addressing several issues for their AMD64 port of the operating system. Please see the referenced advisory for further information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


Charlton crip 3.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站