CVE-2005-0866
CVSS2.1
发布时间 :2005-05-02 00:00:00
修订时间 :2008-09-10 15:37:17
NMCOS    

[原文]cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files.


[CNNVD]CDRTools CDRecord本地不安全文件创建漏洞(CNNVD-200505-743)

        cdrecord的4:2.0之前版本,当启用DEBUG时,本地用户可以通过对临时文件发起symlink攻击来重写任意文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0866
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0866
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-743
(官方数据源) CNNVD

- 其它链接及资源

http://www.ubuntulinux.org/support/documentation/usn/usn-100-1
(UNKNOWN)  UBUNTU  USN-100-1
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291376
(UNKNOWN)  CONFIRM  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291376

- 漏洞信息

CDRTools CDRecord本地不安全文件创建漏洞
低危 设计错误
2005-05-02 00:00:00 2005-10-20 00:00:00
本地  
        cdrecord的4:2.0之前版本,当启用DEBUG时,本地用户可以通过对临时文件发起symlink攻击来重写任意文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        CDRTools CDRecord 1.11
        Mandriva cdrecord-1.11-0.a32.1.2.C21mdk.i586.rpm
        Mandrake Corporate Server 2.1
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva cdrecord-1.11-0.a32.1.2.C21mdk.x86_64.rpm
        Mandrake Corporate Server 2.1/x86_64
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva cdrecord-cdda2wav-1.11-0.a32.1.2.C21mdk.i586.rpm
        Mandrake Corporate Server 2.1
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva cdrecord-cdda2wav-1.11-0.a32.1.2.C21mdk.x86_64.rpm
        Mandrake Corporate Server 2.1/x86_64
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva cdrecord-devel-1.11-0.a32.1.2.C21mdk.i586.rpm
        Mandrake Corporate Server 2.1
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva cdrecord-devel-1.11-0.a32.1.2.C21mdk.x86_64.rpm
        Mandrake Corporate Server 2.1/x86_64
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva cdrecord-dvdhack-1.11-0.a32.1.2.C21mdk.i586.rpm
        Mandrake Corporate Server 2.1
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva cdrecord-dvdhack-1.11-0.a32.1.2.C21mdk.x86_64.rpm
        Mandrake Corporate Server 2.1/x86_64
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva mkisofs-1.15-0.a32.1.2.C21mdk.i586.rpm
        Mandrake Corporate Server 2.1
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva mkisofs-1.15-0.a32.1.2.C21mdk.x86_64.rpm
        Mandrake Corporate Server 2.1/x86_64
        http://www1.mandrivalinux.com/en/ftp.php3
        CDRTools CDRTools 2.0
        Ubuntu cdda2wav_2.0+a30.pre1-1ubuntu2.2_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2. 0+a30.pre1-1ubuntu2.2_amd64.deb
        Ubuntu cdda2wav_2.0+a30.pre1-1ubuntu2.2_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2. 0+a30.pre1-1ubuntu2.2_i386.deb
        Ubuntu cdda2wav_2.0+a30.pre1-1ubuntu2.2_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/universe/c/cdrtools/cdda2wav_2. 0+a30.pre1-1ubuntu2.2_powerpc.deb
        Ubuntu cdrecord_2.0+a30.pre1-1ubuntu2.2_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a3 0.pre1-1ubuntu2.2_amd64.deb
        Ubuntu cdrecord_2.0+a30.pre1-1ubuntu2.2_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a3 0.pre1-1ubuntu2.2_i386.deb
        Ubuntu cdrecord_2.0+a30.pre1-1ubuntu2.2_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrecord_2.0+a3 0.pre1-1ubuntu2.2_powerpc.deb
        Ubuntu cdrtools-doc_2.0+a30.pre1-1ubuntu2.2_all.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/cdrtools-doc_2. 0+a30.pre1-1ubuntu2.2_all.deb
        Ubuntu mkisofs_2.0+a30.pre1-1ubuntu2.2_amd64.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30 .pre1-1ubuntu2.2_amd64.deb
        Ubuntu mkisofs_2.0+a30.pre1-1ubuntu2.2_i386.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30 .pre1-1ubuntu2.2_i386.deb
        Ubuntu mkisofs_2.0+a30.pre1-1ubuntu2.2_powerpc.deb
        Ubuntu 4.10 (Warty Warthog)
        http://security.ubuntu.com/ubuntu/pool/main/c/cdrtools/mkisofs_2.0+a30 .pre1-1ubuntu2.2_powerpc.deb
        CDRTools CDRTools 2.0.1
        Mandriva cdrecord-2.01-0.a28.3.100mdk.amd64.rpm
        Mandrake Linux 10.0/AMD64
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva cdrecord-2.01-0.a28.3.100mdk.i586.rpm
        Mandrake Linux 10.0
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva cdrecord-2.01-0.a28.3.C30mdk.i586.rpm
        Mandrake Corporate Server 3.0
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva cdrecord-2.01-0.a28.3.C30mdk.x86_64.rpm
        Mandrake Corporate Server 3.0
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva cdrecord-2.01-1.1.101mdk.i586.rpm
        Mandrake Linux 10.1
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva cdrecord-2.01-1.1.101mdk.x86_64.rpm
        Mandrake Linux 10.1/x86_64
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva cdrecord-2.01.01-0.a01.6.1.102mdk.i586.rpm
        Mandrake Linux 10.2
        http://www1.mandrivalinux.com/en/ftp.php3
        Mandriva cdrecord-2.01.01-0.

- 漏洞信息

15193
cdrtools DEBUG Mode Symlink Privilege Escalation
Local Access Required Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-03-30 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

CDRTools CDRecord Local Insecure File Creation Vulnerability
Design Error 12891
No Yes
2005-03-24 12:00:00 2009-07-12 11:56:00
Javier Fernandez-Sanguino Pena is credited with the discovery of this issue.

- 受影响的程序版本

CDRTools CDRTools 2.0.1
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
CDRTools CDRTools 2.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
CDRTools CDRecord 1.11
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2

- 漏洞讨论

A local insecure file creation vulnerability affects cdrtools cdrecord. This issue is due to a failure of the application to securely create and write to various files.

An attacker may leverage this issue to corrupt arbitrary files with the privileges of an unsuspecting user that activates the application.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

Ubuntu linux has released an advisory (USN-100-1) along with fixes dealing with this issue. Please see the reference section for more information.

Mandriva has released advisory MDKSA-2005:077 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.


CDRTools CDRecord 1.11

CDRTools CDRTools 2.0

CDRTools CDRTools 2.0.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站