CVE-2005-1853
CVSS7.2
发布时间 :2005-08-03 00:00:00
修订时间 :2008-09-05 16:50:16
NMCOPS    

[原文]gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges.


[CNNVD]Gopher 'gopher.c'不安全临时文件创建漏洞(CNNVD-200508-017)

        Gopher客户端3.0.5版本中的gopher.c不能正确地创建临时文件。这使得本地用户可以获得特权。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1853
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1853
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200508-017
(官方数据源) CNNVD

- 其它链接及资源

http://www.securitytracker.com/alerts/2005/Jul/1014599.html
(UNKNOWN)  SECTRACK  1014599
http://www.debian.org/security/2005/dsa-770
(VENDOR_ADVISORY)  DEBIAN  DSA-770

- 漏洞信息

Gopher 'gopher.c'不安全临时文件创建漏洞
高危 设计错误
2005-08-03 00:00:00 2005-10-20 00:00:00
本地  
        Gopher客户端3.0.5版本中的gopher.c不能正确地创建临时文件。这使得本地用户可以获得特权。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        University of Minnesota gopherd 3.0.7
        Debian gopher_3.0.7sarge1_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_amd64.deb

- 漏洞信息 (F39011)

Debian Linux Security Advisory 770-1 (PacketStormID:F39011)
2005-08-05 00:00:00
Debian  security.debian.org
advisory,protocol
linux,debian
CVE-2005-1853
[点击下载]

Debian Security Advisory DSA 770-1 - John Goerzen discovered that gopher, a client for the Gopher Distributed Hypertext protocol, creates temporary files in an insecure fashion.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 770-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 29th, 2005                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gopher
Vulnerability  : insecure tmpfile creating
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-1853

John Goerzen discovered that gopher, a client for the Gopher
Distributed Hypertext protocol, creates temporary files in an insecure
fashion.

For the old stable distribution (woody) this problem has been fixed in
version 3.0.3woody3.

For the stable distribution (sarge) this problem has been fixed in
version 3.0.7sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 3.0.9.

We recommend that you upgrade your gopher package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3.dsc
      Size/MD5 checksum:      552 c36368a87e599721ce6faf7f6f2b43af
    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3.tar.gz
      Size/MD5 checksum:   508858 9fafa9c495dc402c68e16b1d98578622

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_alpha.deb
      Size/MD5 checksum:   151672 43a15f4646faee119f5691500e78e8aa
    http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_alpha.deb
      Size/MD5 checksum:   120288 cbee60712b9c3bc4ef7df144aa2c16f5

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_arm.deb
      Size/MD5 checksum:   114782 5d02e52bcdb1e9682e5b338e88d3b1d6
    http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_arm.deb
      Size/MD5 checksum:    98766 adb1f0e3eefea5578fafad6faf305d3e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_i386.deb
      Size/MD5 checksum:   112728 b2b16c3f5cfa2df5aa3a26361adba13f
    http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_i386.deb
      Size/MD5 checksum:    96958 ad5d261eb022846bb9099e27e1c0faea

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_ia64.deb
      Size/MD5 checksum:   173840 1a9b23617bb59a99de29c77f9438f266
    http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_ia64.deb
      Size/MD5 checksum:   139924 92daf67a685a0a1d7092477037fc6883

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_hppa.deb
      Size/MD5 checksum:   129958 662dcf6bc361150a7edab41fd8ace48d
    http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_hppa.deb
      Size/MD5 checksum:   109924 e27effcad026aa923fa6cd069abc2353

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_m68k.deb
      Size/MD5 checksum:   105804 9adb09f5a9705f668ef3f6c678beb738
    http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_m68k.deb
      Size/MD5 checksum:    92012 0a99b4b07a6e7f5cdfab672ecaa0c24c

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_mips.deb
      Size/MD5 checksum:   131172 321d042012f31e63989901fb0a799905
    http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_mips.deb
      Size/MD5 checksum:   109634 9f52a094c0c3c4751ba759697b1a8a51

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_mipsel.deb
      Size/MD5 checksum:   131172 09507006f76bad2f36a7ef1b845f895e
    http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_mipsel.deb
      Size/MD5 checksum:   109522 0b3ee016c1135a1d7e6d9883d101f52c

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_powerpc.deb
      Size/MD5 checksum:   121388 f1e8c648dfd1a9be38c8c595c1a10d3b
    http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_powerpc.deb
      Size/MD5 checksum:   102924 6cacbf8097a31dac9d93ccb887294f83

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_s390.deb
      Size/MD5 checksum:   116412 4026e77e65aa9029e59191085f37d76e
    http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_s390.deb
      Size/MD5 checksum:    99978 00b9bfc610eb7583b1dc35757b017d87

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.3woody3_sparc.deb
      Size/MD5 checksum:   122096 0f85aa93d4e54b4a8ecc658f7e5caa78
    http://security.debian.org/pool/updates/main/g/gopher/gopherd_3.0.3woody3_sparc.deb
      Size/MD5 checksum:   102280 f78c3fb64a500acc9a9b3ff714d16b34


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1.dsc
      Size/MD5 checksum:      547 31eead81f6846deabd19e34c620e368f
    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1.tar.gz
      Size/MD5 checksum:   678218 8f159dcfc9ed25335e8bc0b87fb3e3d8

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_alpha.deb
      Size/MD5 checksum:   148342 adcd570d5fc2baf7ab4bb43d54727444

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_arm.deb
      Size/MD5 checksum:   116832 ef4570961aac6e3f6e3a9b8ef640e43a

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_i386.deb
      Size/MD5 checksum:   120802 a9b89709899d3c9380219887d5a89573

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_ia64.deb
      Size/MD5 checksum:   168676 3ec0be402bd6057a56a094d7baf5b0cd

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_hppa.deb
      Size/MD5 checksum:   132718 088fc0a402a26fded33bcc374810a354

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_m68k.deb
      Size/MD5 checksum:   110014 c2155dd93f6d6c0cecf27d026a107766

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_mips.deb
      Size/MD5 checksum:   133724 42237ccac6bd4dd4c3b8a16f6fc60c8d

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_mipsel.deb
      Size/MD5 checksum:   133830 a0e6f0436a1068dd86bdac1dedf51978

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_powerpc.deb
      Size/MD5 checksum:   129276 5c2d33e24f528e9f55d7537acc960c4e

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_s390.deb
      Size/MD5 checksum:   129252 462cdf9e475ef667550c419d1d5537ca

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gopher/gopher_3.0.7sarge1_sparc.deb
      Size/MD5 checksum:   117344 ebcfe7c3898b6015f0b5a893145746ed


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC6kbxW5ql+IAeqTIRAhcQAJ9U5FcISrXnrxe9qIGm/+f4s5U2AwCfY/vt
jEptBrB5UncMKRk90NHPZvE=
=CuER
-----END PGP SIGNATURE-----

    

- 漏洞信息

18390
Multiple Gopher Client Insecure Temporary File Creation Privilege Escalation
Local Access Required Race Condition
Loss of Integrity

- 漏洞描述

Gopher contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to routines in the 'gopher.c' file creating temporary files insecurely in the /tmp folder. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

- 时间线

2005-07-29 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 3.0.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Gopher Insecure Temporary File Creation Vulnerability
Design Error 14420
No Yes
2005-07-29 12:00:00 2009-07-12 04:06:00
John Goerzen is credited with the discovery of this vulnerability.

- 受影响的程序版本

University of Minnesota gopherd 3.0.9
University of Minnesota gopherd 3.0.7
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
University of Minnesota gopherd 3.0.5
University of Minnesota gopherd 3.0.3
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0

- 漏洞讨论

Gopher is prone to an unspecified insecure temporary file creation vulnerability. This issue is likely due to a design error that causes the application to fail to verify the existence of a file before writing to it.

The details available regarding this issue are not sufficient to provide an in depth technical description. This BID will be updated when more information becomes available.

An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable application.

- 漏洞利用

No exploit is required.

- 解决方案

Debian has released security advisory DSA 770-1 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Debian has released security advisory DSA 773-1 addressing several issues for their AMD64 port of the operating system. Please see the referenced
advisory for further information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


University of Minnesota gopherd 3.0.7

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站