CVE-2005-1879
CVSS2.1
发布时间 :2005-06-09 00:00:00
修订时间 :2008-09-05 16:50:19
NMCOPS    

[原文]LutelWall 0.97 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file created by a system call to wget.


[CNNVD]LutelWall 多个不安全文件创建漏洞(CNNVD-200506-091)

        LutelWall 0.97及早期版本中,本地用户可通过对wget系统调用创建的临时文件发动symlink攻击,从而覆盖任意文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:tomasz_lutelmowski:lutelwall:0.92
cpe:/a:tomasz_lutelmowski:lutelwall:0.91
cpe:/a:tomasz_lutelmowski:lutelwall:0.96
cpe:/a:tomasz_lutelmowski:lutelwall:0.93
cpe:/a:tomasz_lutelmowski:lutelwall:0.97
cpe:/a:tomasz_lutelmowski:lutelwall:0.94
cpe:/a:tomasz_lutelmowski:lutelwall:0.95

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1879
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1879
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200506-091
(官方数据源) CNNVD

- 其它链接及资源

http://www.zataz.net/adviso/lutelwall-05222005.txt
(UNKNOWN)  MISC  http://www.zataz.net/adviso/lutelwall-05222005.txt
http://www.securityfocus.com/bid/13863
(UNKNOWN)  BID  13863
http://securitytracker.com/id?1014112
(UNKNOWN)  SECTRACK  1014112
http://security.gentoo.org/glsa/glsa-200506-10.xml
(UNKNOWN)  GENTOO  GLSA-200506-10
http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034424.html
(UNKNOWN)  FULLDISC  20050606 LutelWall <= 0.97 insecure temporary file creation
http://firewall.lutel.pl/download/0.98/ChangeLog
(UNKNOWN)  CONFIRM  http://firewall.lutel.pl/download/0.98/ChangeLog
http://secunia.com/advisories/15665
(UNKNOWN)  SECUNIA  15665
http://secunia.com/advisories/15647
(UNKNOWN)  SECUNIA  15647

- 漏洞信息

LutelWall 多个不安全文件创建漏洞
低危 设计错误
2005-06-09 00:00:00 2005-10-20 00:00:00
本地  
        LutelWall 0.97及早期版本中,本地用户可通过对wget系统调用创建的临时文件发动symlink攻击,从而覆盖任意文件。

- 公告与补丁

        

- 漏洞信息 (F38152)

Gentoo Linux Security Advisory 200506-10 (PacketStormID:F38152)
2005-06-21 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-1879
[点击下载]

Gentoo Linux Security Advisory GLSA 200506-10 - Eric Romang has discovered that the new_version_check() function in LutelWall insecurely creates a temporary file when updating to a new version. Versions less than 0.98 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200506-10
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: LutelWall: Insecure temporary file creation
      Date: June 11, 2005
      Bugs: #95378
        ID: 200506-10

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

LutelWall is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files.

Background
==========

LutelWall is a high-level Linux firewall configuration tool.

Affected packages
=================

    -------------------------------------------------------------------
     Package                 /  Vulnerable  /               Unaffected
    -------------------------------------------------------------------
  1  net-firewall/lutelwall       < 0.98                       >= 0.98

Description
===========

Eric Romang has discovered that the new_version_check() function in
LutelWall insecurely creates a temporary file when updating to a new
version.

Impact
======

A local attacker could create symbolic links in the temporary file
directory, pointing to a valid file somewhere on the filesystem. When
the update script is executed (usually by the root user), this would
result in the file being overwritten with the rights of this user.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All LutelWall users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-firewall/lutelwall-0.98"

References
==========

  [ 1 ] CAN-2005-1879
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1879

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200506-10.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息

17173
LutelWall Symlink Arbitrary File Create/Overwrite
Local Access Required Race Condition, Other
Loss of Integrity
Exploit Public

- 漏洞描述

A vulnerability exists in a portion of LutelWall that looks for new versions. This vulnerability creates a temporary file with insecure permissions that, with creative use of symlinks, would allow an attacker to overwrite or create files with the privileges of the user that runs the update script. Because the update script is run as root, this could give the attacker the ability to create or overwrite nearly any file on the system.

- 时间线

2005-06-06 2005-05-22
2005-06-06 Unknow

- 解决方案

Upgrade to version 0.98 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

LutelWall Multiple Insecure File Creation Vulnerabilities
Design Error 13863
No Yes
2005-06-06 12:00:00 2009-07-12 02:56:00
Eric Romang <eromang@zataz.net> of ZATAZ Audit is credited with the discovery of this vulnerability.

- 受影响的程序版本

Tomasz Lutelmowski LutelWall 0.97
Tomasz Lutelmowski LutelWall 0.96
Tomasz Lutelmowski LutelWall 0.95
Tomasz Lutelmowski LutelWall 0.94
Tomasz Lutelmowski LutelWall 0.93
Tomasz Lutelmowski LutelWall 0.92
Tomasz Lutelmowski LutelWall 0.91
Adrian Pascalau GIPTables Firewall 1.1
Adrian Pascalau GIPTables Firewall 1.0

- 漏洞讨论

LutelWall is prone to multiple insecure file creation vulnerabilities. This issues are due to a design error that causes the application to fail to verify the existence of files before writing to them.

An attacker may leverage this issue to overwrite arbitrary files with the privileges of an unsuspecting user that activates the vulnerable utility. Due to the nature of this script, it is likely that only users with superuser privileges will be executing it.

One of the temporary files is used to store the downloaded LutelWall script file in an upgrade process. Attackers may be able to exploit the race condition between when the temporary file is created, and when LutelWall is overwritten with the contents of the temporary file. This would allow attackers to overwrite the LutelWall script with an arbitrary executable, so that further invocations of LutelWall by the superuser would cause the attacker-supplied code to be executed with superuser privileges.

- 漏洞利用

An exploit is not required.

- 解决方案

Users of Gentoo Linux can upgrade by performing the following command:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-firewall/lutelwall-0.98"

Currently we are not aware of any vendor-supplied patches for this issue. If you
feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站