CVE-2005-1914
CVSS2.1
发布时间 :2005-07-18 00:00:00
修订时间 :2008-09-05 16:50:25
NMCOPS    

[原文]CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.


[CNNVD]CenterICQ symlink 文件覆盖漏洞(CNNVD-200507-184)

        CenterICQ是一款即时通讯软件。
        CenterICQ 4.20.0及之前版本存在文件覆盖漏洞。
        由于会创建具有可预测文件名的临时文件,这使得本地用户可通过符号链接gg.token.PID临时文件来覆盖任意文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:centericq:centericq:4.14
cpe:/a:centericq:centericq:4.6.9
cpe:/a:centericq:centericq:4.9.1.1
cpe:/a:centericq:centericq:4.8.3
cpe:/a:centericq:centericq:4.8.4.1
cpe:/a:centericq:centericq:4.6.0
cpe:/a:centericq:centericq:4.8.6
cpe:/a:centericq:centericq:4.9.9
cpe:/a:centericq:centericq:4.8.6.1
cpe:/a:centericq:centericq:4.9.7
cpe:/a:centericq:centericq:4.7.1.3
cpe:/a:centericq:centericq:4.8.8.1
cpe:/a:centericq:centericq:4.9.6.1
cpe:/a:centericq:centericq:4.9.4.1
cpe:/a:centericq:centericq:4.9.4
cpe:/a:centericq:centericq:4.12
cpe:/a:centericq:centericq:4.6.5.3
cpe:/a:centericq:centericq:4.9.9.1
cpe:/a:centericq:centericq:4.8.4
cpe:/a:centericq:centericq:4.9.10
cpe:/a:centericq:centericq:4.9.12.1
cpe:/a:centericq:centericq:4.9.3.1
cpe:/a:centericq:centericq:4.6.5
cpe:/a:centericq:centericq:4.7.7.3
cpe:/a:centericq:centericq:4.6.0.3
cpe:/a:centericq:centericq:4.7.1
cpe:/a:centericq:centericq:4.8.2
cpe:/a:centericq:centericq:4.7.8
cpe:/a:centericq:centericq:4.9.6
cpe:/a:centericq:centericq:4.7.8.3
cpe:/a:centericq:centericq:4.9.8
cpe:/a:centericq:centericq:4.5.1.3
cpe:/a:centericq:centericq:4.9.11
cpe:/a:centericq:centericq:4.7.2.3
cpe:/a:centericq:centericq:4.9.0.1
cpe:/a:centericq:centericq:4.9.5
cpe:/a:centericq:centericq:4.8.2.1
cpe:/a:centericq:centericq:4.8.8
cpe:/a:centericq:centericq:4.9.3
cpe:/a:centericq:centericq:4.8.5
cpe:/a:centericq:centericq:4.10.0.1
cpe:/a:centericq:centericq:4.6.9.3
cpe:/a:centericq:centericq:4.8.5.1
cpe:/a:centericq:centericq:4.9.0
cpe:/a:centericq:centericq:4.13
cpe:/a:centericq:centericq:4.20
cpe:/a:centericq:centericq:4.8.0.1
cpe:/a:centericq:centericq:4.8.7
cpe:/a:centericq:centericq:4.7.2
cpe:/a:centericq:centericq:4.12.0.1
cpe:/a:centericq:centericq:4.5.1
cpe:/a:centericq:centericq:4.7.7
cpe:/a:centericq:centericq:4.8.0
cpe:/a:centericq:centericq:4.11.0.1
cpe:/a:centericq:centericq:4.8.7.1
cpe:/a:centericq:centericq:4.8.3.1
cpe:/a:centericq:centericq:4.9.5.1
cpe:/a:centericq:centericq:4.9.2.1
cpe:/a:centericq:centericq:4.9.7.1
cpe:/a:centericq:centericq:4.13.0.1
cpe:/a:centericq:centericq:4.14.0.1
cpe:/a:centericq:centericq:4.5.0.3
cpe:/a:centericq:centericq:4.9.2
cpe:/a:centericq:centericq:4.9.10.1
cpe:/a:centericq:centericq:4.9.12
cpe:/a:centericq:centericq:4.20.0.1
cpe:/a:centericq:centericq:4.8.9
cpe:/a:centericq:centericq:4.9.11.1
cpe:/a:centericq:centericq:4.9.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1914
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1914
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200507-184
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2005/dsa-754
(VENDOR_ADVISORY)  DEBIAN  DSA-754
http://www.zataz.net/adviso/centericq-06152005.txt
(VENDOR_ADVISORY)  MISC  http://www.zataz.net/adviso/centericq-06152005.txt
http://www.securityfocus.com/bid/14144
(UNKNOWN)  BID  14144

- 漏洞信息

CenterICQ symlink 文件覆盖漏洞
低危 设计错误
2005-07-18 00:00:00 2005-10-20 00:00:00
本地  
        CenterICQ是一款即时通讯软件。
        CenterICQ 4.20.0及之前版本存在文件覆盖漏洞。
        由于会创建具有可预测文件名的临时文件,这使得本地用户可通过符号链接gg.token.PID临时文件来覆盖任意文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://thekonst.net/en/centericq

- 漏洞信息 (F38670)

Debian Linux Security Advisory 754-1 (PacketStormID:F38670)
2005-07-14 00:00:00
Debian  security.debian.org
advisory,local,protocol
linux,debian
CVE-2005-1914
[点击下载]

Debian Security Advisory DSA 754-1 - Eric Romang discovered that centericq, a text-mode multi-protocol instant messenger client, creates some temporary files with predictable filenames and is hence vulnerable to symlink attacks by local attackers.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 754-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 13th, 2005                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : centericq
Vulnerability  : insecure temporary file
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-1914
BugTraq ID     : 14144

Eric Romang discovered that centericq, a text-mode multi-protocol
instant messenger client, creates some temporary files with
predictable filenames and is hence vulnerable to symlink attacks by
local attackers.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 4.20.0-1sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 4.20.0-7.

We recommend that you upgrade your centericq package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1.dsc
      Size/MD5 checksum:      875 ff3553a853e9dea97f75125500f39fd6
    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1.diff.gz
      Size/MD5 checksum:   100900 b6a5e2debfafc7d8473fe81f0711a831
    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0.orig.tar.gz
      Size/MD5 checksum:  1796894 874165f4fbd40e3be677bdd1696cee9d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_alpha.deb
      Size/MD5 checksum:  1650272 882581a531410fc6284a24f40aa8b237
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_alpha.deb
      Size/MD5 checksum:   335678 c87e1264b7bb422de39eeff293929aa8
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_alpha.deb
      Size/MD5 checksum:  1651376 a8cd3d6ac111d9f28340efa50e925269
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_alpha.deb
      Size/MD5 checksum:  1650310 9f3b0d39fdda30c961247d0aa674058d

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_arm.deb
      Size/MD5 checksum:  2185028 4fdb5947660ce1d58fbdd81af93a60e9
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_arm.deb
      Size/MD5 checksum:   335736 c335b521ca1f23e4c0c87c0957e99b26
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_arm.deb
      Size/MD5 checksum:  2185856 c093062b1c397089201a417ebd35610b
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_arm.deb
      Size/MD5 checksum:  2185088 814e779647082332701c2bdb2c1bfa2e

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_i386.deb
      Size/MD5 checksum:  1349542 171e9599f323d0b7032221893c05c2db
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_i386.deb
      Size/MD5 checksum:   336380 acb15387093497c5ae902128991b37e7
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_i386.deb
      Size/MD5 checksum:  1350102 37a815e05d9bb0ba1bd5d99876a80e88
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_i386.deb
      Size/MD5 checksum:  1349540 3a02ce4144ca83d843482ac2809f988e

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_ia64.deb
      Size/MD5 checksum:  1881164 6766767f7c2d44d3023436b3a8726c27
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_ia64.deb
      Size/MD5 checksum:   335720 1369e108773220fd60021709e6f7e590
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_ia64.deb
      Size/MD5 checksum:  1882048 85b7af43d942cb506b59dbec6c10d3be
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_ia64.deb
      Size/MD5 checksum:  1881146 a4b826076616b8b7cf52df38f0b3f601

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_hppa.deb
      Size/MD5 checksum:  1812254 2c988bd55387eb756552406715320117
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_hppa.deb
      Size/MD5 checksum:   336436 d40ce9a6241038f93862436496818d75
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_hppa.deb
      Size/MD5 checksum:  1813346 e721c733e24d1063e029612e4b569e2b
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_hppa.deb
      Size/MD5 checksum:  1812310 b9bd62aa66113ea84914ab4455e49bab

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_m68k.deb
      Size/MD5 checksum:  1399166 7ddc0f2503ef5f2fd2bbb3e445408458
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_m68k.deb
      Size/MD5 checksum:   336492 1400cd5ab6c2ff0d29456bcd9dfcc444
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_m68k.deb
      Size/MD5 checksum:  1399876 612c10725c364b47a4fe40450f5510c8
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_m68k.deb
      Size/MD5 checksum:  1399218 bf36275ec5ea06f9f7d557e85d826561

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_mips.deb
      Size/MD5 checksum:  1492958 a2bb8d172576366bec82e519e0081014
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_mips.deb
      Size/MD5 checksum:   336456 cfa56dc46a514e9aea800bb382040dde
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_mips.deb
      Size/MD5 checksum:  1493512 33f0de5ec770cc9337c8cb10aeb8c345
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_mips.deb
      Size/MD5 checksum:  1493010 a6c79e53b42b22fdd3171e73f75aead8

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_mipsel.deb
      Size/MD5 checksum:  1483074 9c1f565bdb835615b5a873a9515048d8
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_mipsel.deb
      Size/MD5 checksum:   335720 3dac5924736c7445985e2446df6e0bfb
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_mipsel.deb
      Size/MD5 checksum:  1483650 de5c2aae6952ba8729a1d5e697e1309b
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_mipsel.deb
      Size/MD5 checksum:  1483130 2ca921ed986f28d633cc28ddcb040c5e

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_powerpc.deb
      Size/MD5 checksum:  1385012 94e319589b8f0512b8fb3821ab41db0a
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_powerpc.deb
      Size/MD5 checksum:   336420 31ec6d10723f4ea728e9a603e38abd35
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_powerpc.deb
      Size/MD5 checksum:  1385554 2210300e4bb99860d361a45a7e3c0626
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_powerpc.deb
      Size/MD5 checksum:  1385108 87855894236a34a4650e5771dfe52ca2

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_s390.deb
      Size/MD5 checksum:  1193784 ed23ee7d6ec4213436285bd4e2c65e45
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_s390.deb
      Size/MD5 checksum:   336410 926b21a7de188e70c31c3aef62be36e8
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_s390.deb
      Size/MD5 checksum:  1194074 7304eb97bf4bf5b9d9a117565b04b152
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_s390.deb
      Size/MD5 checksum:  1193840 c6ca4ddb1b7ee6ec74b78b50b04b66f5

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge1_sparc.deb
      Size/MD5 checksum:  1325774 05367d08c75e216ccab84db2ce35a870
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge1_sparc.deb
      Size/MD5 checksum:   336424 746efd83e6bde711b7260e968fcc4826
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge1_sparc.deb
      Size/MD5 checksum:  1326572 1e59f2d8c81b409b5d63473a11af836b
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge1_sparc.deb
      Size/MD5 checksum:  1325720 72cb751add782b3b5c1e91878506c761


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC1POdW5ql+IAeqTIRAr1dAKCI/dFTETvNO3xqGSN+xY/NCAPdlwCgkDSw
J4tHDvjiMzvbpkADPoalME8=
=CAXB
-----END PGP SIGNATURE-----

    

- 漏洞信息

17727
Centericq gaduhook.cc Symlink Arbitrary File Manipulation
Local Access Required Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-07-04 2005-05-30
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

CenterICQ Insecure Temporary File Creation Vulnerability
Design Error 14144
No Yes
2005-07-05 12:00:00 2009-07-12 04:06:00
Eric Romang (eromang@zataz.net - ZATAZ Audit) is credited with the discovery of this vulnerability.

- 受影响的程序版本

Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Centericq Centericq 4.20
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1

- 漏洞讨论

Centericq creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to overwrite files in the context of the vulnerable application.

Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. There is also an unconfirmed potential for privilege escalation if the attacker can write custom data in the attack.

- 漏洞利用

No exploit is required.

- 解决方案

Debian has released advisory DSA 754-1 to address this issue. Please see the referenced advisory for more information.

Debian has released security advisory DSA 773-1 addressing several issues for their AMD64 port of the operating system. Please see the referenced advisory for further information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


Centericq Centericq 4.20

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站