CVE-2005-2231
CVSS2.1
发布时间 :2005-07-12 00:00:00
修订时间 :2008-09-05 16:51:13
NMCOPS    

[原文]High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files.


[CNNVD]Heartbeat symlink 文件覆盖漏洞(CNNVD-200507-140)

        Heartbeat是高可用性linux项目提供的开源Linux集群软件。
        高可用性Linux项目Heartbeat 1.2.3中存在文件覆盖漏洞。
        本地用户可通过针对临时文件的符号链接,覆盖任意文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2231
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2231
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200507-140
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/16039
(VENDOR_ADVISORY)  SECUNIA  16039
http://www.debian.org/security/2005/dsa-761
(UNKNOWN)  DEBIAN  DSA-761

- 漏洞信息

Heartbeat symlink 文件覆盖漏洞
低危 设计错误
2005-07-12 00:00:00 2005-10-20 00:00:00
本地  
        Heartbeat是高可用性linux项目提供的开源Linux集群软件。
        高可用性Linux项目Heartbeat 1.2.3中存在文件覆盖漏洞。
        本地用户可通过针对临时文件的符号链接,覆盖任意文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://www.linux-ha.org/wiki/Downloads

- 漏洞信息 (F39160)

glsa-2005-08-05.txt (PacketStormID:F39160)
2005-08-09 00:00:00
 
advisory
linux,gentoo
CVE-2005-2231
[点击下载]

Gentoo Linux Security Advisory GLSA 200508-05 - Eric Romang has discovered that Heartbeat insecurely creates temporary files with predictable filenames. Versions less than 1.2.3-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200508-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Heartbeat: Insecure temporary file creation
      Date: August 07, 2005
      Bugs: #97175
        ID: 200508-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Heartbeat is vulnerable to symlink attacks, potentially allowing a
local user to overwrite arbitrary files.

Background
==========

Heartbeat is a component of the High-Availability Linux project. It it
used to perform death-of-node detection, communications and cluster
management.

Affected packages
=================

    -------------------------------------------------------------------
     Package                /  Vulnerable  /                Unaffected
    -------------------------------------------------------------------
  1  sys-cluster/heartbeat     < 1.2.3-r1                  >= 1.2.3-r1

Description
===========

Eric Romang has discovered that Heartbeat insecurely creates temporary
files with predictable filenames.

Impact
======

A local attacker could create symbolic links in the temporary file
directory, pointing to a valid file somewhere on the filesystem. When a
vulnerable script is executed, this could lead to the file being
overwritten with the rights of the user running the affected
application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Heartbeat users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-cluster/heartbeat-1.2.3-r1"

References
==========

  [ 1 ] CAN-2005-2231
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2231

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200508-05.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息 (F38767)

Debian Linux Security Advisory 761-1 (PacketStormID:F38767)
2005-07-19 00:00:00
Debian  security.debian.org
advisory
linux,debian
CVE-2005-2231
[点击下载]

Debian Security Advisory DSA 761-1 - Eric Romang discovered several insecure temporary file creations in heartbeat, the subsystem for High-Availability Linux.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 761-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 19th, 2005                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : heartbeat
Vulnerability  : insecure temporary files
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-2231

Eric Romang discovered several insecure temporary file creations in
heartbeat, the subsystem for High-Availability Linux.

For the old stable distribution (woody) these problems have been fixed in
version 0.4.9.0l-7.3.

For the stable distribution (sarge) these problems have been fixed in
version 1.2.3-9sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 1.2.3-12.

We recommend that you upgrade your heartbeat package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3.dsc
      Size/MD5 checksum:      658 2de794d2f0c7bbeafa08ecca95a47a12
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3.diff.gz
      Size/MD5 checksum:    47040 1376087e2548ffea01f1fa05f0644952
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l.orig.tar.gz
      Size/MD5 checksum:   308033 1dcae9e87ad2e5c2113e91a884c1ca8e

  Architecture independent components:

    http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_0.4.9.0l-7.3_all.deb
      Size/MD5 checksum:    33196 1555855937e539691c90d0922c5b4723

  Alpha architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_alpha.deb
      Size/MD5 checksum:   207842 2ac37764f43c65cb2c52ccbcb01c200c
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_alpha.deb
      Size/MD5 checksum:    15528 09da0f1657f0cecdd5a61e64d427d2cd
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_alpha.deb
      Size/MD5 checksum:    14166 68f4624f3ab15fdb40ca5c03509801a9
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_alpha.deb
      Size/MD5 checksum:    63996 e6be61aaf9968a45279836d2c0ccfe06

  ARM architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_arm.deb
      Size/MD5 checksum:   194086 c844f2f1b2229158a9f957a35692a9b7
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_arm.deb
      Size/MD5 checksum:    15192 553019cc16dca110440b1ff71b89c41a
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_arm.deb
      Size/MD5 checksum:    13514 3f0388253daf988d1130e3ca85b22466
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_arm.deb
      Size/MD5 checksum:    53664 fa8d400ac60493dcb9a532d8267aa2a7

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_i386.deb
      Size/MD5 checksum:   185258 f31317301ac9a8c059e1198604e3501f
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_i386.deb
      Size/MD5 checksum:    14860 231f74af0884ca03735c775ad382e8b9
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_i386.deb
      Size/MD5 checksum:    13370 6c003c7a78a50aee134f5e0fb80afca3
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_i386.deb
      Size/MD5 checksum:    51094 4699c73994b6f5ec39f9ece83dbcfc81

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.2_ia64.deb
      Size/MD5 checksum:   259426 34814d6a05215a9cbd3e5c96420d16dd
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.2_ia64.deb
      Size/MD5 checksum:    16156 65ff55faefafac7d4283ce57441d7d00
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.2_ia64.deb
      Size/MD5 checksum:    15240 ff38757ef93dc3bf1027062c6f3bc06e
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.2_ia64.deb
      Size/MD5 checksum:   100186 cc86feab05680b136abd9730a42c49c7

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_hppa.deb
      Size/MD5 checksum:   195524 56abbe7f95d60d060417a6ec48c12483
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_hppa.deb
      Size/MD5 checksum:    15340 9e20f4711e2eea62b7af29ff66e73410
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_hppa.deb
      Size/MD5 checksum:    13712 87b566f57390860362f28e1d36fabd39
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_hppa.deb
      Size/MD5 checksum:    55302 d578c7989b3ee7e817bbc4f7a1747aca

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_m68k.deb
      Size/MD5 checksum:   187656 7659d4d20a0497e6fcd392f748876c79
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_m68k.deb
      Size/MD5 checksum:    15026 d13593c6bc76f66760a1a158665f3bff
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_m68k.deb
      Size/MD5 checksum:    13560 36324500270366b1e96b229857d53273
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_m68k.deb
      Size/MD5 checksum:    53844 805cb90d55db38fbf63491097525af2d

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_mips.deb
      Size/MD5 checksum:   185602 346bd385318eb68b07fb6e46923ba497
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_mips.deb
      Size/MD5 checksum:    15274 9c621d34da8824d136ebdd4936fe222b
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_mips.deb
      Size/MD5 checksum:    13478 335a654e6d4419517ba0ac9f1f616d93
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_mips.deb
      Size/MD5 checksum:    51264 a7f3dd6afb7e8783bef2c112f0c05f5c

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_mipsel.deb
      Size/MD5 checksum:   185328 ee8e33a8fc55f5c1b40a4124627c9809
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_mipsel.deb
      Size/MD5 checksum:    15290 6f4b59bf0e457b0a1c4ab1ff3906056a
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_mipsel.deb
      Size/MD5 checksum:    13458 5b315945a4488e867304bbb30dbc5ccb
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_mipsel.deb
      Size/MD5 checksum:    50692 c47d7b8ea66b7adab97f71451632d82e

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_powerpc.deb
      Size/MD5 checksum:   187646 a5a6db6f8bdcf231c19967f83825ab2f
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_powerpc.deb
      Size/MD5 checksum:    14998 215f2585d66fa25d75caa9a58ae4f814
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_powerpc.deb
      Size/MD5 checksum:    13512 cb16f3b5d02d62cd26b97c64f2328a33
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_powerpc.deb
      Size/MD5 checksum:    52968 1dd68c1e52f0baafe093c1479d0ecfd1

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_s390.deb
      Size/MD5 checksum:   192078 78473e34aa764f4928a99ec072976a2f
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_s390.deb
      Size/MD5 checksum:    15002 18e2a84299bc88cee8368c2450834152
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_s390.deb
      Size/MD5 checksum:    13594 447c803912d89fcaf0f99cea1dc34b65
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_s390.deb
      Size/MD5 checksum:    50648 6fd38fc07695cefc9d6f2c5af4457781

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_0.4.9.0l-7.3_sparc.deb
      Size/MD5 checksum:   204660 701227fa11d9a1cae8beb2cc2cd68bd4
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_0.4.9.0l-7.3_sparc.deb
      Size/MD5 checksum:    15332 e2f9b50afc00eb526b4f0c71a32f4240
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_0.4.9.0l-7.3_sparc.deb
      Size/MD5 checksum:    13526 ead73a8645f1729fa08d245b2e672938
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_0.4.9.0l-7.3_sparc.deb
      Size/MD5 checksum:    68402 a0f407908bb7e5fe31c5bc7075a924f3


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2.dsc
      Size/MD5 checksum:      881 d4d3d4d3ffdb81c703e193d1418bdf94
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2.diff.gz
      Size/MD5 checksum:   267336 448b159ad198b3e5aaa660fa4ba6b018
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3.orig.tar.gz
      Size/MD5 checksum:  1772513 9fd126e5dff51cc8c1eee223c252a4af

  Architecture independent components:

    http://security.debian.org/pool/updates/main/h/heartbeat/ldirectord_1.2.3-9sarge2_all.deb
      Size/MD5 checksum:    45260 1712cab7c30f489ab160d5f7d06a3716

  Alpha architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_alpha.deb
      Size/MD5 checksum:   574418 1ac2659439d0671361f3162eddd347b3
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_alpha.deb
      Size/MD5 checksum:   150546 c31bf25636f891049cb053044a570aaf
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_alpha.deb
      Size/MD5 checksum:    70828 75ff910609f049c38bccaa54aef64fe3
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_alpha.deb
      Size/MD5 checksum:    53860 2b730ffadbd9acf789622e3388eb1b03
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_alpha.deb
      Size/MD5 checksum:    31016 334717fd25592ce2b643b3ae7616975e
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_alpha.deb
      Size/MD5 checksum:    94036 a7616bfe7d88fb048836ccd8cf993987
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_alpha.deb
      Size/MD5 checksum:    31472 7d264c0cb86bf84a3ec624d487589a04

  ARM architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_arm.deb
      Size/MD5 checksum:   498330 c7efb45f68781a939308a72526f89384
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_arm.deb
      Size/MD5 checksum:   123540 d5ada0bb40732f0600e214109b82fb65
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_arm.deb
      Size/MD5 checksum:    63128 c34a0b395cf9ff89f9d900d7922553a0
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_arm.deb
      Size/MD5 checksum:    48984 e61af3427c0fa8b91d3da816fb56ca03
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_arm.deb
      Size/MD5 checksum:    29752 26269c283c1d25dadc460646db6328cb
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_arm.deb
      Size/MD5 checksum:    77326 9762feec9177b5f25fb7a27df2343797
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_arm.deb
      Size/MD5 checksum:    30182 31d4ef55c09e15c7216b45b9fba8d7c0

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_i386.deb
      Size/MD5 checksum:   493576 aa1036e1d88d4ed7e427c41c59b4c299
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_i386.deb
      Size/MD5 checksum:   117480 bdac3d64829390a9f1d4e9f072cedcd2
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_i386.deb
      Size/MD5 checksum:    58838 e02009ab5394e1c6c8e23f6b82ce27ed
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_i386.deb
      Size/MD5 checksum:    48020 897a098bf7c4eb050b9bbb25f4b4cb51
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_i386.deb
      Size/MD5 checksum:    29484 4c6cf357f0f3f9489148e371101b5158
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_i386.deb
      Size/MD5 checksum:    79082 7e0fed09db38b4aa952b49c504c1e2e9
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_i386.deb
      Size/MD5 checksum:    30334 934b99ffd0c64cbaa93d98924dec7ce9

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_ia64.deb
      Size/MD5 checksum:   648240 9fa7f6229d090538201900967ae19b98
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_ia64.deb
      Size/MD5 checksum:   152596 6420045a3eca23f837b95afc764b441e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_ia64.deb
      Size/MD5 checksum:    74092 0696213e6ae465f94895fd8bfce04e06
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_ia64.deb
      Size/MD5 checksum:    62356 a7188eaa4220e15d66e68d25b81ef8f5
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_ia64.deb
      Size/MD5 checksum:    31158 503f77fe0a202131271d5c7bd5644154
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_ia64.deb
      Size/MD5 checksum:   104520 e67cde820023abd4d3f972fe5b382786
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_ia64.deb
      Size/MD5 checksum:    32408 0b523cf39ff5637d3a1a77087acfc568

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_hppa.deb
      Size/MD5 checksum:   550526 04644d7961eb113e73df5421aa95c2ec
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_hppa.deb
      Size/MD5 checksum:   135838 305b84e50925aa9649c6d1bc85a01b4d
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_hppa.deb
      Size/MD5 checksum:    68118 6003de303229ac0d7620ad186e37feb8
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_hppa.deb
      Size/MD5 checksum:    55496 f3a577742b3f36f7930da7a0be4834b9
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_hppa.deb
      Size/MD5 checksum:    30262 7491e3eee8f09a3e4c4182e52188b8b6
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_hppa.deb
      Size/MD5 checksum:    92738 4bbd6be9256859def562f7bc2ce609c2
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_hppa.deb
      Size/MD5 checksum:    31342 043d19ec3865b81da9a4614c871598d7

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_m68k.deb
      Size/MD5 checksum:   480546 52de98aa76b73fc50f3c76320134f162
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_m68k.deb
      Size/MD5 checksum:   113396 1fabe1ce369c9598fc54c3dd98ea7c4c
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_m68k.deb
      Size/MD5 checksum:    56432 d29cde3792cdf7f87f82555fc73a0017
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_m68k.deb
      Size/MD5 checksum:    48172 938a4dff2081fc7b0e3b2b3a2682be76
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_m68k.deb
      Size/MD5 checksum:    29382 ac7c0249dec626802b288a47f8453550
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_m68k.deb
      Size/MD5 checksum:    81846 947c019eadd0d23c7035d55797e84020
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_m68k.deb
      Size/MD5 checksum:    30176 2b79abf07dd5ccf750e24d8c340f2936

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_mips.deb
      Size/MD5 checksum:   536356 34cc0c834822a400940f0f8ce35fbba3
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_mips.deb
      Size/MD5 checksum:   132518 73ed368f00343201e2b8aae24b16bc2e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_mips.deb
      Size/MD5 checksum:    65420 d5c9dc962b061e87df0b2c1de8e17b52
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_mips.deb
      Size/MD5 checksum:    48294 09c0de4f6afe635b343ae267f9c8479a
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_mips.deb
      Size/MD5 checksum:    30092 3af323a0a152ebdb35e874aa46ad2153
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_mips.deb
      Size/MD5 checksum:    80576 e5b762cba06123a188d8b702ab1ea426
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_mips.deb
      Size/MD5 checksum:    32554 af522fc1d263d87b3e4990f90d6fe0f9

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_mipsel.deb
      Size/MD5 checksum:   536930 cd16e4657be6e5e80b6d42e083b0b59e
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_mipsel.deb
      Size/MD5 checksum:   132626 f3cebb2630ca5fabed9c2d7dd85b718f
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_mipsel.deb
      Size/MD5 checksum:    65190 1de3a22e027cf649c38ed3ee6e306fff
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_mipsel.deb
      Size/MD5 checksum:    48504 a1a5790879c230ae02e34d0e8dff66fb
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_mipsel.deb
      Size/MD5 checksum:    30118 686a83f067d915355659a1b7de6fcb79
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_mipsel.deb
      Size/MD5 checksum:    80490 9f2c86dcab0d151ef75df431dad1016a
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_mipsel.deb
      Size/MD5 checksum:    32542 06cf7d8f2f62346771da7205a0c2ba68

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_powerpc.deb
      Size/MD5 checksum:   554912 ffda2ab8ed9fbd870f39ca12ec7ce51b
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_powerpc.deb
      Size/MD5 checksum:   127456 0a82ec5198eeca8f10db33a14ff78ed3
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_powerpc.deb
      Size/MD5 checksum:    61698 68ec3aea447a88a2d1b3939ce3d0cc49
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_powerpc.deb
      Size/MD5 checksum:    53354 c655c0674036cfb81474381bf5e24bcd
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_powerpc.deb
      Size/MD5 checksum:    29970 138543206d3ff9ce4c329e2d3bf1f3a1
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_powerpc.deb
      Size/MD5 checksum:    98528 55a8e99ad199ea6d08cbfe25ccb5fcfe
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_powerpc.deb
      Size/MD5 checksum:    33138 8e049d3fd4863eb717a03c22acc12855

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_s390.deb
      Size/MD5 checksum:   530408 719bec59d58bf3b4a0ade578d2f43d43
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_s390.deb
      Size/MD5 checksum:   126590 7822fa62f40cdd4759cd6e0fff682b7e
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_s390.deb
      Size/MD5 checksum:    62282 6837ea537550f5acc19f0bbcb3b1ff17
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_s390.deb
      Size/MD5 checksum:    52798 8298af9cff07a7bdc24afb31cb750a12
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_s390.deb
      Size/MD5 checksum:    29864 1bb5ab18a77f5ad667c3c5ad850f5dae
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_s390.deb
      Size/MD5 checksum:    84714 bb3ee107874ee4bd21957d4cdfc899cb
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_s390.deb
      Size/MD5 checksum:    30832 cb960d90b91d2f2ae3c25cf66900531e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat_1.2.3-9sarge2_sparc.deb
      Size/MD5 checksum:   500806 402c337b801c3fd473efa6215ab057b4
    http://security.debian.org/pool/updates/main/h/heartbeat/heartbeat-dev_1.2.3-9sarge2_sparc.deb
      Size/MD5 checksum:   121060 9e80b92c79d823c227a1faa00744eefb
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils-dev_1.2.3-9sarge2_sparc.deb
      Size/MD5 checksum:    62868 8fe8d18f0988fc58c6e42af1b4fd6cb7
    http://security.debian.org/pool/updates/main/h/heartbeat/libpils0_1.2.3-9sarge2_sparc.deb
      Size/MD5 checksum:    49962 ff349f6dd6d4afd784b9313b60e08876
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith-dev_1.2.3-9sarge2_sparc.deb
      Size/MD5 checksum:    29724 81ed86ebcfd7e4bd2a45d9210e6e9618
    http://security.debian.org/pool/updates/main/h/heartbeat/libstonith0_1.2.3-9sarge2_sparc.deb
      Size/MD5 checksum:    81058 54d0183a7a4dc65672a543900b525cf6
    http://security.debian.org/pool/updates/main/h/heartbeat/stonith_1.2.3-9sarge2_sparc.deb
      Size/MD5 checksum:    30268 e420c028e3a64d063327fc28e3dd193b


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFC3JbYW5ql+IAeqTIRAiyrAKCB65OIpGivYLfUyaCpkHmvWa9D8ACggqL8
AWLHBRnD1/fbdmwJX6Ow97c=
=vE9B
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

17892
Heartbeat Multiple Script Symlink Arbitrary File Modification
Local Access Required Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-06-27 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linux-HA Heartbeat Insecure Temporary File Creation Vulnerability
Design Error 14233
No Yes
2005-07-12 12:00:00 2009-07-12 04:06:00
Discovery is credited to Eric Romang.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Linux-HA heartbeat 1.2.3
- Debian Linux 3.1 sparc
- Debian Linux 3.1 s/390
- Debian Linux 3.1 ppc
- Debian Linux 3.1 mipsel
- Debian Linux 3.1 mips
- Debian Linux 3.1 m68k
- Debian Linux 3.1 ia-64
- Debian Linux 3.1 ia-32
- Debian Linux 3.1 hppa
- Debian Linux 3.1 arm
- Debian Linux 3.1 alpha
- Debian Linux 3.1
Linux-HA heartbeat 1.2.2
Linux-HA heartbeat 0.9.4 d
Linux-HA heartbeat 0.9.4
Linux-HA heartbeat 0.4.9 c
Linux-HA heartbeat 0.4.9 b
Linux-HA heartbeat 0.4.9 a
Linux-HA heartbeat 0.4.9 .1
+ Conectiva Linux 8.0
Linux-HA heartbeat 0.4.9
- Debian Linux 3.0 sparc
- Debian Linux 3.0 s/390
- Debian Linux 3.0 ppc
- Debian Linux 3.0 mipsel
- Debian Linux 3.0 mips
- Debian Linux 3.0 m68k
- Debian Linux 3.0 ia-64
- Debian Linux 3.0 ia-32
- Debian Linux 3.0 hppa
- Debian Linux 3.0 arm
- Debian Linux 3.0 alpha
- Debian Linux 3.0
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Conectiva Linux 10.0
Conectiva Linux 9.0

- 漏洞讨论

heartbeat creates temporary files in an insecure manner.

A local attacker would most likely take advantage of this vulnerability by creating a malicious symbolic link in a directory where the temporary files will be created. When the program attempts to perform an operation on a temporary file, it will instead perform the operation on the file pointed to by the malicious symbolic link.

Exploitation would most likely result in loss of data or a denial of service if critical files are overwritten in the attack. Other attacks may be possible as well.

- 漏洞利用

There is no exploit required.

- 解决方案

Debian has released advisory DSA 761-1 to address this vulnerability. Please see the attached advisory for further information on obtaining and applying fixes.

Conectiva Linux has released security advisory CLSA-2005:991 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Gentoo has released advisory GLSA 200508-05 to address this issue. Please see the attached advisory for further information. Gentoo users may carry out the following commands to update their computers:

emerge --sync
emerge --ask --oneshot --verbose ">=sys-cluster/heartbeat-1.2.3-r1"

Mandriva has released security advisory MDKSA-2005:132 addressing this issue. Please see the referenced advisory for further information.

Ubuntu has released security advisory USN-165-1 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Debian has released security advisory DSA 773-1 addressing several issues for their AMD64 port of the operating system. Please see the referenced
advisory for further information.

Debian has released an updated security advisory (DSA 761-2) addressing this issue. Please see the referenced advisory for further information.

---
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


Linux-HA heartbeat 0.4.9

Linux-HA heartbeat 1.2.2

Linux-HA heartbeat 1.2.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站