CVE-2005-2670
CVSS5.0
发布时间 :2005-08-23 00:00:00
修订时间 :2008-09-05 16:52:23
NMCO    

[原文]Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via ".." sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files.


[CNNVD]HAURI Anti-Virus 目录遍历漏洞 (CNNVD-200508-238)

        Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via ".." sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files. HAURI Anti-Virus产品,包括 ViRobot Expert 4.0、Advanced Server、Linux Server 2.0和LiveCall,存在目录遍历漏洞。这使得远程攻击者可以借助于包含在(1) ACE、(2)ARJ、(3)CAB、(4)LZH、(5)RAR、(6) TAR和 (7)ZIP文件中的文件名中的".."序列重写任意文件。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:hauri:virobot_advanced_server
cpe:/a:hauri:livecall
cpe:/a:hauri:virobot_linux_server:2.0
cpe:/a:hauri:virobot_expert:4.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2670
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2670
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200508-238
(官方数据源) CNNVD

- 其它链接及资源

http://www.globalhauri.com/html/download/down_unixpatch.html
(PATCH)  MISC  http://www.globalhauri.com/html/download/down_unixpatch.html
http://securitytracker.com/id?1014740
(VENDOR_ADVISORY)  SECTRACK  1014740
http://secunia.com/secunia_research/2005-24/advisory
(VENDOR_ADVISORY)  MISC  http://secunia.com/secunia_research/2005-24/advisory
http://secunia.com/advisories/15846
(VENDOR_ADVISORY)  SECUNIA  15846
http://www.securityfocus.com/bid/14606
(UNKNOWN)  BID  14606

- 漏洞信息

HAURI Anti-Virus 目录遍历漏洞
中危 路径遍历
2005-08-23 00:00:00 2005-10-20 00:00:00
远程  
        Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via ".." sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files. HAURI Anti-Virus产品,包括 ViRobot Expert 4.0、Advanced Server、Linux Server 2.0和LiveCall,存在目录遍历漏洞。这使得远程攻击者可以借助于包含在(1) ACE、(2)ARJ、(3)CAB、(4)LZH、(5)RAR、(6) TAR和 (7)ZIP文件中的文件名中的".."序列重写任意文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Raven Software Soldier Of Fortune 2 0
        Hauri down_unixpatch.html
        http://www.globalhauri.com/html/download/down_unixpatch.html
        Hauri LiveCall
        Hauri down_unixpatch.html
        http://www.globalhauri.com/html/download/down_unixpatch.html
        Hauri ViRobot Linux Server 2.0
        Hauri down_unixpatch.html
        http://www.globalhauri.com/html/download/down_unixpatch.html
        Hauri ViRobot Expert 4.0
        Hauri down_unixpatch.html
        http://www.globalhauri.com/html/download/down_unixpatch.html

- 漏洞信息

18812
HAURI Anti-Virus Compressed Archive Extraction Traversal Arbitrary File Write
Local Access Required Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

Multiple HAURI Anti-Virus products contain a flaw that allows a remote attacker to overwrite arbitrary files. The issue is due to unsafe extraction of compressed archives into a temporary directory before scanning which can be used to write files into arbitrary directories when scanning, specifically a malicious archive containing files that have "../../" directory sequences in their filenames, resulting a loss of integrity.

- 时间线

2005-08-19 2005-06-30
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. Vendor has released a patch to address this vulnerability, however the updated version obtained available via online update is still vulnerable when scanning certain archive types.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站