CVE-2005-2960
CVSS2.1
发布时间 :2005-10-05 15:02:00
修订时间 :2010-04-02 01:35:22
NMCOPS    

[原文]cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.


[CNNVD]GNU CFEngine不安全临时文件创建漏洞(CNNVD-200510-016)

        cfengine(配置引擎)是一种UNIX 管理工具,其目的是使简单的管理的任务自动化,使困难的任务变得较容易。
        cfengine 1.6.5和2.1.16可以使本地用户借助由vicf.in使用的临时文件上的symlink攻击,改写任意文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:debian:debian_linux:3.1::sparc
cpe:/o:debian:debian_linux:3.1::ia-64
cpe:/a:gnu:cfengine:1.5GNU Cfengine 1.5
cpe:/o:debian:debian_linux:3.1::s-390
cpe:/o:debian:debian_linux:3.1::mipsel
cpe:/o:debian:debian_linux:3.1::ppc
cpe:/a:gnu:cfengine:1.6:a10
cpe:/o:debian:debian_linux:3.1::mips
cpe:/a:gnu:cfengine:2.0.7:p2
cpe:/a:gnu:cfengine:2.0.7:p3
cpe:/a:gnu:cfengine:2.1.16GNU Cfengine 2.1.16
cpe:/a:gnu:cfengine:2.1.0:a6
cpe:/o:debian:debian_linux:3.1::m68k
cpe:/o:debian:debian_linux:3.1::hppa
cpe:/a:gnu:cfengine:2.1.7:p1
cpe:/a:gnu:cfengine:2.0.3GNU Cfengine 2.0.3
cpe:/a:gnu:cfengine:2.0.0GNU Cfengine 2.0.0
cpe:/a:gnu:cfengine:1.6:a11
cpe:/a:gnu:cfengine:2.1.9GNU Cfengine 2.1.9
cpe:/a:gnu:cfengine:2.0.8:p1
cpe:/a:gnu:cfengine:2.0.8GNU Cfengine 2.0.8
cpe:/a:gnu:cfengine:2.1.0:a8
cpe:/a:gnu:cfengine:2.0.4GNU Cfengine 2.0.4
cpe:/o:debian:debian_linux:3.1::alpha
cpe:/a:gnu:cfengine:2.0.5:b1
cpe:/a:gnu:cfengine:2.0.5GNU Cfengine 2.0.5
cpe:/a:gnu:cfengine:1.6.5GNU Cfengine 1.6.5
cpe:/o:debian:debian_linux:3.1Debian Debian Linux 3.1
cpe:/o:debian:debian_linux:3.1::arm
cpe:/o:debian:debian_linux:3.1::amd64
cpe:/a:gnu:cfengine:2.0.7:p1
cpe:/a:gnu:cfengine:1.5.3-4GNU Cfengine 1.5.3_4
cpe:/a:gnu:cfengine:2.0.6GNU Cfengine 2.0.6
cpe:/a:gnu:cfengine:2.0.5:pre
cpe:/a:gnu:cfengine:2.0.1GNU Cfengine 2.0.1
cpe:/a:gnu:cfengine:2.1.0:a9
cpe:/o:debian:debian_linux:3.1::ia-32
cpe:/a:gnu:cfengine:2.0.2GNU Cfengine 2.0.2
cpe:/a:gnu:cfengine:2.1.8GNU Cfengine 2.1.8
cpe:/a:gnu:cfengine:2.0.5:pre2
cpe:/a:gnu:cfengine:2.0.7GNU Cfengine 2.0.7

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2960
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2960
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-016
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2005/dsa-836
(PATCH)  DEBIAN  DSA-836
http://www.debian.org/security/2005/dsa-835
(PATCH)  DEBIAN  DSA-835
http://groups.google.com/group/gnu.cfengine.help/browse_thread/thread/fc25e7d98f8ba401/38151ed821803be0#38151ed821803be0
(VENDOR_ADVISORY)  MISC  http://groups.google.com/group/gnu.cfengine.help/browse_thread/thread/fc25e7d98f8ba401/38151ed821803be0#38151ed821803be0
http://xforce.iss.net/xforce/xfdb/22489
(VENDOR_ADVISORY)  XF  cfengine-mulitple-file-symlink(22489)
http://www.securityfocus.com/bid/14994
(UNKNOWN)  BID  14994
http://secunia.com/advisories/17037/
(VENDOR_ADVISORY)  SECUNIA  17037
http://bugs.gentoo.org/show_bug.cgi?id=107871
(VENDOR_ADVISORY)  MISC  http://bugs.gentoo.org/show_bug.cgi?id=107871
http://www.ubuntu.com/usn/usn-198-1
(UNKNOWN)  UBUNTU  USN-198-1
http://www.novell.com/linux/security/advisories/2005_23_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:023
http://www.mandriva.com/security/advisories?name=MDKSA-2005:184
(UNKNOWN)  MANDRIVA  MDKSA-2005:184
http://secunia.com/advisories/17215
(UNKNOWN)  SECUNIA  17215
http://secunia.com/advisories/17182
(UNKNOWN)  SECUNIA  17182
http://secunia.com/advisories/17142
(UNKNOWN)  SECUNIA  17142
http://secunia.com/advisories/17040
(UNKNOWN)  SECUNIA  17040
http://secunia.com/advisories/17038
(UNKNOWN)  SECUNIA  17038

- 漏洞信息

GNU CFEngine不安全临时文件创建漏洞
低危 访问验证错误
2005-10-05 00:00:00 2005-10-25 00:00:00
本地  
        cfengine(配置引擎)是一种UNIX 管理工具,其目的是使简单的管理的任务自动化,使困难的任务变得较容易。
        cfengine 1.6.5和2.1.16可以使本地用户借助由vicf.in使用的临时文件上的symlink攻击,改写任意文件。

- 公告与补丁

        暂无数据

- 漏洞信息 (F40772)

Mandriva Linux Security Advisory 2005.184 (PacketStormID:F40772)
2005-10-18 00:00:00
Mandriva  mandriva.com
advisory,arbitrary,local
linux,mandriva
CVE-2005-2960
[点击下载]

Mandriva Linux Security Update Advisory - Javier Fern

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           cfengine
 Advisory ID:            MDKSA-2005:184
 Date:                   October 13th, 2005

 Affected versions:	 10.1, 10.2, 2006.0, Corporate 3.0,
			 Corporate Server 2.1
 ______________________________________________________________________

 Problem Description:

 Javier Fern    

- 漏洞信息 (F40567)

Ubuntu Security Notice 198-1 (PacketStormID:F40567)
2005-10-11 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,local
linux,ubuntu
CVE-2005-2960,CVE-2005-3137
[点击下载]

Ubuntu Security Notice USN-198-1 - Javier Fernandez-Sanguino Pena discovered that several tools in the cfengine package (vicf, cfmailfilter, and cfcron) create and use temporary files in an insecure way. A local attacker could exploit this with a symlink attack to create or overwrite arbitrary files with the privileges of the user running the cfengine program.

===========================================================
Ubuntu Security Notice USN-198-1	   October 10, 2005
cfengine vulnerabilities
CAN-2005-2960, CAN-2005-3137
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

cfengine

The problem can be corrected by upgrading the affected package to
version 1.6.5-1ubuntu0.4.10.1 (for Ubuntu 4.10), or
1.6.5-1ubuntu0.5.04.1 (for Ubuntu 5.04).  In general, a standard
system upgrade is sufficient to effect the necessary changes.

Details follow:

Javier Fern    

- 漏洞信息 (F40370)

Debian Linux Security Advisory 835-1 (PacketStormID:F40370)
2005-10-04 00:00:00
Debian  security.debian.org
advisory,arbitrary,root
linux,debian
CVE-2005-2960
[点击下载]

Debian Security Advisory DSA 835-1 - Javier Fern

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 835-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 1st, 2005                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : cfengine
Vulnerability  : insecure temporary files
Problem type   : local
Debian-specific: no
CVE ID         : CAN-2005-2960

Javier Fern    

- 漏洞信息

19819
Cfengine contrib/vicf.in Symlink Arbitrary File Overwrite
Local Access Required Race Condition

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-10-01 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

GNU CFEngine Insecure Temporary File Creation Vulnerability
Access Validation Error 14994
No Yes
2005-10-01 12:00:00 2009-07-12 05:06:00
Discovered by Javier Fernandez-Sanguino Pena.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
GNU Cfengine 2.1.15
GNU Cfengine 2.1.12
GNU Cfengine 2.1.9
GNU Cfengine 2.1.8
GNU Cfengine 2.1.7 p1
GNU Cfengine 2.1 .0a9
GNU Cfengine 2.1 .0a8
GNU Cfengine 2.1 .0a6
GNU Cfengine 2.0.7 p3
GNU Cfengine 2.0.7 p2
GNU Cfengine 2.0.7 p1
GNU Cfengine 2.0.7
GNU Cfengine 2.0.6
GNU Cfengine 2.0.5 pre2
GNU Cfengine 2.0.5 pre
GNU Cfengine 2.0.5 b1
GNU Cfengine 2.0.5
GNU Cfengine 2.0.4
GNU Cfengine 2.0.3
GNU Cfengine 2.0.2
GNU Cfengine 2.0.1
GNU Cfengine 2.0 .8p1
GNU Cfengine 2.0 .8
GNU Cfengine 2.0 .0
GNU Cfengine 1.6.5
GNU Cfengine 1.6.3
GNU Cfengine 1.6 a11
GNU Cfengine 1.6 a10
GNU Cfengine 1.5.3 -4
+ Debian Linux 2.2
- RedHat Linux 6.0 x
GNU Cfengine 1.5 x
+ Debian Linux 2.2
- RedHat Linux 6.0 x
- RedHat Linux 5.x
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

GNU cfengine is prone to an insecure temporary file creation vulnerability. Exploitation may allow arbitrary files to be overwritten.

- 漏洞利用

An exploit is not required.

- 解决方案

Debian has released advisory DSA 835-1 and fixes to address this issue. Please see the referenced advisory for additional information.

Debian has released advisory DSA 836-1 and fixes to address this issue for cfengine2. Please see the referenced advisory for additional information.

Ubuntu has released advisory USN-198-1 to address this issue. Please see the referenced advisory for more information.

Mandriva Linux has released security advisory MDKSA-2005:184 addressing this issue. Please see the referenced advisory for further information.

SUSE Linux has released security summary report SUSE-SR:2005:023 addressing this and other issues. Please see the referenced advisory for further information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


GNU Cfengine 1.6.3

GNU Cfengine 1.6.5

GNU Cfengine 2.1.12

GNU Cfengine 2.1.15

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站