CVE-2005-3070 |
|
发布时间 :2005-09-27 15:03:00 | ||
修订时间 :2008-09-05 16:53:23 | ||||
NMCOPS |
[原文]HylaFax 4.2.1 and earlier does not create or verify ownership of the UNIX domain socket, which might allow local users to read faxes and cause a denial of service by creating the socket using the hyla.unix temporary file.
[CNNVD]HylaFAX拒绝服务漏洞(CNNVD-200509-259)
UNIX上的一个收发传真软件,可任意设置纸张大小。
HylaFax 4.2.1及早期版本不创建或验证UNIX域名套接字的所有权,利用此漏洞,本地用户可通过创建使用hyla.unix临时文件的套接字,来读取传真,并触发服务拒绝攻击。
- CVSS (基础分值)
CVSS分值: | 3.6 | [轻微(LOW)] |
机密性影响: | PARTIAL | [很可能造成信息泄露] |
完整性影响: | NONE | [不会对系统完整性产生影响] |
可用性影响: | PARTIAL | [可能会导致性能下降或中断资源访问] |
攻击复杂度: | LOW | [漏洞利用没有访问限制 ] |
攻击向量: | LOCAL | [漏洞利用需要具有物理访问权限或本地帐户] |
身份认证: | NONE | [漏洞利用无需身份认证] |
- CPE (受影响的平台与产品)
产品及版本信息(CPE)暂不可用 |
- OVAL (用于检测的技术细节)
未找到相关OVAL定义 |
- 官方数据库链接
- 其它链接及资源
http://www.mandriva.com/security/advisories?name=MDKSA-2005:177 (VENDOR_ADVISORY) MANDRIVA MDKSA-2005:177 |
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384 (VENDOR_ADVISORY) MISC http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=329384 |
http://www.securityfocus.com/bid/15043 (UNKNOWN) BID 15043 |
http://secunia.com/advisories/17107 (UNKNOWN) SECUNIA 17107 |
- 漏洞信息
HylaFAX拒绝服务漏洞 | |
低危 | 设计错误 |
2005-09-27 00:00:00 | 2005-10-20 00:00:00 |
本地 | |
UNIX上的一个收发传真软件,可任意设置纸张大小。
HylaFax 4.2.1及早期版本不创建或验证UNIX域名套接字的所有权,利用此漏洞,本地用户可通过创建使用hyla.unix临时文件的套接字,来读取传真,并触发服务拒绝攻击。 |
- 公告与补丁
暂无数据 |
- 漏洞信息 (F40517)
Mandriva Linux Security Advisory 2005.177 (PacketStormID:F40517) |
2005-10-08 00:00:00 |
Mandriva mandriva.com |
advisory,arbitrary,local |
linux,unix,mandriva |
CVE-2005-3069,CVE-2005-3070 |
[点击下载] |
Mandriva Linux Security Update Advisory - faxcron, recvstats, and xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. In addition, HylaFax has some provisional support for Unix domain sockets, which is disabled in the default compile configuration. It is suspected that a local user could create a fake /tmp/hyla.unix socket and intercept fax traffic via this socket. In testing for this vulnerability, with CONFIG_UNIXTRANSPORT disabled, it has been found that client programs correctly exit before sending any data. |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Update Advisory _______________________________________________________________________ Package name: hylafax Advisory ID: MDKSA-2005:177 Date: October 7th, 2005 Affected versions: 10.1, 10.2, 2006.0, Corporate 3.0, Corporate Server 2.1 ______________________________________________________________________ Problem Description: faxcron, recvstats, and xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. (CAN-2005-3069) In addition, HylaFax has some provisional support for Unix domain sockets, which is disabled in the default compile configuration. It is suspected that a local user could create a fake /tmp/hyla.unix socket and intercept fax traffic via this socket. In testing for this vulnerability, with CONFIG_UNIXTRANSPORT disabled, it has been found that client programs correctly exit before sending any data. (CAN-2005-3070) The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3069 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3070 ______________________________________________________________________ Updated Packages: Mandrivalinux 10.1: f7ca9274944776e0c8a697b77cc517ea 10.1/RPMS/hylafax-4.2.0-1.3.101mdk.i586.rpm c49a39ddf8151f10b06b0ac70dc9c3e8 10.1/RPMS/hylafax-client-4.2.0-1.3.101mdk.i586.rpm 77211d2fe0790d276694b1cf3d2d855c 10.1/RPMS/hylafax-server-4.2.0-1.3.101mdk.i586.rpm aaaca7a343600961e87f6c6e4ead0c8d 10.1/RPMS/libhylafax4.2.0-4.2.0-1.3.101mdk.i586.rpm da5bce1b0c53e298dcd7cb5ef0dbab5d 10.1/RPMS/libhylafax4.2.0-devel-4.2.0-1.3.101mdk.i586.rpm ca2bdc57603dda7f982c59626d9e2a02 10.1/SRPMS/hylafax-4.2.0-1.3.101mdk.src.rpm Mandrivalinux 10.1/X86_64: 35f7d808588e1d9ad5b8de2c9e5c8cb0 x86_64/10.1/RPMS/hylafax-4.2.0-1.3.101mdk.x86_64.rpm 1b8a373e8d1d005b4b14124dba7b5df1 x86_64/10.1/RPMS/hylafax-client-4.2.0-1.3.101mdk.x86_64.rpm 5f169d7d2377d8066e2d13c771d431eb x86_64/10.1/RPMS/hylafax-server-4.2.0-1.3.101mdk.x86_64.rpm 677f9360dcdfca9f86967ad4c6f738f1 x86_64/10.1/RPMS/lib64hylafax4.2.0-4.2.0-1.3.101mdk.x86_64.rpm e2185b51d1d9568ccca76e37cd99e98b x86_64/10.1/RPMS/lib64hylafax4.2.0-devel-4.2.0-1.3.101mdk.x86_64.rpm ca2bdc57603dda7f982c59626d9e2a02 x86_64/10.1/SRPMS/hylafax-4.2.0-1.3.101mdk.src.rpm Mandrivalinux 10.2: 55a1638f62262ff6a156006a460ef681 10.2/RPMS/hylafax-4.2.0-3.1.102mdk.i586.rpm d02bb11c38379885513c742cf09212c0 10.2/RPMS/hylafax-client-4.2.0-3.1.102mdk.i586.rpm d425b48947dc0bc5dc78b5512bf06fb9 10.2/RPMS/hylafax-server-4.2.0-3.1.102mdk.i586.rpm 0652d1bca7a8904a9443c1e88939a9ee 10.2/RPMS/libhylafax4.2.0-4.2.0-3.1.102mdk.i586.rpm 71f742c2355201f94130bfc0febfcfd1 10.2/RPMS/libhylafax4.2.0-devel-4.2.0-3.1.102mdk.i586.rpm f8e2073acf5408bf8b55b3d22e55e2b2 10.2/SRPMS/hylafax-4.2.0-3.1.102mdk.src.rpm Mandrivalinux 10.2/X86_64: 80b93124024f35ac604bca04c2157b6b x86_64/10.2/RPMS/hylafax-4.2.0-3.1.102mdk.x86_64.rpm 54de1417816622492047cd95fcd192d1 x86_64/10.2/RPMS/hylafax-client-4.2.0-3.1.102mdk.x86_64.rpm 2682977698f5665e0bfde4f04123d817 x86_64/10.2/RPMS/hylafax-server-4.2.0-3.1.102mdk.x86_64.rpm 30820c2cbf827ff91e55c6c29ec795a7 x86_64/10.2/RPMS/lib64hylafax4.2.0-4.2.0-3.1.102mdk.x86_64.rpm d8aae5eacf14c4f8321512e8c2696542 x86_64/10.2/RPMS/lib64hylafax4.2.0-devel-4.2.0-3.1.102mdk.x86_64.rpm f8e2073acf5408bf8b55b3d22e55e2b2 x86_64/10.2/SRPMS/hylafax-4.2.0-3.1.102mdk.src.rpm Mandrivalinux 2006.0: 8e97d7f9a84998a8c067c4b6185931cc 2006.0/RPMS/hylafax-4.2.1-2.1.20060mdk.i586.rpm 3d61efb5c464b443ac8ed26310a9db46 2006.0/RPMS/hylafax-client-4.2.1-2.1.20060mdk.i586.rpm a42170bbc1d3acebe176dc6beb286c40 2006.0/RPMS/hylafax-server-4.2.1-2.1.20060mdk.i586.rpm ffca2d97b9de37c2f07af1f8b5a556bf 2006.0/RPMS/libhylafax4.2.0-4.2.1-2.1.20060mdk.i586.rpm 54b789ce44dffb9b22d6777d8796d264 2006.0/RPMS/libhylafax4.2.0-devel-4.2.1-2.1.20060mdk.i586.rpm 3d78c1a88aecbd9d6ae0a947cf2eaa29 2006.0/SRPMS/hylafax-4.2.1-2.1.20060mdk.src.rpm Mandrivalinux 2006.0/X86_64: 39a1e3bf1a63d33b424888a4a5c7faac x86_64/2006.0/RPMS/hylafax-4.2.1-2.1.20060mdk.x86_64.rpm 4908c196d94d4bc72e1e79091ca7a098 x86_64/2006.0/RPMS/hylafax-client-4.2.1-2.1.20060mdk.x86_64.rpm 7f9ea9edf76faf3f3b917c96d8110ed5 x86_64/2006.0/RPMS/hylafax-server-4.2.1-2.1.20060mdk.x86_64.rpm af2ec227f9d5b98b53c94bff68e47c50 x86_64/2006.0/RPMS/lib64hylafax4.2.0-4.2.1-2.1.20060mdk.x86_64.rpm 6840b4ff77f07090faa5b32620c05afe x86_64/2006.0/RPMS/lib64hylafax4.2.0-devel-4.2.1-2.1.20060mdk.x86_64.rpm 3d78c1a88aecbd9d6ae0a947cf2eaa29 x86_64/2006.0/SRPMS/hylafax-4.2.1-2.1.20060mdk.src.rpm Corporate Server 2.1: e0e77173d66d6a0c31ffc84cd40a4253 corporate/2.1/RPMS/hylafax-4.1.3-5.3.C21mdk.i586.rpm 6f38a677c369b3a2110bd508a2a439e3 corporate/2.1/RPMS/hylafax-client-4.1.3-5.3.C21mdk.i586.rpm fce937eeb3257adefe370294bbb8516e corporate/2.1/RPMS/hylafax-server-4.1.3-5.3.C21mdk.i586.rpm bfe2fedab3fdbbb726995e4a6e4a93ac corporate/2.1/RPMS/libhylafax4.1.1-4.1.3-5.3.C21mdk.i586.rpm c4b2bb4b1ab084a2949a934978a33d7f corporate/2.1/RPMS/libhylafax4.1.1-devel-4.1.3-5.3.C21mdk.i586.rpm 763f4270d854d27b53c83c378bf81151 corporate/2.1/SRPMS/hylafax-4.1.3-5.3.C21mdk.src.rpm Corporate Server 2.1/X86_64: 213b760b160484b8e17e5da32f974048 x86_64/corporate/2.1/RPMS/hylafax-4.1.3-5.3.C21mdk.x86_64.rpm a4069af7c182c925844fcdcbad0b6ad6 x86_64/corporate/2.1/RPMS/hylafax-client-4.1.3-5.3.C21mdk.x86_64.rpm 840537452b7e5dcc83e36d72e5b9071f x86_64/corporate/2.1/RPMS/hylafax-server-4.1.3-5.3.C21mdk.x86_64.rpm 2897c385ffe1e5c5ee76d01114ad6bee x86_64/corporate/2.1/RPMS/libhylafax4.1.1-4.1.3-5.3.C21mdk.x86_64.rpm 674cef6c3e5b272e048218eb5e6ca8a2 x86_64/corporate/2.1/RPMS/libhylafax4.1.1-devel-4.1.3-5.3.C21mdk.x86_64.rpm 763f4270d854d27b53c83c378bf81151 x86_64/corporate/2.1/SRPMS/hylafax-4.1.3-5.3.C21mdk.src.rpm Corporate 3.0: 2d17a03f1ef3f420981fea8bf5ebc6ff corporate/3.0/RPMS/hylafax-4.1.8-2.3.C30mdk.i586.rpm ef93ab687c830d4699419eed55871c1d corporate/3.0/RPMS/hylafax-client-4.1.8-2.3.C30mdk.i586.rpm 8faf097e36be844cb3c8a4fcc7c75649 corporate/3.0/RPMS/hylafax-server-4.1.8-2.3.C30mdk.i586.rpm 3c90cd27d8ea5425c3ebc9e6ee492b18 corporate/3.0/RPMS/libhylafax4.1.1-4.1.8-2.3.C30mdk.i586.rpm c01ef9626e435416defde272371e87a9 corporate/3.0/RPMS/libhylafax4.1.1-devel-4.1.8-2.3.C30mdk.i586.rpm 97e37c030a7cebe18b11f661f970d23e corporate/3.0/SRPMS/hylafax-4.1.8-2.3.C30mdk.src.rpm Corporate 3.0/X86_64: 1e12ff7fbbcf33edc62482e5335235ae x86_64/corporate/3.0/RPMS/hylafax-4.1.8-2.3.C30mdk.x86_64.rpm 7b519165eb5b6c1fd8f70abc822f44c8 x86_64/corporate/3.0/RPMS/hylafax-client-4.1.8-2.3.C30mdk.x86_64.rpm d83092b4fec23beec97c7fde051d9313 x86_64/corporate/3.0/RPMS/hylafax-server-4.1.8-2.3.C30mdk.x86_64.rpm caf5f33b0eb919237378a1a683d5a933 x86_64/corporate/3.0/RPMS/lib64hylafax4.1.1-4.1.8-2.3.C30mdk.x86_64.rpm 3a5b5836bb53c4ace02d15c1a13d0086 x86_64/corporate/3.0/RPMS/lib64hylafax4.1.1-devel-4.1.8-2.3.C30mdk.x86_64.rpm 97e37c030a7cebe18b11f661f970d23e x86_64/corporate/3.0/SRPMS/hylafax-4.1.8-2.3.C30mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDRvLhmqjQ0CJFipgRAlULAKCPLF3KhIe4r7m5A5xDmQNy7XovmACgxv5h HW+zpFscZoq4KyAycexh98k= =XtSc -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
- 漏洞信息
19799 | |
HylaFax hyla.unix Temp File Socket Creation Issue | |
Vendor Verified |
- 漏洞描述
Unknown or Incomplete |
- 时间线
2005-09-21 | Unknow |
Unknow | Unknow |
- 解决方案
Unknown or Incomplete |
- 相关参考
|
漏洞作者
Unknown or Incomplete |
- 漏洞信息
HylaFAX Insecure UNIX Domain Socket Usage Vulnerability | |
Design Error | 15043 |
No | Yes |
2005-10-07 12:00:00 | 2009-07-12 05:06:00 |
Javier Fernandez-Sanguino Pena is credited with the discovery of this vulnerability. |
- 受影响的程序版本
Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 Mandriva Linux Mandrake 10.1 x86_64 Mandriva Linux Mandrake 10.1 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Corporate Server 2.1 Hylafax Hylafax 4.2.1 |
- 漏洞讨论
HylaFAX is susceptible to a local insecure UNIX domain socket usage vulnerability. This issue is due to a failure of the application to securely implement UNIX domain network communication. Attackers may gain access to the contents of fax messages containing potentially sensitive information, or deny fax services to legitimate users. Other attacks may also be possible. |
- 漏洞利用
An exploit is not required.
|
- 解决方案
Mandrive has released advisory MDKSA-2005:177, along with fixes to address this issue. Please see the referenced advisory for further information. Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>. Hylafax Hylafax 4.2.1
|