CVE-2006-0408
CVSS7.2
发布时间 :2006-01-24 21:03:00
修订时间 :2011-03-07 21:30:00
NMCOS    

[原文]rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments.


[CNNVD]Sun Grid Engine 未明漏洞(CNNVD-200601-309)

        Sun Grid Engine (SGE) 6.0u7_1之前版本中的rsh实用程序存在未明漏洞,本地用户可以通过可能与命令行参数有关的未明向量获取特权并执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:sun:grid_engine:6.0:update1Sun Sun Grid Engine 6.0u1
cpe:/a:sun:grid_engine:6.0:update4Sun Sun Grid Engine 6.0u4
cpe:/a:sun:grid_engine:6.0:update6Sun Sun Grid Engine 6.0u6
cpe:/a:sun:grid_engine:6.0:update7Sun Sun Grid Engine 6.0u7
cpe:/a:sun:grid_engine:6.0:update5Sun Sun Grid Engine 6.0u5
cpe:/a:sun:grid_engine:6.0:update3Sun Sun Grid Engine 6.0u3
cpe:/a:sun:grid_engine:6.0:update2Sun Sun Grid Engine 6.0u2
cpe:/a:sun:grid_engine:6.0Sun Sun Grid Engine 6.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0408
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0408
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200601-309
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/18580
(VENDOR_ADVISORY)  SECUNIA  18580
http://www.vupen.com/english/advisories/2006/0308
(UNKNOWN)  VUPEN  ADV-2006-0308
http://gridengine.sunsource.net/project/gridengine/60patches.txt
(UNKNOWN)  CONFIRM  http://gridengine.sunsource.net/project/gridengine/60patches.txt
http://xforce.iss.net/xforce/xfdb/24281
(UNKNOWN)  XF  sge-rsh-gain-privileges(24281)
http://www.securityfocus.com/bid/16366
(UNKNOWN)  BID  16366
http://securitytracker.com/id?1015531
(UNKNOWN)  SECTRACK  1015531

- 漏洞信息

Sun Grid Engine 未明漏洞
高危 资料不足
2006-01-24 00:00:00 2006-01-25 00:00:00
本地  
        Sun Grid Engine (SGE) 6.0u7_1之前版本中的rsh实用程序存在未明漏洞,本地用户可以通过可能与命令行参数有关的未明向量获取特权并执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Sun Grid Engine 6.0
        Sun 121956-01
        SPARC Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121956-01-1
        Sun 121957-01
        SPARC Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121957-01-1
        Sun 121960-01
        SPARC Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121960-01-1
        Sun 121961-01
        SPARC Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121961-01-1
        Sun Grid Engine 6.0 Update1
        Sun 121958-01
        x86 Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121958-01-1
        Sun 121959-01
        x86 Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121959-01-1
        Sun 121962-01
        x86 Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121962-01-1
        Sun 121963-01
        x86 Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121963-01-1
        Sun 121964-01
        Linux
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121964-01-1
        Sun 121965-01
        Linux
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121965-01-1
        Sun 121966-01
        AIX
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121966-01-1
        Sun 121967-01
        AIX
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121967-01-1
        Sun 121968-01
        MAC OS
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121968-01-1
        Sun 121969-01
        HP-UX
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121969-01-1
        Sun 121970-01
        IRIX
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121970-01-1
        Sun 121971-01
        Windows
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -121971-01-1
        Sun Grid Engine 5.3 32-bit SPARC
        Sun 113136-06
        SPARC Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113136-06-1
        Sun 113139-07
        SPARC Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113139-07-1
        Sun 113849-06
        SPARC Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113849-06-1
        Sun 113855-06
        SPARC Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113855-06-1
        Sun Grid Engine 5.3 64-bit SPARC
        Sun 113137-06
        SPARC Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113137-06-1
        Sun 113140-07
        SPARC Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113140-07-1
        Sun 113850-06
        SPARC Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113850-06-1
        Sun 113856-06
        SPARC Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113856-06-1
        Sun Grid Engine 5.3 Sun Linux
        Sun 113138-07
        x86 Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113138-07-1
        Sun 113851-06
        x86 Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113851-06-1
        Sun 113852-06
        Linux
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113852-06-1
        Sun 113900-05
        Linux
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -113900-05-1
        Sun 116658-03
        x86 Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -116658-03-1
        Sun 116659-03
        x86 Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -116659-03-1
        Sun 117293-02
        Linux
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -117293-02-1
        

- 漏洞信息

22749
Sun Grid Engine rsh Local Privilege Escalation

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-01-24 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 6.0u7_1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Sun Grid Engine Local Privilege Escalation Vulnerability
Unknown 16366
No Yes
2006-01-24 12:00:00 2007-06-27 10:18:00
The vendor disclosed this issue.

- 受影响的程序版本

Sun Grid Engine 5.3 x86
Sun Grid Engine 5.3 Sun Linux
Sun Grid Engine 5.3 64-bit SPARC
Sun Grid Engine 5.3 32-bit SPARC
Sun Grid Engine 6.0 Update7
Sun Grid Engine 6.0 Update6
Sun Grid Engine 6.0 Update5
Sun Grid Engine 6.0 Update4
Sun Grid Engine 6.0 Update3
Sun Grid Engine 6.0 Update2
Sun Grid Engine 6.0 Update1
Sun Grid Engine 6.0
Sun Grid Engine 6.0 Update7_1

- 不受影响的程序版本

Sun Grid Engine 6.0 Update7_1

- 漏洞讨论

Sun Grid Engine is susceptible to a local privilege-escalation vulnerability.

This issue allows local users to gain superuser privileges, facilitating the complete compromise of affected computers.

Sun Grid Engine versions prior to 6.0u7_1 are vulnerable to this issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

The vendor has released Sun Alert ID 102268 along with fixes to address this issue. Please see the referenced alert for information on obtaining fixes.


Sun Grid Engine 6.0

Sun Grid Engine 6.0 Update1

Sun Grid Engine 5.3 32-bit SPARC

Sun Grid Engine 5.3 64-bit SPARC

Sun Grid Engine 5.3 Sun Linux

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站