CVE-2006-1057
CVSS3.7
发布时间 :2006-04-24 21:02:00
修订时间 :2011-08-10 00:00:00
NMCOPS    

[原文]Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.


[CNNVD]GNOME Foundation GDM .ICEauthority 不当文件权限漏洞 (CNNVD-200604-435)

        当GDM对.ICEauthority文件执行chown和chgrp操作时, GDM 2.14.1之前的版本中的daemon/slave.c中的竞争状态允许本地用户借助于符号链接攻击获取权限。

- CVSS (基础分值)

CVSS分值: 3.7 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-362 [使用共享资源的并发执行不恰当同步问题(竞争条件)]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10092Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1057
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-1057
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200604-435
(官方数据源) CNNVD

- 其它链接及资源

https://www.redhat.com/archives/fedora-announce-list/2006-April/msg00160.html
(PATCH)  FEDORA  FEDORA-2006-338
http://www.debian.org/security/2006/dsa-1040
(VENDOR_ADVISORY)  DEBIAN  DSA-1040
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303
(UNKNOWN)  CONFIRM  https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188303
http://xforce.iss.net/xforce/xfdb/26092
(UNKNOWN)  XF  gdm-slavec-symlink(26092)
http://www.vupen.com/english/advisories/2006/1465
(VENDOR_ADVISORY)  VUPEN  ADV-2006-1465
http://www.ubuntulinux.org/support/documentation/usn/usn-278-1
(UNKNOWN)  UBUNTU  USN-278-1
http://www.securityfocus.com/bid/17635
(UNKNOWN)  BID  17635
http://www.redhat.com/support/errata/RHSA-2007-0286.html
(UNKNOWN)  REDHAT  RHSA-2007:0286
http://www.mandriva.com/security/advisories?name=MDKSA-2006:083
(UNKNOWN)  MANDRIVA  MDKSA-2006:083
http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261
(UNKNOWN)  CONFIRM  http://cvs.gnome.org/viewcvs/gdm2/daemon/slave.c?r1=1.260&r2=1.261

- 漏洞信息

GNOME Foundation GDM .ICEauthority 不当文件权限漏洞
低危 竞争条件
2006-04-24 00:00:00 2006-09-05 00:00:00
本地  
        当GDM对.ICEauthority文件执行chown和chgrp操作时, GDM 2.14.1之前的版本中的daemon/slave.c中的竞争状态允许本地用户借助于符号链接攻击获取权限。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        GNOME GDM 2.8.0.5
        Ubuntu gdm_2.8.0.5-0ubuntu1.1_amd64.deb
        Ubuntu 5.10 (Breezy Badger)
        http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1 .1_amd64.deb
        Ubuntu gdm_2.8.0.5-0ubuntu1.1_i386.deb
        Ubuntu 5.10 (Breezy Badger)
        http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1 .1_i386.deb
        Ubuntu gdm_2.8.0.5-0ubuntu1.1_powerpc.deb
        Ubuntu 5.10 (Breezy Badger)
        http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1 .1_powerpc.deb
        GNOME GDM 2.6.0.8
        Debian gdm_2.6.0.8-1sarge2_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _alpha.deb
        Debian gdm_2.6.0.8-1sarge2_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _amd64.deb
        Debian gdm_2.6.0.8-1sarge2_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _arm.deb
        Debian gdm_2.6.0.8-1sarge2_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _hppa.deb
        Debian gdm_2.6.0.8-1sarge2_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _i386.deb
        Debian gdm_2.6.0.8-1sarge2_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _ia64.deb
        Debian gdm_2.6.0.8-1sarge2_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _m68k.deb
        Debian gdm_2.6.0.8-1sarge2_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _mips.deb
        Debian gdm_2.6.0.8-1sarge2_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _mipsel.deb
        Debian gdm_2.6.0.8-1sarge2_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _powerpc.deb
        Debian gdm_2.6.0.8-1sarge2_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _s390.deb
        Debian gdm_2.6.0.8-1sarge2_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gdm/gdm_2.6.0.8-1sarge2 _sparc.deb
        GNOME GDM 2.6.0.7
        Ubuntu gdm_2.6.0.7-0ubuntu7.1_amd64.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7 .1_amd64.deb
        Ubuntu gdm_2.6.0.7-0ubuntu7.1_i386.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7 .1_i386.deb
        Ubuntu gdm_2.6.0.7-0ubuntu7.1_powerpc.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7 .1_powerpc.deb
        GNOME GDM 2.8.0.4
        Mandriva gdm-2.8.0.4-1.1.20060mdk.i586.rpm
        Mandriva Linux 2006.0:
        http://wwwnew.mandriva.com/en/downloads/
        Mandriva gdm-2.8.0.4-1.1.20060mdk.x86_64.rpm
        Mandriva Linux 2006.0:
        http://wwwnew.mandriva.com/en/downloads/
        Mandriva gdm-Xnest-2.8.0.4-1.1.20060mdk.i586.rpm
        Mandriva Linux 2006.0:
        http://wwwnew.mandriva.com/en/downloads/
        Mandriva gdm-Xnest-2.8.0.4-1.1.20060mdk.x86_64.rpm
        Mandriva Linux 2006.0:
        http://wwwnew.mandriva.com/en/downloads/
        

- 漏洞信息 (F46099)

Ubuntu Security Notice 278-1 (PacketStormID:F46099)
2006-05-06 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,local,root
linux,ubuntu
CVE-2006-1057
[点击下载]

Ubuntu Security Notice 278-1 - Marcus Meissner discovered a race condition in gdm's handling of the ~/.ICEauthority file permissions. A local attacker could exploit this to become the owner of an arbitrary file in the system. When getting control over automatically executed scripts (like cron jobs), the attacker could eventually leverage this flaw to execute arbitrary commands with root privileges.

===========================================================
Ubuntu Security Notice USN-278-1	       May 03, 2006
gdm vulnerabilitiy
CVE-2006-1057
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

gdm

The problem can be corrected by upgrading the affected package to
version 2.6.0.7-0ubuntu7.1 (for Ubuntu 5.04) or 2.8.0.5-0ubuntu1.1
(for Ubuntu 5.10).  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Marcus Meissner discovered a race condition in gdm's handling of the
~/.ICEauthority file permissions. A local attacker could exploit this
to become the owner of an arbitrary file in the system. When getting
control over automatically executed scripts (like cron jobs), the
attacker could eventually leverage this flaw to execute arbitrary
commands with root privileges.


Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7.1.diff.gz
      Size/MD5:    68630 07276634f63f6cf6e3d3946661cf2939
    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7.1.dsc
      Size/MD5:      787 6e666f8da0735aee929c25a9818dd53a
    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7.orig.tar.gz
      Size/MD5:  5594495 50254890d9fbbec6b2d3455d4343f6e0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7.1_amd64.deb
      Size/MD5:  1382686 716ba56c1177162685a7198b46a28667

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7.1_i386.deb
      Size/MD5:  1343230 9bb1a76e6d0a8658f49ce787f6a66606

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.6.0.7-0ubuntu7.1_powerpc.deb
      Size/MD5:  1379750 bcaec993d57ce53221c920245495d3b8

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1.1.diff.gz
      Size/MD5:    65777 3181d42210c694ab595840f1359d5735
    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1.1.dsc
      Size/MD5:      820 0165df3317618487e8d39e60b5174c83
    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5.orig.tar.gz
      Size/MD5:  4226618 349b76492113ab814f2732d4ce3a49c2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1.1_amd64.deb
      Size/MD5:  1618080 7aa6c967d046d2876e577975e5c6759f

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1.1_i386.deb
      Size/MD5:  1559770 3dc875b89062d5572b2b2e84a8354434

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdm/gdm_2.8.0.5-0ubuntu1.1_powerpc.deb
      Size/MD5:  1571404 1ca7c072d5460d694af449719f2abc57
    

- 漏洞信息

31652
GNOME Display Manager (gdm) slave.c Symlink Race Condition
Local Access Required Race Condition
Vendor Verified

- 漏洞描述

- 时间线

2006-04-20 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

GNOME Foundation GDM .ICEauthority Improper File Permissions Vulnerability
Race Condition Error 17635
No Yes
2006-04-20 12:00:00 2007-05-01 11:19:00
Marcus Meissner is credited with the discovery of this vulnerability.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Fedora Core5
Red Hat Fedora Core4
Red Hat Enterprise Linux AS 4
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
GNOME GDM 2.14.1
GNOME GDM 2.8.0.5
GNOME GDM 2.8.0.4
GNOME GDM 2.6.0.8
GNOME GDM 2.6.0.7
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

GDM is prone to an improper file-permissions vulnerability.

An attacker can exploit this issue to gain access to sensitive or privileged information that may facilitate a complete compromise of the vulnerable computer.

- 漏洞利用

Attackers use standard utilities and applications to exploit this issue.

- 解决方案

This issue has been addressed in the latest CVS repository.

Please see the referenced vendor advisories for more information.


GNOME GDM 2.8.0.5

GNOME GDM 2.6.0.8

GNOME GDM 2.6.0.7

GNOME GDM 2.8.0.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站