CVE-2006-2147
CVSS3.6
发布时间 :2006-05-02 16:02:00
修订时间 :2011-03-07 21:35:26
NMCO    

[原文]resmgrd in resmgr for SUSE Linux and other distributions does not properly handle when access to a USB device is granted by using "usb:<bus>,<dev>" notation, which grants access to all USB devices and allows local users to bypass intended restrictions. NOTE: this is a different vulnerability than CVE-2005-4788.


[CNNVD]SUSE Linux USB 权限许可和访问控制漏洞(CNNVD-200605-025)

        SUSE Linux及其它分布的resmgr中的resmgrd在使用"usb:,"符号授予USB设备访问权时,不能进行正确处理。 这会授予对所有USB设备的访问权,使本地用户绕过预期的限制。

- CVSS (基础分值)

CVSS分值: 3.6 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2147
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2147
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200605-025
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2006/dsa-1047
(PATCH)  DEBIAN  DSA-1047
http://lists.suse.com/archive/suse-security-announce/2006-Feb/0008.html
(PATCH)  SUSE  SUSE-SR:2006:004
http://www.vupen.com/english/advisories/2006/1592
(UNKNOWN)  VUPEN  ADV-2006-1592
http://xforce.iss.net/xforce/xfdb/26160
(UNKNOWN)  XF  resmgr-security-bypass(26160)
http://www.securityfocus.com/bid/17752
(UNKNOWN)  BID  17752
http://secunia.com/advisories/19898
(UNKNOWN)  SECUNIA  19898
http://secunia.com/advisories/19887
(UNKNOWN)  SECUNIA  19887

- 漏洞信息

SUSE Linux USB 权限许可和访问控制漏洞
低危 设计错误
2006-05-02 00:00:00 2006-05-03 00:00:00
本地  
        SUSE Linux及其它分布的resmgr中的resmgrd在使用"usb:,"符号授予USB设备访问权时,不能进行正确处理。 这会授予对所有USB设备的访问权,使本地用户绕过预期的限制。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        resmgr resmgr 1.0
        Debian libresmgr-dev_1.0-2sarge2_alpha.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.
        0-2sarge2_alpha.deb
        Debian libresmgr-dev_1.0-2sarge2_amd64.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.
        0-2sarge2_amd64.deb
        Debian libresmgr-dev_1.0-2sarge2_arm.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.
        0-2sarge2_arm.deb
        Debian libresmgr-dev_1.0-2sarge2_hppa.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.
        0-2sarge2_hppa.deb
        Debian libresmgr-dev_1.0-2sarge2_i386.deb Debian GNU/Linux 3.1 alias sarg
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.
        0-2sarge2_i386.deb
        Debian libresmgr-dev_1.0-2sarge2_ia64.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.
        0-2sarge2_ia64.deb
        Debian libresmgr-dev_1.0-2sarge2_m68k.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.
        0-2sarge2_m68k.deb
        Debian libresmgr-dev_1.0-2sarge2_mips.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.
        0-2sarge2_mips.deb
        Debian libresmgr-dev_1.0-2sarge2_mipsel.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.
        0-2sarge2_mipsel.deb
        Debian libresmgr-dev_1.0-2sarge2_powerpc.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.
        0-2sarge2_powerpc.deb
        Debian libresmgr-dev_1.0-2sarge2_s390.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.
        0-2sarge2_s390.deb
        Debian libresmgr-dev_1.0-2sarge2_sparc.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr-dev_1.
        0-2sarge2_sparc.deb
        Debian libresmgr1_1.0-2sarge2_alpha.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2
        sarge2_alpha.deb
        Debian libresmgr1_1.0-2sarge2_amd64.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2
        sarge2_amd64.deb
        Debian libresmgr1_1.0-2sarge2_arm.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2
        sarge2_arm.deb
        Debian libresmgr1_1.0-2sarge2_hppa.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2
        sarge2_hppa.deb
        Debian libresmgr1_1.0-2sarge2_i386.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2
        sarge2_i386.deb
        Debian libresmgr1_1.0-2sarge2_ia64.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2
        sarge2_ia64.deb
        Debian libresmgr1_1.0-2sarge2_m68k.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2
        sarge2_m68k.deb
        Debian libresmgr1_1.0-2sarge2_mips.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2
        sarge2_mips.deb
        Debian libresmgr1_1.0-2sarge2_mipsel.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2
        sarge2_mipsel.deb
        Debian libresmgr1_1.0-2sarge2_powerpc.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2
        sarge2_powerpc.deb
        Debian libresmgr1_1.0-2sarge2_s390.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2
        sarge2_s390.deb
        Debian libresmgr1_1.0-2sarge2_sparc.deb Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/r/resmgr/libresmgr1_1.0-2
        sarge2_sparc.deb
        Debian resmgr_1.0-2sarge2_alpha.de

- 漏洞信息

25121
Resource Manager resmgrd USB Device Access Granting Weakness

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-04-30 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站