发布时间 :2006-06-26 06:06:00
修订时间 :2011-03-07 21:35:31

[原文]Unspecified vulnerability in pinball 0.3.1 allows local users to gain privileges via unknown attack vectors that cause pinball to load plugins from an attacker-controlled directory while operating at raised privileges.

[CNNVD]pinball 未明漏洞(CNNVD-200606-500)

        pinball 0.3.1存在未明漏洞。本地用户可以借助在以提升的权限操作时能使pinball从攻击者控制的目录加载插件的未知攻击向量,来获得特权。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  VUPEN  ADV-2006-2535
(UNKNOWN)  XF  emilia-pinball-plugins-privilege-escalation(27420)

- 漏洞信息

pinball 未明漏洞
中危 未知
2006-06-26 00:00:00 2006-06-27 00:00:00
        pinball 0.3.1存在未明漏洞。本地用户可以借助在以提升的权限操作时能使pinball从攻击者控制的目录加载插件的未知攻击向量,来获得特权。

- 公告与补丁


- 漏洞信息 (F47785)

Debian Linux Security Advisory 1102-1 (PacketStormID:F47785)
2006-06-27 00:00:00

Debian Security Advisory 1102-1 - Steve Kemp from the Debian Security Audit project discovered that pinball, a pinball simulator, can be tricked into loading level plugins from user-controlled directories without dropping privileges.

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1102-1                                           Steve Kemp
June 26th, 2006               
- --------------------------------------------------------------------------

Package        : pinball
Vulnerability  : design error
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2006-2196

Steve Kemp from the Debian Security Audit project discovered that
pinball, a pinball simulator, can be tricked into loading level
plugins from user-controlled directories without dropping privileges.

The old stable distribution (woody) does not contain this package.

For the stable distribution (sarge) this problem has been fixed in
version 0.3.1-3sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.3.1-6.

We recommend that you upgrade your pinball package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:
      Size/MD5 checksum:      811 17ac5604e5bb7e13b938d84012c6ea7c
      Size/MD5 checksum:   320626 5473ae87027018899b08f12c34ddd538
      Size/MD5 checksum:  6082982 f28e8f49e0db8e9491e4d9f0c13c36c6

  Architecture independent components:
      Size/MD5 checksum:  5542524 c586ed47103f89443cf32f57984ac95c

  Alpha architecture:
      Size/MD5 checksum:   189898 6168d325d265c72da1007aaa83c7b9bd
      Size/MD5 checksum:   325654 caeae82e416a40ad943ff38ce8c5eb98

  AMD64 architecture:
      Size/MD5 checksum:   167050 af8664da7ef5e0d1fd1e1eb86e2a7fc1
      Size/MD5 checksum:   242432 36c44eed9de2d48089e7c396e270c98e

  ARM architecture:
      Size/MD5 checksum:   193056 52d5e3fb06e529326ae361f739915169
      Size/MD5 checksum:   294198 4bc5b7e9d5b1cc0f0b90f91290cf0999

  Intel IA-32 architecture:
      Size/MD5 checksum:   159576 b7fcaf42621d2c356de66c90ea19fab0
      Size/MD5 checksum:   219780 7a4877a175b976ca20d25040e0fcab11

  Intel IA-64 architecture:
      Size/MD5 checksum:   221146 717fb85a21f4bd4a535200a7420e16b9
      Size/MD5 checksum:   315856 a9a8496a1d029a0d64afb00b0c5fd116

  HP Precision architecture:
      Size/MD5 checksum:   191708 e97c652fb430dbaeb5d367f196ea1ba0
      Size/MD5 checksum:   300260 606404a0da99b9884229bee10849413e

  Motorola 680x0 architecture:
      Size/MD5 checksum:   160442 1ff1dd9d285de6e7300f8e7eb027c766
      Size/MD5 checksum:   223038 a7a4a5a997a05cf929b45529cd81942f

  Big endian MIPS architecture:
      Size/MD5 checksum:   166400 05f3ea274037ffb1a2b76fa5a802ff87
      Size/MD5 checksum:   263344 ab1b99a12b3be3151f84e94a6073b27f

  Little endian MIPS architecture:
      Size/MD5 checksum:   165114 5275bf21b63a2a2c30148d7a7a3aface
      Size/MD5 checksum:   263394 f287e3ee0a11745580f175585112632b

  PowerPC architecture:
      Size/MD5 checksum:   170788 bb51f1dc4d1f9a5cd7b244111b61bb42
      Size/MD5 checksum:   245192 d390d54045f7ac70bf63164ba672a4d0

  IBM S/390 architecture:
      Size/MD5 checksum:   152218 873670da1cc02dbe495c7254d4c5e316
      Size/MD5 checksum:   214592 074ea5085ed5c727b9e4fcf9ce0574c2

  Sun Sparc architecture:
      Size/MD5 checksum:   159116 43ba78279f91e1da5268c71af524b3ab
      Size/MD5 checksum:   233376 ec2531c5979bc0e6df6ec5f34d4d7d48

  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list:
Package info: `apt-cache show <pkg>' and<pkg>

Version: GnuPG v1.4.3 (GNU/Linux)



- 漏洞信息

Emilia Pinball Arbitrary Plugin Privilege Escalation
Local Access Required Denial of Service
Loss of Availability
Exploit Unknown

- 漏洞描述

Emilia Pinball contains a flaw that may allow a local denial of service. The issue is triggered when an unspecified error occurs when loading compiled plugins, and will result in loss of availability for the system.

- 时间线

2006-06-26 Unknow
Unknow Unknow

- 解决方案

Upgrade to version Fixed in version 0.3.1-6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者