CVE-2006-3633
CVSS6.5
发布时间 :2006-07-26 21:04:00
修订时间 :2011-08-25 00:00:00
NMCOPS    

[原文]OSSP shiela 1.1.5 and earlier allows remote authenticated users to execute arbitrary commands on the CVS server via shell metacharacters in a filename that is committed.


[CNNVD]OSSP Shiela Shell命令执行漏洞(CNNVD-200607-452)

        OSSP shiela 1.1.5 及之前版本可以使远程认证用户借助提交的文件名中的shell元字符,在CVS服务器上执行任意命令。

- CVSS (基础分值)

CVSS分值: 6.5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-20 [输入验证不恰当]

- CPE (受影响的平台与产品)

cpe:/a:ossp:shiela:1.1.3
cpe:/a:ossp:shiela:0.9.2
cpe:/a:ossp:shiela:1.0.1
cpe:/a:ossp:shiela:1.1.4
cpe:/a:ossp:shiela:1.1.2
cpe:/a:ossp:shiela:1.1.1
cpe:/a:ossp:shiela:1.0.3
cpe:/a:ossp:shiela:0.9.1
cpe:/a:ossp:shiela:1.1.0
cpe:/a:ossp:shiela:1.1.5
cpe:/a:ossp:shiela:0.9.0
cpe:/a:ossp:shiela:1.0.0
cpe:/a:ossp:shiela:1.0.2
cpe:/a:ossp:shiela:1.0.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3633
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3633
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-452
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/27978
(PATCH)  XF  ossp-shiela-shell-command-execution(27978)
http://www.sourcefire.com/services/advisories/sa072506.html
(VENDOR_ADVISORY)  MISC  http://www.sourcefire.com/services/advisories/sa072506.html
http://www.securityfocus.com/bid/19199
(PATCH)  BID  19199
http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.014-shiela.html
(VENDOR_ADVISORY)  OPENPKG  OpenPKG-SA-2006.014
http://secunia.com/advisories/21209
(VENDOR_ADVISORY)  SECUNIA  21209
http://www.vupen.com/english/advisories/2006/2986
(VENDOR_ADVISORY)  VUPEN  ADV-2006-2986

- 漏洞信息

OSSP Shiela Shell命令执行漏洞
中危 输入验证
2006-07-26 00:00:00 2006-08-02 00:00:00
远程  
        OSSP shiela 1.1.5 及之前版本可以使远程认证用户借助提交的文件名中的shell元字符,在CVS服务器上执行任意命令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        OSSP Sheila 1.1.4
        OSSP shiela-1.1.7.tar.gz
        ftp://ftp.ossp.org/pkg/tool/shiela/shiela-1.1.7.tar.gz
        OSSP Sheila 1.1.5
        OSSP shiela-1.1.7.tar.gz
        ftp://ftp.ossp.org/pkg/tool/shiela/shiela-1.1.7.tar.gz
        

- 漏洞信息 (F48627)

OpenPKG Security Advisory 2006.14 (PacketStormID:F48627)
2006-07-28 00:00:00
OpenPKG Foundation  openpkg.org
advisory,arbitrary,shell,vulnerability,code execution
CVE-2006-3633
[点击下载]

OpenPKG Security Advisory OpenPKG-SA-2006.014 - Brian Caswell from Sourcefire discovered vulnerabilities in OSSP Shiela, a CVS repository access control and logging extension. The vulnerabilities allow arbitrary code execution during CVS file commits if a filename is specially crafted to contain shell commands.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

________________________________________________________________________

OpenPKG Security Advisory                            The OpenPKG Project
http://www.openpkg.org/security/                  http://www.openpkg.org
openpkg-security@openpkg.org                         openpkg@openpkg.org
OpenPKG-SA-2006.014                                          25-Jul-2006
________________________________________________________________________

Package:             shiela
Vulnerability:       arbitrary code execution
OpenPKG Specific:    no

Affected Releases:   Affected Packages:         Corrected Packages:
OpenPKG CURRENT      <= shiela-1.1.6-20051003   >= shiela-1.1.7-20060725
OpenPKG 2-STABLE     <= shiela-1.1.6-2.20060622 >= shiela-1.1.6-2.20060725
OpenPKG 2.5-RELEASE  <= shiela-1.1.6-2.5.0      >= shiela-1.1.6-2.5.1

Description:
  Brian Caswell from Sourcefire discovered [0] vulnerabilities in OSSP
  Shiela [1], a CVS repository access control and logging extension.
  The vulnerabilities allow arbitrary code execution during CVS file
  commits if a filename is specially crafted to contain shell commands.
  The Common Vulnerabilities and Exposures (CVE) project assigned the id
  CVE-2006-3633 [2] to the problem.

  Notice: OSSP shiela might be installed as a _copy_ into your CVSROOT
  area. If this is the case please do not forget to update this copy
  after updating the OpenPKG "shiela" package.
________________________________________________________________________

References:
  [0] http://www.sourcefire.com/services/advisories.html
  [1] http://www.ossp.org/pkg/tool/shiela/
  [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3633
________________________________________________________________________

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@openpkg.org>" (ID 63C4CB9F) of the
OpenPKG project which you can retrieve from http://pgp.openpkg.org and
hkp://pgp.openpkg.org. Follow the instructions on http://pgp.openpkg.org
for details on how to verify the integrity of this advisory.
________________________________________________________________________

-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@openpkg.org>

iD8DBQFExhowgHWT4GPEy58RAqebAKDrtzC7gPTTHwmeAM1MoHUc1Ur7KgCePwzH
hdc+Mfs8c6EYN858iSsuw2E=
=3m7l
-----END PGP SIGNATURE-----
    

- 漏洞信息

27557
OSSP shiela CVS Commit Arbitrary Command Execution

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-07-25 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.1.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

OSSP Shiela Shell Command Execution Vulnerability
Input Validation Error 19199
Yes Yes
2006-07-27 12:00:00 2006-07-28 07:22:00
Brian Caswell of Sourcefire discovered this issue.

- 受影响的程序版本

OSSP Sheila 1.1.5
+ Debian Linux 3.0
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Secure Web Server 3.2 i386
- S.u.S.E. Linux 8.0 i386
- S.u.S.E. Linux 8.0
- S.u.S.E. Linux 7.3 sparc
- S.u.S.E. Linux 7.3 ppc
- S.u.S.E. Linux 7.3 i386
- S.u.S.E. Linux 7.3
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.2
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ Slackware Linux 8.1
+ Slackware Linux 8.0
OSSP Sheila 1.1.4
+ Debian Linux 3.0
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Secure Web Server 3.2 i386
- S.u.S.E. Linux 8.0 i386
- S.u.S.E. Linux 8.0
- S.u.S.E. Linux 7.3 sparc
- S.u.S.E. Linux 7.3 ppc
- S.u.S.E. Linux 7.3 i386
- S.u.S.E. Linux 7.3
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.2
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ Slackware Linux 8.1
+ Slackware Linux 8.0
OpenPKG OpenPKG 2.5
OpenPKG OpenPKG 2.4
OpenPKG OpenPKG 2.3
OpenPKG OpenPKG 2.2
OpenPKG OpenPKG 2.1
OpenPKG OpenPKG 2.0
OpenPKG OpenPKG Current
OSSP Sheila 1.1.7
+ Debian Linux 3.0
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Secure Web Server 3.2 i386
- S.u.S.E. Linux 8.0 i386
- S.u.S.E. Linux 8.0
- S.u.S.E. Linux 7.3 sparc
- S.u.S.E. Linux 7.3 ppc
- S.u.S.E. Linux 7.3 i386
- S.u.S.E. Linux 7.3
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.2
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ Slackware Linux 8.1
+ Slackware Linux 8.0

- 不受影响的程序版本

OSSP Sheila 1.1.7
+ Debian Linux 3.0
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Secure Web Server 3.2 i386
- S.u.S.E. Linux 8.0 i386
- S.u.S.E. Linux 8.0
- S.u.S.E. Linux 7.3 sparc
- S.u.S.E. Linux 7.3 ppc
- S.u.S.E. Linux 7.3 i386
- S.u.S.E. Linux 7.3
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.2
- S.u.S.E. Linux 7.1 x86
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ Slackware Linux 8.1
+ Slackware Linux 8.0

- 漏洞讨论

OSSP Shiela is prone to a vulnerability that may permit the execution of arbitrary shell commands. This issue is due to the application's failure to properly sanitize user-supplied input before using it in a 'system()' function call.

This issue allows attackers to execute arbitrary shell commands with the privileges of users executing a vulnerable version of the application.

This issue reportedly affects versions 1.1.5 and prior; other versions may also be affected.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has released version 1.1.7 to address this issue.

Please see the referenced advisories for more information.


OSSP Sheila 1.1.4

OSSP Sheila 1.1.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站