CVE-2014-2583
CVSS5.8
发布时间 :2014-04-10 16:29:20
修订时间 :2016-12-02 22:01:04
NMCPS    

[原文]Multiple directory traversal vulnerabilities in pam_timestamp.c in the pam_timestamp module for Linux-PAM (aka pam) 1.1.8 allow local users to create arbitrary files or possibly bypass authentication via a .. (dot dot) in the (1) PAM_RUSER value to the get_ruser function or (2) PAM_TTY value to the check_tty function, which is used by the format_timestamp_name function.


[CNNVD]Linux-PAM pam_timestamp模块目录遍历漏洞(CNNVD-201404-121)

        

Linux-PAM(也称PAM)是一种用于Linux平台中的认证机制,它通过提供一些动态链接库和一套统一的API,使系统管理员可以自由选择应用程序使用的验证机制。pam_timestamp是其中的一个身份验证缓存模块。

Linux-PAM 1.1.8版本的pam_timestamp模块中的pam_timestamp.c文件存在目录遍历漏洞,该漏洞源于‘get_ruser’函数没有充分过滤PAM_RUSER值,‘check_tty’函数没有充分过滤PAM_TTY值。本地攻击者可借助目录遍历字符‘..’利用该漏洞创建任意文件或绕过身份验证。

- CVSS (基础分值)

CVSS分值: 5.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-22 [对路径名的限制不恰当(路径遍历)]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:25284SUSE-SU-2014:0631-1 -- Security update for pam
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2583
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2583
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-201404-121
(官方数据源) CNNVD

- 其它链接及资源

http://www.openwall.com/lists/oss-security/2014/03/24/5
(UNKNOWN)  MLIST  [oss-security] 20140324 pam_timestamp internals
http://www.openwall.com/lists/oss-security/2014/03/26/10
(UNKNOWN)  MLIST  [oss-security] 20140326 Re: pam_timestamp internals
http://www.openwall.com/lists/oss-security/2014/03/31/6
(UNKNOWN)  MLIST  [oss-security] 20140331 Re: pam_timestamp internals
http://www.securityfocus.com/bid/66493
(UNKNOWN)  BID  66493
http://www.ubuntu.com/usn/USN-2935-1
(UNKNOWN)  UBUNTU  USN-2935-1
http://www.ubuntu.com/usn/USN-2935-2
(UNKNOWN)  UBUNTU  USN-2935-2
http://www.ubuntu.com/usn/USN-2935-3
(UNKNOWN)  UBUNTU  USN-2935-3
https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8
(PATCH)  CONFIRM  https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8
https://security.gentoo.org/glsa/201605-05
(UNKNOWN)  GENTOO  GLSA-201605-05

- 漏洞信息

Linux-PAM pam_timestamp模块目录遍历漏洞
中危 路径遍历
2014-04-14 00:00:00 2014-04-14 00:00:00
远程  
        

Linux-PAM(也称PAM)是一种用于Linux平台中的认证机制,它通过提供一些动态链接库和一套统一的API,使系统管理员可以自由选择应用程序使用的验证机制。pam_timestamp是其中的一个身份验证缓存模块。

Linux-PAM 1.1.8版本的pam_timestamp模块中的pam_timestamp.c文件存在目录遍历漏洞,该漏洞源于‘get_ruser’函数没有充分过滤PAM_RUSER值,‘check_tty’函数没有充分过滤PAM_TTY值。本地攻击者可借助目录遍历字符‘..’利用该漏洞创建任意文件或绕过身份验证。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.linux-pam.org/

- 漏洞信息 (F137238)

Gentoo Linux Security Advisory 201605-05 (PacketStormID:F137238)
2016-05-31 00:00:00
Gentoo  security.gentoo.org
advisory,remote,denial of service,vulnerability
linux,gentoo
CVE-2013-7041,CVE-2014-2583,CVE-2015-3238
[点击下载]

Gentoo Linux Security Advisory 201605-5 - Multiple vulnerabilities have been found in Linux-PAM, allowing remote attackers to bypass the auth process and cause Denial of Service. Versions less than 1.2.1 are affected.

From: Yury German <blueknight@gentoo.org>
To: gentoo-announce@lists.gentoo.org
Message-ID: <9d33ce68-d078-f5b5-4a78-c18388b34003@gentoo.org>
Subject: [ GLSA 201605-05 ] Linux-PAM: Multiple vulnerabilities




- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201605-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: Linux-PAM: Multiple vulnerabilities
     Date: May 31, 2016
     Bugs: #493432, #505604, #553302
       ID: 201605-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in Linux-PAM, allowing remote
attackers to bypass the auth process and cause Denial of Service.

Background
==========

Linux-PAM (Pluggable Authentication Modules) is an architecture
allowing the separation of the development of privilege granting
software from the development of secure and appropriate authentication
schemes.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  sys-libs/pam                 < 1.2.1                    >= 1.2.1

Description
===========

Multiple vulnerabilities have been discovered in Linux-PAM.  Please
review the CVE identifiers referenced below for details.

Impact
======

Remote attackers could cause Denial of Service, conduct brute force
attacks, and conduct username enumeration.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Linux-PAM users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=sys-libs/pam-1.2.1"

References
==========

[ 1 ] CVE-2013-7041
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7041
[ 2 ] CVE-2014-2583
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2583
[ 3 ] CVE-2015-3238
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3238
[ 4 ] CVE-2015-3238
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3238

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201605-05

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



--6VU9icmgeIXuOB5H0r1BNdlOc7kBIb5uN
    

- 漏洞信息

Linux-PAM 'format_timestamp_name()' Function Directory Traversal Vulnerability
Input Validation Error 66493
Yes No
2014-03-24 12:00:00 2014-03-24 12:00:00
Sebastian Krahmer

- 受影响的程序版本

- 漏洞讨论

Linux-PAM is prone to a directory-traversal vulnerability.

Remote attackers can use specially crafted requests with directory-traversal sequences ('../') to create or overwrite arbitrary files in the context of the application. This may aid in authentication bypass.

- 漏洞利用

An attacker can use readily available tools to exploit this issue.

- 解决方案

Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站