|
|
多个系统mgetty符号连接漏洞
发布时间:2000-04-29
更新时间:2000-04-29
严重程度:中
威胁程度:本地拒绝服务
错误类型:竞争条件
利用方式:服务器模式
受影响系统Gert Doering mgetty 1.1.21
+ TurboLinux Turbo Linux 6.0.4
+ TurboLinux Turbo Linux 6.0.3
+ TurboLinux Turbo Linux 6.0.2
+ TurboLinux Turbo Linux 6.0.1
+ RedHat Linux 6.2E sparc
+ RedHat Linux 6.2E i386
+ RedHat Linux 6.2E alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ RedHat Linux 6.0 sparc
+ RedHat Linux 6.0 i386
+ RedHat Linux 6.0 alpha
- OpenBSD OpenBSD 2.7
+ MandrakeSoft Linux Mandrake 7.1
+ MandrakeSoft Linux Mandrake 7.0
+ MandrakeSoft Linux Mandrake 6.1
+ MandrakeSoft Linux Mandrake 6.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
+ Connectiva Linux 5.1
+ Connectiva Linux 5.0
+ Connectiva Linux 4.2
Gert Doering mgetty 1.1.20
+ TurboLinux Turbo Linux 6.0.4
+ TurboLinux Turbo Linux 6.0.3
+ TurboLinux Turbo Linux 6.0.2
+ TurboLinux Turbo Linux 6.0.1
+ RedHat Linux 6.2E sparc
+ RedHat Linux 6.2E i386
+ RedHat Linux 6.2E alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ RedHat Linux 6.0 sparc
+ RedHat Linux 6.0 i386
+ RedHat Linux 6.0 alpha
- OpenBSD OpenBSD 2.7
+ MandrakeSoft Linux Mandrake 7.1
+ MandrakeSoft Linux Mandrake 7.0
+ MandrakeSoft Linux Mandrake 6.1
+ MandrakeSoft Linux Mandrake 6.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
+ Connectiva Linux 5.1
+ Connectiva Linux 5.0
+ Connectiva Linux 4.2
Gert Doering mgetty 1.1.19
+ TurboLinux Turbo Linux 6.0.4
+ TurboLinux Turbo Linux 6.0.3
+ TurboLinux Turbo Linux 6.0.2
+ TurboLinux Turbo Linux 6.0.1
- Sun SunOS 4.1.4
- Sun SunOS 4.1.3
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
- SCO Open Desktop 3.2v4
+ RedHat Linux 6.2E sparc
+ RedHat Linux 6.2E i386
+ RedHat Linux 6.2E alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ RedHat Linux 6.0 sparc
+ RedHat Linux 6.0 i386
+ RedHat Linux 6.0 alpha
- OpenBSD OpenBSD 2.7
+ MandrakeSoft Linux Mandrake 7.1
+ MandrakeSoft Linux Mandrake 7.0
+ MandrakeSoft Linux Mandrake 6.1
+ MandrakeSoft Linux Mandrake 6.0
- IBM AIX 4.3
- IBM AIX 4.2
- IBM AIX 4.1
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
+ Connectiva Linux 5.1
+ Connectiva Linux 5.0
+ Connectiva Linux 4.2
其中没有受影响的版本是 Gert Doering mgetty 1.1.22
+ TurboLinux Turbo Linux 6.0.4
+ TurboLinux Turbo Linux 6.0.3
+ TurboLinux Turbo Linux 6.0.2
+ TurboLinux Turbo Linux 6.0.1
+ RedHat Linux 6.2E sparc
+ RedHat Linux 6.2E i386
+ RedHat Linux 6.2E alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ RedHat Linux 6.0 sparc
+ RedHat Linux 6.0 i386
+ RedHat Linux 6.0 alpha
- OpenBSD OpenBSD 2.7
+ MandrakeSoft Linux Mandrake 7.1
+ MandrakeSoft Linux Mandrake 7.0
+ MandrakeSoft Linux Mandrake 6.1
+ MandrakeSoft Linux Mandrake 6.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
+ Connectiva Linux 5.1
+ Connectiva Linux 5.0
+ Connectiva Linux 4.2 详细描述
在mgetty工具包中的faxrunq和faxrunqd程序中存在漏洞,可以导致本地用户
建立任意文件或者改动系统的任意文件,导致出现本地ROOT权限的获取。
faxrunq和faxrunqd 程序会跟随符号连接,通过在/var/spool/fax/outgoing
建立叫.last_run符号连接,运行faxrunqd或者faxrunq程序,可以建立任意文件,
存在的文件将被覆盖。
测试代码
mgetty是一个流行的GETTY替代工具包,支持FAX接受和传诵,运行在多个系统上。
ln -s /TEST /var/spoo/fax/outgoing/.lastrun
faxrunqd -l ttyS0
解决方案
升级程序:
Gert Doering mgetty 1.1.21:
Gert Doering upgrade mgetty 1.1.22
ftp://ftp.leo.org/pub/comp/os/unix/networking/mgetty/
Gert Doering mgetty 1.1.20:
Gert Doering upgrade mgetty 1.1.22
ftp://ftp.leo.org/pub/comp/os/unix/networking/mgetty/
Gert Doering mgetty 1.1.19:
Gert Doering upgrade mgetty 1.1.22
ftp://ftp.leo.org/pub/comp/os/unix/networking/mgetty/
相关信息
|
