|
|
GNU Ada 编译器实时库临时文件建立不安全漏洞
发布时间:2002-02-18
更新时间:2002-02-18
严重程度:中
威胁程度:权限提升
错误类型:竞争条件
利用方式:服务器模式
BUGTRAQ ID:4086
受影响系统Ada Core Technologies Gnat Pro Native 3.12p
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Workstation 3.1.1
- Compaq OpenVMS 6.2 Alpha
- Compaq OpenVMS 6.2 VAX
- Compaq OpenVMS 7.1 VAX
- Compaq OpenVMS 7.1-2 Alpha
- Compaq OpenVMS 7.1Alpha
- Compaq OpenVMS 7.2 VAX
- Compaq OpenVMS 7.2-1H1 Alpha
- Compaq OpenVMS 7.2-2 Alpha
- Compaq OpenVMS 7.3 Alpha
- Compaq OpenVMS 7.3 VAX
- Compaq Tru64 5.0
- Compaq Tru64 5.0a
- Compaq Tru64 5.0f
- Compaq Tru64 5.1
- Compaq Tru64 5.1a
- Debian Linux 2.2 IA-32
- HP HP-UX 10.20
- HP HP-UX 11.0
- HP HP-UX 11.11
- HP HP-UX 11.20
- IBM AIX 4.3
- IBM AIX 4.3.1
- IBM AIX 4.3.2
- IBM AIX 4.3.3
- IBM AIX 5.1
- LynuxWorks LynxOS 2.2.1
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Linux Mandrake 8.1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0SP1
- Microsoft Windows NT Enterprise Server 4.0SP2
- Microsoft Windows NT Enterprise Server 4.0SP3
- Microsoft Windows NT Enterprise Server 4.0SP4
- Microsoft Windows NT Enterprise Server 4.0SP5
- Microsoft Windows NT Enterprise Server 4.0SP6
- Microsoft Windows NT Enterprise Server 4.0SP6a
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0SP1
- Microsoft Windows NT Server 4.0SP2
- Microsoft Windows NT Server 4.0SP3
- Microsoft Windows NT Server 4.0SP4
- Microsoft Windows NT Server 4.0SP5
- Microsoft Windows NT Server 4.0SP6
- Microsoft Windows NT Server 4.0SP6a
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0SP1
- Microsoft Windows NT Terminal Server 4.0SP2
- Microsoft Windows NT Terminal Server 4.0SP3
- Microsoft Windows NT Terminal Server 4.0SP4
- Microsoft Windows NT Terminal Server 4.0SP5
- Microsoft Windows NT Terminal Server 4.0SP6
- Microsoft Windows NT Terminal Server 4.0SP6a
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0SP1
- Microsoft Windows NT Workstation 4.0SP2
- Microsoft Windows NT Workstation 4.0SP3
- Microsoft Windows NT Workstation 4.0SP4
- Microsoft Windows NT Workstation 4.0SP5
- Microsoft Windows NT Workstation 4.0SP6
- Microsoft Windows NT Workstation 4.0SP6a
- RedHat Linux 7.0 i386
- RedHat Linux 7.1 i386
- RedHat Linux 7.2 i386
- S.u.S.E. Linux 7.1x86
- S.u.S.E. Linux 7.2i386
- S.u.S.E. Linux 7.3i386
- SGI IRIX 6.5.10f
- SGI IRIX 6.5.10m
- SGI IRIX 6.5.11f
- SGI IRIX 6.5.11m
- SGI IRIX 6.5.12f
- SGI IRIX 6.5.12m
- SGI IRIX 6.5.13f
- SGI IRIX 6.5.13m
- SGI IRIX 6.5.14f
- SGI IRIX 6.5.14m
- Slackware Linux 7.1
- Slackware Linux 8.0
- Sun Solaris 2.5.1
- Sun Solaris 2.6
- Sun Solaris 7.0
- Sun Solaris 8.0
Ada Core Technologies Gnat Pro Native 3.13p
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Workstation 3.1.1
- Compaq OpenVMS 6.2 Alpha
- Compaq OpenVMS 6.2 VAX
- Compaq OpenVMS 7.1 VAX
- Compaq OpenVMS 7.1-2 Alpha
- Compaq OpenVMS 7.1Alpha
- Compaq OpenVMS 7.2 VAX
- Compaq OpenVMS 7.2-1H1 Alpha
- Compaq OpenVMS 7.2-2 Alpha
- Compaq OpenVMS 7.3 Alpha
- Compaq OpenVMS 7.3 VAX
- Compaq Tru64 5.0
- Compaq Tru64 5.0a
- Compaq Tru64 5.0f
- Compaq Tru64 5.1
- Compaq Tru64 5.1a
- Debian Linux 2.2 IA-32
- HP HP-UX 10.20
- HP HP-UX 11.0
- HP HP-UX 11.11
- HP HP-UX 11.20
- IBM AIX 4.3
- IBM AIX 4.3.1
- IBM AIX 4.3.2
- IBM AIX 4.3.3
- IBM AIX 5.1
- LynuxWorks LynxOS 2.2.1
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Linux Mandrake 8.1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0SP1
- Microsoft Windows NT Enterprise Server 4.0SP2
- Microsoft Windows NT Enterprise Server 4.0SP3
- Microsoft Windows NT Enterprise Server 4.0SP4
- Microsoft Windows NT Enterprise Server 4.0SP5
- Microsoft Windows NT Enterprise Server 4.0SP6
- Microsoft Windows NT Enterprise Server 4.0SP6a
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0SP1
- Microsoft Windows NT Server 4.0SP2
- Microsoft Windows NT Server 4.0SP3
- Microsoft Windows NT Server 4.0SP4
- Microsoft Windows NT Server 4.0SP5
- Microsoft Windows NT Server 4.0SP6
- Microsoft Windows NT Server 4.0SP6a
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0SP1
- Microsoft Windows NT Terminal Server 4.0SP2
- Microsoft Windows NT Terminal Server 4.0SP3
- Microsoft Windows NT Terminal Server 4.0SP4
- Microsoft Windows NT Terminal Server 4.0SP5
- Microsoft Windows NT Terminal Server 4.0SP6
- Microsoft Windows NT Terminal Server 4.0SP6a
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0SP1
- Microsoft Windows NT Workstation 4.0SP2
- Microsoft Windows NT Workstation 4.0SP3
- Microsoft Windows NT Workstation 4.0SP4
- Microsoft Windows NT Workstation 4.0SP5
- Microsoft Windows NT Workstation 4.0SP6
- Microsoft Windows NT Workstation 4.0SP6a
- RedHat Linux 7.0 i386
- RedHat Linux 7.1 i386
- RedHat Linux 7.2 i386
- S.u.S.E. Linux 7.1x86
- S.u.S.E. Linux 7.2i386
- S.u.S.E. Linux 7.3i386
- SGI IRIX 6.5.10f
- SGI IRIX 6.5.10m
- SGI IRIX 6.5.11f
- SGI IRIX 6.5.11m
- SGI IRIX 6.5.12f
- SGI IRIX 6.5.12m
- SGI IRIX 6.5.13f
- SGI IRIX 6.5.13m
- SGI IRIX 6.5.14f
- SGI IRIX 6.5.14m
- Slackware Linux 7.1
- Slackware Linux 8.0
- Sun Solaris 2.5.1
- Sun Solaris 2.6
- Sun Solaris 7.0
- Sun Solaris 8.0
Ada Core Technologies Gnat Pro Native 3.14p
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Workstation 3.1.1
- Compaq OpenVMS 6.2 Alpha
- Compaq OpenVMS 6.2 VAX
- Compaq OpenVMS 7.1 VAX
- Compaq OpenVMS 7.1-2 Alpha
- Compaq OpenVMS 7.1Alpha
- Compaq OpenVMS 7.2 VAX
- Compaq OpenVMS 7.2-1H1 Alpha
- Compaq OpenVMS 7.2-2 Alpha
- Compaq OpenVMS 7.3 Alpha
- Compaq OpenVMS 7.3 VAX
- Compaq Tru64 5.0
- Compaq Tru64 5.0a
- Compaq Tru64 5.0f
- Compaq Tru64 5.1
- Compaq Tru64 5.1a
- Debian Linux 2.2 IA-32
- HP HP-UX 10.20
- HP HP-UX 11.0
- HP HP-UX 11.11
- HP HP-UX 11.20
- IBM AIX 4.3
- IBM AIX 4.3.1
- IBM AIX 4.3.2
- IBM AIX 4.3.3
- IBM AIX 5.1
- LynuxWorks LynxOS 2.2.1
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Linux Mandrake 8.1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Enterprise Server 4.0SP1
- Microsoft Windows NT Enterprise Server 4.0SP2
- Microsoft Windows NT Enterprise Server 4.0SP3
- Microsoft Windows NT Enterprise Server 4.0SP4
- Microsoft Windows NT Enterprise Server 4.0SP5
- Microsoft Windows NT Enterprise Server 4.0SP6
- Microsoft Windows NT Enterprise Server 4.0SP6a
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Server 4.0SP1
- Microsoft Windows NT Server 4.0SP2
- Microsoft Windows NT Server 4.0SP3
- Microsoft Windows NT Server 4.0SP4
- Microsoft Windows NT Server 4.0SP5
- Microsoft Windows NT Server 4.0SP6
- Microsoft Windows NT Server 4.0SP6a
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Terminal Server 4.0SP1
- Microsoft Windows NT Terminal Server 4.0SP2
- Microsoft Windows NT Terminal Server 4.0SP3
- Microsoft Windows NT Terminal Server 4.0SP4
- Microsoft Windows NT Terminal Server 4.0SP5
- Microsoft Windows NT Terminal Server 4.0SP6
- Microsoft Windows NT Terminal Server 4.0SP6a
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows NT Workstation 4.0SP1
- Microsoft Windows NT Workstation 4.0SP2
- Microsoft Windows NT Workstation 4.0SP3
- Microsoft Windows NT Workstation 4.0SP4
- Microsoft Windows NT Workstation 4.0SP5
- Microsoft Windows NT Workstation 4.0SP6
- Microsoft Windows NT Workstation 4.0SP6a
- RedHat Linux 7.0 i386
- RedHat Linux 7.1 i386
- RedHat Linux 7.2 i386
- S.u.S.E. Linux 7.1x86
- S.u.S.E. Linux 7.2i386
- S.u.S.E. Linux 7.3i386
- SGI IRIX 6.5.10f
- SGI IRIX 6.5.10m
- SGI IRIX 6.5.11f
- SGI IRIX 6.5.11m
- SGI IRIX 6.5.12f
- SGI IRIX 6.5.12m
- SGI IRIX 6.5.13f
- SGI IRIX 6.5.13m
- SGI IRIX 6.5.14f
- SGI IRIX 6.5.14m
- Slackware Linux 7.1
- Slackware Linux 8.0
- Sun Solaris 2.5.1
- Sun Solaris 2.6
- Sun Solaris 7.0
- Sun Solaris 8.0 详细描述
GNU Ada Compiler (Gnat) 是一款商业编译器使用于多种系统平台上。
Gnat 实时库当连接由编译器建立的两进制文件时使用例行程序会导致两进制程序
产生临时文件竞争条件漏洞。这是由于库使用不安全的tmpnam函数,此函数在生成
临时文件的时候没有检查临时文件存在。
测试代码
尚无
解决方案
请下载使用如下补丁程序:
http://cert.uni-stuttgart.de/files/fw/gnat-3.14p-mkstemp.diff.
相关信息
参考:http://www.securityfocus.com/archive/1/255734
相关主页:http://www.gnat.com/
|
