UnixWare 7.1.1 Open UNIX 8.0.0 : ppptalk ROOT权限漏洞发布时间:2002-06-19 更新时间:2002-06-19 严重程度:高 威胁程度:本地管理员权限 错误类型:边界检查错误 利用方式:服务器模式 受影响系统 UnixWare 7.1.1 /usr/bin/ppptalk详细描述 如果运行了pppd,恶意用户可以使用use /usr/bin/ppptalk获得ROOT权利。 测试代码 尚无 解决方案 UnixWare 7.1.1 4.1 Location of Fixed Binaries ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.27 4.2 验证 MD5 (erg712071.pkg.Z) = 9e353b58860c1b2ab4e831410f44fa12 md5 is available for download from ftp://ftp.caldera.com/pub/security/tools 4.3 安装 Upgrade the affected binaries with the following commands: Download erg712071.pkg.Z to the /var/spool/pkg directory # uncompress /var/spool/pkg/erg712071.pkg.Z # pkgadd -d /var/spool/pkg/erg712071.pkg 5. Open UNIX 8.0.0 5.1 Location of Fixed Binaries ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.27 5.2 验证 MD5 (erg712071.pkg.Z) = 9e353b58860c1b2ab4e831410f44fa12 md5 is available for download from ftp://ftp.caldera.com/pub/security/tools 5.3 安装 Upgrade the affected binaries with the following commands: Download erg712071.pkg.Z to the /var/spool/pkg directory # uncompress /var/spool/pkg/erg712071.pkg.Z # pkgadd -d /var/spool/pkg/erg712071.pkg 相关信息 参考:http://archives.neohapsis.com/archives/bugtraq/2002-06/0219.html |
