IRIX fsr_efs存在符号连接漏洞发布时间:2002-10-11 更新时间:2002-10-11 严重程度:中 威胁程度:本地拒绝服务 错误类型:访问验证错误 利用方式:服务器模式 BUGTRAQ ID:5897 受影响系统 SGI Freeware 1.0详细描述 IRIX操作系统下的fsr_efs工具存在漏洞。 fsr_efs会把信息写到/var/tmp/.fsrlast文件中,到运行的时候可以进行参考。不过fsr_efs写信息到文件的时候,没有正确进行符号连接检查,可导致攻击者利用符号连接破坏系统文件。 测试代码 无 解决方案 补丁下载: SGI Freeware 1.0: SGI IRIX 6.5: SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.1: SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.2: SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.3: SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.4: SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.5: SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.6: SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.7: SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.8: SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.9: SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.10: SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.11: SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.12: SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.13 m: SGI Patch patch4771.tar ftp://patches.sgi.com/support/free/security/patches/ SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.13: SGI Patch patch4772.tar ftp://patches.sgi.com/support/free/security/patches/ SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.14 m: SGI Patch patch4771.tar ftp://patches.sgi.com/support/free/security/patches/ SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.14: SGI Patch patch4772.tar ftp://patches.sgi.com/support/free/security/patches/ SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.15 m: SGI Patch patch4771.tar ftp://patches.sgi.com/support/free/security/patches/ SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.15: SGI Patch patch4772.tar ftp://patches.sgi.com/support/free/security/patches/ SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.16 m: SGI Patch patch4771.tar ftp://patches.sgi.com/support/free/security/patches/ SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.16: SGI Patch patch4772.tar ftp://patches.sgi.com/support/free/security/patches/ SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.17 m: SGI Patch patch4771.tar ftp://patches.sgi.com/support/free/security/patches/ SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX SGI IRIX 6.5.17: SGI Patch patch4772.tar ftp://patches.sgi.com/support/free/security/patches/ SGI Upgrade IRIX 6.5.18 http://www.sgi.com/software/software.html#IRIX 相关信息 参考:http://online.securityfocus.com/advisories/4526 |
