Sun Solaris AT工具竞争条件漏洞发布时间:2003-02-12 更新时间:2003-02-12 严重程度:高 威胁程度:本地拒绝服务 错误类型:竞争条件 利用方式:服务器模式 BUGTRAQ ID:6693 受影响系统 Sun Solaris 2.5详细描述 Sun Solaris系统的at工具在删除一个任务前验证此任务的属主时存在竞争条件漏洞,因为at工具默认是以suid root属性安装的,结合at工具的其他漏洞(如'-r'选项漏洞),本地普通权限攻击者可能利用此漏洞删除系统上的任意文件。 解决方案 临时解决方案是去除at命令的suid位: # chmod u-s /usr/bin/at 厂商提供了如下补丁: Sun Solaris 2.5: Sun Solaris 2.5.1: Sun Solaris 2.6: Sun Solaris 7.0 _x86: Sun Patch 108320-03 http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108320&rev=03 Sun Solaris 7.0: Sun Patch 108319-03 http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108319&rev=03 Sun Solaris 8.0 _x86: Sun Patch 109008-09 http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109008&rev=09 Sun Patch 108876-13 http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108876&rev=13 Sun Solaris 8.0: Sun Patch 109007-09 http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109007&rev=09 Sun Patch 108875-13 http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108875&rev=13 Sun Solaris 9.0 _x86: Sun Patch 114136-01 http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114136&rev=01 Sun Solaris 9.0: Sun Patch 114135-01 http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114135&rev=01 相关信息 Wojciech Purczynski Security Vulnerability with the at(1) Command on Solaris http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F50161 |
