SGI IRIX名字服务守护进程LDAP用户口令绕过漏洞

发布时间：2003-05-25
更新时间：2003-05-25
严重程度：高
威胁程度：远程非授权文件存取
错误类型：设计错误
利用方式：服务器模式

BUGTRAQ ID：7442
CVE(CAN) ID：CAN-2003-0174

受影响系统

SGI IRIX 6.5
SGI IRIX 6.5.1
SGI IRIX 6.5.2 m
SGI IRIX 6.5.2 f
SGI IRIX 6.5.2
SGI IRIX 6.5.3 m
SGI IRIX 6.5.3 f
SGI IRIX 6.5.3
SGI IRIX 6.5.4 m
SGI IRIX 6.5.4 f
SGI IRIX 6.5.4
SGI IRIX 6.5.5 m
SGI IRIX 6.5.5 f
SGI IRIX 6.5.5
SGI IRIX 6.5.6 m
SGI IRIX 6.5.6 f
SGI IRIX 6.5.6
SGI IRIX 6.5.7 m
SGI IRIX 6.5.7 f
SGI IRIX 6.5.7
SGI IRIX 6.5.8 m
SGI IRIX 6.5.8 f
SGI IRIX 6.5.8
SGI IRIX 6.5.9 m
SGI IRIX 6.5.9 f
SGI IRIX 6.5.9
SGI IRIX 6.5.10 m
SGI IRIX 6.5.10 f
SGI IRIX 6.5.10
SGI IRIX 6.5.11 m
SGI IRIX 6.5.11 f
SGI IRIX 6.5.11
SGI IRIX 6.5.12 m
SGI IRIX 6.5.12 f
SGI IRIX 6.5.12
SGI IRIX 6.5.13 m
SGI IRIX 6.5.13 f
SGI IRIX 6.5.13
SGI IRIX 6.5.14 m
SGI IRIX 6.5.14 f
SGI IRIX 6.5.14
SGI IRIX 6.5.15 m
SGI IRIX 6.5.15 f
SGI IRIX 6.5.15
SGI IRIX 6.5.16 m
SGI IRIX 6.5.16 f
SGI IRIX 6.5.16
SGI IRIX 6.5.17 m
SGI IRIX 6.5.17 f
SGI IRIX 6.5.17
SGI IRIX 6.5.18 m
SGI IRIX 6.5.18 f
SGI IRIX 6.5.18
SGI IRIX 6.5.19 m
SGI IRIX 6.5.19 f
SGI IRIX 6.5.19

详细描述
SGI IRIX的LDAP实现没有正确处理来自其他LDAP服务的某些属性，这可能导致远程用户获得对服务器的非法访问。

解决方案
厂商已经提供了补丁：

SGI IRIX 6.5.15 m:
     SGI Patch patch5063.tar
     ftp://patches.sgi.com/support/free/security/patches/6.5.15/patch5063.tar
SGI IRIX 6.5.15 f:
     SGI Patch patch5063.tar
     ftp://patches.sgi.com/support/free/security/patches/6.5.15/patch5063.tar
SGI IRIX 6.5.15:
     SGI Patch patch5063.tar
     ftp://patches.sgi.com/support/free/security/patches/6.5.15/patch5063.tar
SGI IRIX 6.5.16 m:
     SGI Patch patch5063.tar
     ftp://patches.sgi.com/support/free/security/patches/6.5.15/patch5063.tar
SGI IRIX 6.5.16 f:
     SGI Patch patch5063.tar
     ftp://patches.sgi.com/support/free/security/patches/6.5.15/patch5063.tar
SGI IRIX 6.5.16:
     SGI Patch patch5063.tar
     ftp://patches.sgi.com/support/free/security/patches/6.5.15/patch5063.tar
SGI IRIX 6.5.17 m:
     SGI Patch patch5063.tar
     ftp://patches.sgi.com/support/free/security/patches/6.5.15/patch5063.tar
SGI IRIX 6.5.17 f:
     SGI Patch patch5063.tar
     ftp://patches.sgi.com/support/free/security/patches/6.5.15/patch5063.tar
SGI IRIX 6.5.17:
     SGI Patch patch5063.tar
     ftp://patches.sgi.com/support/free/security/patches/6.5.15/patch5063.tar
SGI IRIX 6.5.18 m:
     SGI Patch patch5063.tar
     ftp://patches.sgi.com/support/free/security/patches/6.5.15/patch5063.tar
SGI IRIX 6.5.18 f:
     SGI Patch patch5063.tar
     ftp://patches.sgi.com/support/free/security/patches/6.5.15/patch5063.tar
SGI IRIX 6.5.18:
     SGI Patch patch5063.tar
     ftp://patches.sgi.com/support/free/security/patches/6.5.15/patch5063.tar
SGI IRIX 6.5.19 m:
     SGI Patch patch5063.tar
     ftp://patches.sgi.com/support/free/security/patches/6.5.15/patch5063.tar
SGI IRIX 6.5.19 f:
     SGI Patch patch5063.tar
     ftp://patches.sgi.com/support/free/security/patches/6.5.15/patch5063.tar
SGI IRIX 6.5.19:
     SGI Patch patch5063.tar
     ftp://patches.sgi.com/support/free/security/patches/6.5.15/patch5063.tar

相关信息
20030407-01-P: Vulnerability in nsd LDAP Implementation
http://online.securityfocus.com/advisories/5324

最近严重漏洞

SGI IRIX名字服务守护进程LDAP用户口令绕过漏洞