漏洞信息详情
S.u.S.E. Linux任意文件删除漏洞
- CNNVD编号:CNNVD-200005-014
- 危害等级: 低危
- CVE编号: CVE-2000-0293
- 漏洞类型: 访问验证错误
- 发布时间: 2000-05-02
- 威胁类型: 本地
- 更新时间: 2005-10-20
- 厂 商: suse
- 漏洞来源: ');">This vulnerability...
漏洞简介
SuSE Linux 6.3的aaa_base和早期版本的cron.daily 存在漏洞,本地用户可以通过生成包含空格文件名的文件删除任意文件。此时在从/tmp目录下删除过期文件时aaa_base便不能正确解析,
漏洞公告
A patch was included in the Bugtraq post which reported this problem. Updated RPM's have been provided by SuSE for versions 6.2, 6.3 and 6.4. It has been reported that the update for 6.2 was not effective, and as such, those running version 6.2 of SuSE Linux are still susceptible. It is not clear if the fixes for 6.3 and 6.4 were effective. The original information provided by SuSE was innaccurate; no fixes were present in the packages they claimed fixed this vulnerability. A later advisory by them resolved the problem. S.u.S.E. Linux 6.1 alpha
- S.u.S.E. 6.1 aaa_base-2000.5.2-0.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/6.1/a1/aaa_base-2000.5.2-0.alph a.rpm
- S.u.S.E. 6.1 aaa_base-2000.5.2-0.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/6.1/a1/aaa_base-2000.5.2-0.i38 6.rpm
- S.u.S.E. 6.2 aaa_base-2000.5.2-0.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/6.2/a1/aaa_base-2000.5.2-0.i38 6.rpm
- [email protected] aaa_base.patch http://www.securityfocus.com/data/vulnerabilities/patches/aaa_base.pat ch
- S.u.S.E. 6.3 aaa_base-2000.5.2-0.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/6.3/a1/aaa_base-2000.5.2-0.i38 6.rpm
- S.u.S.E. 6.3 aaa_base-2000.5.2-0.alpha.rpm ftp://ftp.suse.com/pub/suse/axp/update/6.3/a1/aaa_base-2000.5.2-0.alph a.rpm
- S.u.S.E. 6.4 aaa_base-2000.5.2-0.i386.rpm ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/aaa_base-2000.5.2-0.i38 6.rpm
参考网址
来源: BID 名称: 1130 链接:http://www.securityfocus.com/bid/1130
受影响实体
- Suse Suse_linux:6.0
- Suse Suse_linux:6.1
- Suse Suse_linux:6.1:Alpha
- Suse Suse_linux:6.2
- Suse Suse_linux:6.3
补丁
暂无
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
评论