漏洞信息详情

xtell登录文件符号链接攻击

• CNNVD编号：CNNVD-200206-070
• 危害等级： 低危
  
• CVE编号： CVE-2002-0334
• 漏洞类型： 竞争条件
• 发布时间： 2002-06-25
• 威胁类型： 本地
• 更新时间： 2005-10-20
• 厂        商： xtell
• 漏洞来源： .');">Discovered by "Spy...

漏洞简介

xtell (xtelld) 1.91.1及其早期版本和2.7之前的2.x版本存在漏洞。本地用户借助.xtell-log文件中的一个符号链接攻击修改文件。

漏洞公告

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] . xtell xtell 1.91.1

• Debian xtell_1.91.1_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xtel l_1.91.1_alpha.deb
• Debian xtell_1.91.1_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/xtell_ 1.91.1_arm.deb
• Debian xtell_1.91.1_i386.deb http://security.debian.org/dists/stable/updates/main/binary-i386/xtell _1.91.1_i386.deb
• Debian xtell_1.91.1_m68k.deb http://security.debian.org/dists/stable/updates/main/binary-m68k/xtell _1.91.1_m68k.deb
• Debian xtell_1.91.1_powerpc.deb http://security.debian.org/dists/stable/updates/main/binary-powerpc/xt ell_1.91.1_powerpc.deb
• Debian xtell_1.91.1_sparc.deb http://security.debian.org/dists/stable/updates/main/binary-sparc/xtel l_1.91.1_sparc.deb

参考网址

来源: BID 名称: 4197 链接:http://www.securityfocus.com/bid/4197 来源: XF 名称: xtell-log-symlink(8314) 链接:http://www.iss.net/security_center/static/8314.php 来源: DEBIAN 名称: DSA-121 链接:http://www.debian.org/security/2002/dsa-121 来源: BUGTRAQ 名称: 20020227 Remote exploit against xtelld and other fun 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101494896516467&w=2

受影响实体

• Xtell Xtell:2.6.1  
• Xtell Xtell:1.91.1  

补丁

暂无