漏洞信息详情
Arc不安全临时文件创建漏洞
- CNNVD编号:CNNVD-200510-076
- 危害等级: 低危
- CVE编号: CVE-2005-2992
- 漏洞类型: 访问验证错误
- 发布时间: 2005-10-13
- 威胁类型: 本地
- 更新时间: 2005-10-25
- 厂 商: arc
- 漏洞来源: [email protected]...
漏洞简介
Arc 5.21j之前版本允许本地用户借助临时文件上的symlink攻击,改写任意文件。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
ARC ARC 5.21 l
Debian arc_5.21l-1sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_alpha.deb
Debian arc_5.21l-1sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_amd64.deb
Debian arc_5.21l-1sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_arm.deb
Debian arc_5.21l-1sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_hppa.deb
Debian arc_5.21l-1sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_i386.deb
Debian arc_5.21l-1sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_ia64.deb
Debian arc_5.21l-1sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_m68k.deb
Debian arc_5.21l-1sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_mips.deb
Debian arc_5.21l-1sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_mipsel.deb
Debian arc_5.21l-1sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_powerpc.deb
Debian arc_5.21l-1sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_s390.deb
Debian arc_5.21l-1sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/a/arc/arc_5.21l-1sarge1_sparc.deb
参考网址
来源: DEBIAN
名称: DSA-843
链接:http://www.debian.org/security/2005/dsa-843
来源: SECUNIA
名称: 16805
链接:http://secunia.com/advisories/16805
来源: FULLDISC
名称: 20050920 Re: arc insecure temporary file creation
链接:http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0535.HTML
来源: BUGTRAQ
名称: 20050916 arc insecure temporary file creation
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=112689596714383&w=2
来源: SREASON
名称: 11
链接:http://securityreason.com/securityalert/11
来源: SECUNIA
名称: 17068
链接:http://secunia.com/advisories/17068
受影响实体
- Arc Arc:5.21j
补丁
暂无
评论