漏洞信息详情
IBM Informix Dynamic Server '/tmp/installserver.txt'符号链接漏洞
- CNNVD编号:CNNVD-200610-076
- 危害等级: 低危
- CVE编号: CVE-2006-5163
- 漏洞类型: 竞争条件
- 发布时间: 2006-10-05
- 威胁类型: 本地
- 更新时间: 2006-10-06
- 厂 商: ibm
- 漏洞来源: .');">This vulnerability...
漏洞简介
IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux及可能的其他版本会创建具有不安全许可权的/tmp/installserver.txt,本地用户可以通过符号链接将数据附加到任意文件中。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
IBM Informix Client SDK 2.90
IBM IC50783
http://www-1.ibm.com/support/docview.wss?rs=630&context=SSGU8G&context =SSHPYE&dc=DB550&uid=swg1IC50783&loc=en_US&cs=utf-8&lang=en
IBM Informix IDS 10.0
IBM IC50784
http://www-1.ibm.com/support/docview.wss?rs=630&context=SSGU8G&context =SSHPYE&dc=DB550&uid=swg1IC50784&loc=en_US&cs=utf-8&lang=en
IBM IC50785
http://www-1.ibm.com/support/docview.wss?rs=630&context=SSGU8G&context =SSHPYE&dc=DB550&uid=swg1IC50785&loc=en_US&cs=utf-8&lang=en
IBM Informix Connect 2.90
IBM IC50786
http://www-1.ibm.com/support/docview.wss?rs=630&context=SSGU8G&context =SSHPYE&dc=DB550&uid=swg1IC50786&loc=en_US&cs=utf-8&lang=en
参考网址
来源: XF
名称: informix-install-script-weak-permissions(29300)
链接:http://xforce.iss.net/xforce/xfdb/29300
来源: XF
名称: informix-installserver-symlink(29297)
链接:http://xforce.iss.net/xforce/xfdb/29297
来源: BID
名称: 20300
链接:http://www.securityfocus.com/bid/20300
来源: BUGTRAQ
名称: 20061001 IBM Informix Dynamic Server V10.0 File Clobbering during Install
链接:http://www.securityfocus.com/archive/1/archive/1/447501/100/0/threaded
来源: SECUNIA
名称: 22223
链接:http://secunia.com/advisories/22223
来源: FULLDISC
名称: 20061001 IBM Informix Dynamic Server V10.0 File Clobbering during Install
链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-10/0013.HTML
来源: OSVDB
名称: 29349
链接:http://www.osvdb.org/29349
来源: VUPEN
名称: ADV-2006-3883
链接:http://www.frsirt.com/english/advisories/2006/3883
来源: SREASON
名称: 1686
链接:http://securityreason.com/securityalert/1686
受影响实体
- Ibm Informix_dynamic_server:10.Uc_rc1:Trial_linux
补丁
暂无
评论