漏洞信息详情
Apport 本地任意文件删除漏洞
- CNNVD编号:CNNVD-200904-556
- 危害等级: 低危
- CVE编号: CVE-2009-1295
- 漏洞类型: 配置错误
- 发布时间: 2009-04-30
- 威胁类型: 本地
- 更新时间: 2009-05-15
- 厂 商: apport
- 漏洞来源: Stephane Chazelas
漏洞简介
Ubuntu 8.04 LTS平台上的Apport 0.108.4之前版本,Ubuntu 8.10平台上的0.119.2之前版本以及Ubuntu 9.04平台上的1.0-0ubuntu5.2之前版本没有正确的从应用程序的崩溃-报告目录中移除文件,这使得本地用户可以借助未明向量,删除任意文件。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu apport-gtk_0.108.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apport/apport-gtk_0.108. 4_all.deb Ubuntu apport-qt_0.108.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apport/apport-qt_0.108.4 _all.deb Ubuntu apport-retrace_0.108.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apport/apport-retrace_0. 108.4_all.deb Ubuntu apport_0.108.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apport/apport_0.108.4_al l.deb Ubuntu python-apport_0.108.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apport/python-apport_0.108.4_all.debUbuntu python-problem-report_0.108.4_all.deb http://security.ubuntu.com/ubuntu/pool/main/a/apport/python-problem-re port_0.108.4_all.deb Ubuntu Ubuntu Linux 8.10 lpia Ubuntu apport-gtk_0.119.2_all.deb
Ubuntu apport-retrace_0.108.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/apport-retrace_0. 108.4_all.deb
Ubuntu apport_0.108.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/apport_0.108.4_al l.deb
Ubuntu python-apport_0.108.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/python-apport_0.1 08.4_all.deb
Ubuntu python-problem-report_0.108.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/python-problem-re port_0.108.4_all.deb
Ubuntu Ubuntu Linux 9.04 i386
Ubuntu apport-gtk_1.0-0ubuntu5.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/apport-gtk_1.0-0u buntu5.2_all.deb
Ubuntu apport-qt_1.0-0ubuntu5.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/apport-qt_1.0-0ub untu5.2_all.deb
Ubuntu apport-retrace_1.0-0ubuntu5.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/apport-retrace_1. 0-0ubuntu5.2_all.deb
Ubuntu apport_1.0-0ubuntu5.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/apport_1.0-0ubunt u5.2_all.deb
Ubuntu python-apport_1.0-0ubuntu5.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/python-apport_1.0 -0ubuntu5.2_all.deb
Ubuntu python-problem-report_1.0-0ubuntu5.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/python-problem-re port_1.0-0ubuntu5.2_all.deb
Ubuntu Ubuntu Linux 9.04 amd64
Ubuntu apport-gtk_1.0-0ubuntu5.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/apport-gtk_1.0-0u buntu5.2_all.deb
Ubuntu apport-qt_1.0-0ubuntu5.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/apport-qt_1.0-0ub untu5.2_all.deb
Ubuntu apport-retrace_1.0-0ubuntu5.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/apport-retrace_1. 0-0ubuntu5.2_all.deb
Ubuntu apport_1.0-0ubuntu5.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/apport_1.0-0ubunt u5.2_all.deb
Ubuntu python-apport_1.0-0ubuntu5.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/python-apport_1.0 -0ubuntu5.2_all.deb
Ubuntu python-problem-report_1.0-0ubuntu5.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/a/apport/python-problem-re port_1.0-0ubuntu5.2_all.deb
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubu
参考网址
来源: launchpad.net
链接:https://launchpad.net/bugs/cve/2009-1295
来源: MISC
链接:https://bugs.launchpad.net/bugs/357024
来源: UBUNTU
名称: USN-768-1
链接:http://www.ubuntu.com/usn/usn-768-1
来源: BID
名称: 34776
链接:http://www.securityfocus.com/bid/34776
来源: SECUNIA
名称: 35065
链接:http://secunia.com/advisories/35065
来源: SECUNIA
名称: 34952
链接:http://secunia.com/advisories/34952
来源: SECUNIA
名称: 34947
链接:http://secunia.com/advisories/34947
来源: SUSE
名称: SUSE-SR:2009:010
链接:http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.HTML
受影响实体
- Apport Apport:0.1.0.8.1
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论