漏洞信息详情
MM共享内存库临时文件本地权限提升漏洞
- CNNVD编号:CNNVD-200208-069
- 危害等级: 低危
- CVE编号: CVE-2002-0658
- 漏洞类型: 竞争条件
- 发布时间: 2002-07-29
- 威胁类型: 本地
- 更新时间: 2005-05-02
- 厂 商: ossp
- 漏洞来源: Marcus Meissner Se...
漏洞简介
OSSP MM是一款共享内存程序库。 OSSP MM存在竞争条件漏洞,本地攻击者可以利用这个漏洞进行权限提升。 Marcus Meissner和Sebastian Krahmer发现在MM共享库中在处理临时文件时存在竞争条件漏洞,本地攻击者可以利用这个漏洞进行权限提升。 Apache Web服务程序使用了MM共享库,如果拥有Apache用户权限的攻击者,可以利用这个漏洞获得root用户权限。
漏洞公告
临时解决方法: 如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 暂时没有合适的临时解决方法。 厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-137-1)以及相应补丁:
DSA-137-1:New mm packages fix insecure temporary file creation
链接: http://www.debian.org/security/2002/dsa137-
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/m/mm/mm_1.0.11-1.2.dsc
Size/MD5 checksum: 553 6bf8816fa3395bc685451501f203b60b
http://security.debian.org/pool/updates/main/m/mm/mm_1.0.11.orig.tar.gz
Size/MD5 checksum: 142893 e8f12c85582bd9994369ea4098c3424c
http://security.debian.org/pool/updates/main/m/mm/mm_1.0.11-1.2.diff.gz
Size/MD5 checksum: 5184 81bd3aaa499f029254fa64a7fc9a1660
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_alpha.deb
Size/MD5 checksum: 13788 e45aec9dc3688a0a8500c88d04c49f33
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_alpha.deb
Size/MD5 checksum: 32060 3a20277fd97bdf52afc511c5cf7a922a
ARM architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_arm.deb
Size/MD5 checksum: 11876 36bf40e33e1e58ab59bdbc7e6b27327a
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_arm.deb
Size/MD5 checksum: 29194 eeba5fb89081bfc67cc1eb4c8ae7beaf
Intel ia32 architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_i386.deb
Size/MD5 checksum: 12100 52a6b793c890790319b5d328ee1b7a0d
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_i386.deb
Size/MD5 checksum: 28924 888a040a28f6c942424b609bb92ddc88
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_m68k.deb
Size/MD5 checksum: 11560 f86c03c040087127c74f8ddb0ebb23b4
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_m68k.deb
Size/MD5 checksum: 28752 aba689b014f669d0cadeefaa7720b9d7
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_powerpc.deb
Size/MD5 checksum: 12286 159aa5cb4938fa844ad6b93990d125b3
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_powerpc.deb
Size/MD5 checksum: 30340 785b5ed0a9cb5b00f4e3182b7a457b44
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_sparc.deb
Size/MD5 checksum: 12170 f4f4911490dcec804e2215d8c6dcb373
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_sparc.deb
Size/MD5 checksum: 29664 fa63ddb6ab216e7d7d7caa09531a6967
Debian GNU/Linux 3.0 alias woody
- ------------------------------------
Source archives:
http://security.debian.org/pool/updates/main/m/mm/mm_1.1.3-6.1.dsc
Size/MD5 checksum: 565 90c7910a97454ac9aa1abc0bc79cf316
http://security.debian.org/pool/updates/main/m/mm/mm_1.1.3.orig.tar.gz
Size/MD5 checksum: 137951 ba14a90239e26337eef079b698f35eae
http://security.debian.org/pool/updates/main/m/mm/mm_1.1.3-6.1.diff.gz
Size/MD5 checksum: 4300 44c3bd2710d53798f19228ffb4a32b78
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_alpha.deb
Size/MD5 checksum: 15884 e95d9355d8c1ce4e67b057e9f7b644ed
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_alpha.deb
Size/MD5 checksum: 35894 613548b6398dff2a72d8831dfa0bd405
ARM architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_arm.deb
Size/MD5 checksum: 14082 bc8d016410dc8ae21bd273239432e58e
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_arm.deb
Size/MD5 checksum: 33312 e148f2ef714cc6cd7b4021ec75fb19e0
Intel ia32 architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_i386.deb
Size/MD5 checksum: 14090 f118e324b0b4baf755e4b6c0532138f0
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_i386.deb
Size/MD5 checksum: 32750 d089be8693d8c2dcaae3fb953d9eec54
Intel ia64 architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_ia64.deb
Size/MD5 checksum: 18668 a2a7024d9f7fae7823bf6f4eb7d9f04d
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_ia64.deb
Size/MD5 checksum: 37466 1b6a21155340aa8ba1a407ac3ca6f92e
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_hppa.deb
Size/MD5 checksum: 15124 a727a96c2deaecc8744a38c2790dd3c6
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_hppa.deb
参考网址
来源: MANDRAKE 名称: MDKSA-2002:045 链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-045.php 来源: BID 名称: 5352 链接:http://www.securityfocus.com/bid/5352 来源: REDHAT 名称: RHSA-2003:158 链接:http://www.redhat.com/support/errata/RHSA-2003-158.HTML 来源: REDHAT 名称: RHSA-2002:163 链接:http://www.redhat.com/support/errata/RHSA-2002-163.HTML 来源: SUSE 名称: SuSE-SA:2002:028 链接:http://www.novell.com/linux/security/advisories/2002_028_mod_ssl.HTML 来源: XF 名称: mm-tmpfile-symlink(9719) 链接:http://www.iss.net/security_center/static/9719.php 来源: DEBIAN 名称: DSA-137 链接:http://www.debian.org/security/2002/dsa-137 来源: REDHAT 名称: RHSA-2002:164 链接:http://rhn.redhat.com/errata/RHSA-2002-164.HTML 来源: REDHAT 名称: RHSA-2002:156 链接:http://rhn.redhat.com/errata/RHSA-2002-156.HTML 来源: REDHAT 名称: RHSA-2002:154 链接:http://rhn.redhat.com/errata/RHSA-2002-154.HTML 来源: REDHAT 名称: RHSA-2002:153 链接:http://rhn.redhat.com/errata/RHSA-2002-153.HTML 来源: HP 名称: HPSBTL0208-056 链接:http://online.securityfocus.com/advisories/4392 来源: FREEBSD 名称: FreeBSD-SN-02:05 链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc 来源: CALDERA 名称: CSSA-2002-032.0 链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-032.0.txt
受影响实体
- Ossp Mm:1.1.1
- Ossp Mm:1.1.0
- Ossp Mm:1.0.9
- Ossp Mm:1.0.8
- Ossp Mm:1.0.0
补丁
暂无
评论