漏洞信息详情
UTempter多个本地漏洞
- CNNVD编号:CNNVD-200408-197
- 危害等级: 低危
- CVE编号: CVE-2004-0233
- 漏洞类型: 路径遍历
- 发布时间: 2004-08-18
- 威胁类型: 本地
- 更新时间: 2006-09-22
- 厂 商: slackware
- 漏洞来源: Discovery of these...
漏洞简介
Utempter允许包含..(点 点)目录遍历序列的设备名称,本地用户可以通过在与信任utmp或者wtmp文件的应用程序相组合的设备名称上的链接攻击覆盖任意文件。
漏洞公告
Red Hat has released an advisory RHSA-2004:175-01 and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes. Mandrake has released an advisory MDKSA-2004:031-1 and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes. Slackware Linux has released advisory SSA:2004-110-01 and updates dealing with this issue. Red Hat Fedora has released advisory FEDORA-2004-108 and information on updated the affected application. Please see the referenced advisory for more information. Gentoo Linux has released advisory GLSA 200405-05 dealing with this issue. It is recommended that affected users issue these commands to ensure their system is properly updated: # emerge sync # emerge -pv ">=sys-apps/utempter-0.5.5.4" # emerge ">=sys-apps/utempter-0.5.5.4" Red Hat Fedora Legacy has released advisory FLSA:1546 dealing with this issue for Red Hat Linux 8.0, 7.3 and 7.2. Please see the referenced advisory for more information. Red Hat has released advisory RHSA-2004:174-09 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information. SGI has released an advisory (20040603-01-U) to address this and other issues in SGI ProPack 3. Please see the referenced advisory for more information. SGI has released an advisory (20040602-01-U) to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Sun has released Sun Alert Notification #57658 to address this issue in Sun Java Desktop System operating systems. Please see the referenced alert for further information on obtaining fixes. RedHat utempter-0.5.2-16.i386.rpm
- RedHat utempter-0.5.5-2.RHL9.0.i386.rpm ftp://updates.redhat.com/9/en/os/i386/utempter-0.5.5-2.RHL9.0.i386.rpm
- Slackware utempter-1.1.1-i486-1.tgz ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/ut empter-1.1.1-i486-1.tgz
- Fedora utempter-0.5.2-6.7.x.1.legacy.i386.rpmRed Hat Linux 7.2 & 7.3 http://download.fedoralegacy.org/redhat/7.2/updates/i386/utempter-0.5. 2-6.7.x.1.legacy.i386.rpm
- Fedora utempter-0.5.2-6.8.0.1.legacy.i386.rpmRed Hat Linux 8.0 http://download.fedoralegacy.org/redhat/8.0/updates/i386/utempter-0.5. 2-6.8.0.1.legacy.i386.rpm
- Mandrake lib64utempter0-0.5.2-12.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php
- Mandrake lib64utempter0-0.5.2-12.2.92mdk.amd64.rpmMandrake Linux 9.2/AMD64 http://www.mandrakesecure.net/en/ftp.php
- Mandrake lib64utempter0-devel-0.5.2-12.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php
- Mandrake lib64utempter0-devel-0.5.2-12.2.92mdk.amd64.rpmMandrake Linux 9.2/AMD64 http://www.mandrakesecure.net/en/ftp.php
- Mandrake libutempter0-0.5.2-10.2.91mdk.i586.rpmMandrake Linux 9.1 http://www.mandrakesecure.net/en/ftp.php
- Mandrake libutempter0-0.5.2-10.2.91mdk.ppc.rpmMandrake Linux 9.1/PPC http://www.mandrakesecure.net/en/ftp.php
- Mandrake libutempter0-0.5.2-11.2.C21mdk.i586.rpmMandrake Corporate Server 2.1 http://www.mandrakesecure.net/en/ftp.php
- Mandrake libutempter0-0.5.2-11.2.C21mdk.x86_64.rpmMandrake Corporate Server 2.1/X86_64 http://www.mandrakesecure.net/en/ftp.php
- Mandrake libutempter0-0.5.2-12.2.100mdk.i586.rpmMandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php
- Mandrake libutempter0-0.5.2-12.2.92mdk.i586.rpmMandrake Linux 9.2 http://www.mandrakesecure.net/en/ftp.php
- Mandrake libutempter0-0.5.2-5.2.M82mdk.i586.rpmMandrake Multi Network Firewall 8.2 http://www.mandrakesecure.net/en/ftp.php
- Mandrake libutempter0-devel-0.5.2-10.2.91mdk.i586.rpmMandrake Linux 9.1 http://www.mandrakesecure.net/en/ftp.php
- Mandrake libutempter0-devel-0.5.2-10.2.91mdk.ppc.rpmMandrake Linux 9.1/PPC http://www.mandrakesecure.net/en/ftp.php
- Mandrake libutempter0-devel-0.5.2-11.2.C21mdk.i586.rpmMandrake Corporate Server 2.1 http://www.mandrakesecure.net/en/ftp.php
- Mandrake libutempter0-devel-0.5.2-11.2.C21mdk.x86_64.rpmMandrake Corporate Server 2.1/X86_64 http://www.mandrakesecure.net/en/ftp.php
- Mandrake libutempter0-devel-0.5.2-12.2.100mdk.i586.rpmMandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php
- Mandrake libutempter0-devel-0.5.2-12.2.92mdk.i586.rpmMandrake Linux 9.2 http://www.mandrakesecure.net/en/ftp.php
- Mandrake libutempter0-devel-0.5.2-5.2.M82mdk.i586.rpmMandrake Multi Network Firewall 8.2 http://www.mandrakesecure.net/en/ftp.php
- Mandrake utempter-0.5.2-10.2.91mdk.i586.rpmMandrake Linux 9.1 http://www.mandrakesecure.net/en/ftp.php
- Mandrake utempter-0.5.2-10.2.91mdk.ppc.rpmMandrake Linux 9.1/PPC http://www.mandrakesecure.net/en/ftp.php
- Mandrake utempter-0.5.2-11.2.C21mdk.i586.rpmMandrake Corporate Server 2.1 http://www.mandrakesecure.net/en/ftp.php
- Mandrake utempter-0.5.2-11.2.C21mdk.x86_64.rpmMandrake Corporate Server 2.1/X86_64 http://www.mandrakesecure.net/en/ftp.php
- Mandrake utempter-0.5.2-12.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php
-
Mandrake utempter-0.5.2-12.2.100mdk.i586.rpm
参考网址
来源: BID 名称: 10178 链接:http://www.securityfocus.com/bid/10178 来源: REDHAT 名称: RHSA-2004:174 链接:http://www.redhat.com/support/errata/RHSA-2004-174.HTML 来源: XF 名称: utemper-symlink(15904) 链接:http://xforce.iss.net/xforce/xfdb/15904 来源: SLACKWARE 名称: SSA:2004-110 链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404389 来源: REDHAT 名称: RHSA-2004:175 链接:http://www.redhat.com/support/errata/RHSA-2004-175.HTML 来源: SUNALERT 名称: 1000752 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000752.1-1 来源: GENTOO 名称: GLSA-200405-05 链接:http://security.gentoo.org/glsa/glsa-200405-05.xml 来源: OVAL 名称: oval:org.mitre.oval:def:10115 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10115 来源: MANDRAKE 名称: MDKSA-2004:031 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:031 来源: US Government Resource: oval:org.mitre.oval:def:979 名称: oval:org.mitre.oval:def:979 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:979
受影响实体
- Slackware Slackware_linux:9.1
- Slackware Slackware_linux
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论