漏洞信息详情
PostgreSQL不安全临时文件创建漏洞
- CNNVD编号:CNNVD-200502-034
- 危害等级: 低危
- CVE编号: CVE-2004-0977
- 漏洞类型: 设计错误
- 发布时间: 2005-02-09
- 威胁类型: 本地
- 更新时间: 2005-10-20
- 厂 商: mandrakesoft
- 漏洞来源: The individual or ...
漏洞简介
PostgreSQL 是一个自由的对象-关系数据库服务器(数据库管理系统)。 PostgreSQL 7.4.5及更早版本中的make_oidjoins_check脚本,可让本地用户通过象征性的链接攻击临时文件,从而覆盖这些文件。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: SGI ProPack 3.0 SGI patch10131.tar.gz ftp://patches.sgi.com/support/free/security/patches/ProPack/3/patch101 31.tar.gz PostgreSQL PostgreSQL 7.2.1 Debian libecpg3_7.2.1-2woody6_alpha.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2 .1-2woody6_alpha.deb Debian libecpg3_7.2.1-2woody6_arm.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2 .1-2woody6_arm.deb Debian libecpg3_7.2.1-2woody6_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2 .1-2woody6_hppa.deb Debian libecpg3_7.2.1-2woody6_i386.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2 .1-2woody6_i386.deb Debian libecpg3_7.2.1-2woody6_ia64.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2 .1-2woody6_ia64.deb Debian libecpg3_7.2.1-2woody6_m68k.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2 .1-2woody6_m68k.deb Debian libecpg3_7.2.1-2woody6_mips.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2 .1-2woody6_mips.deb Debian libecpg3_7.2.1-2woody6_mipsel.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2 .1-2woody6_mipsel.deb Debian libecpg3_7.2.1-2woody6_powerpc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2 .1-2woody6_powerpc.deb Debian libecpg3_7.2.1-2woody6_s390.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2 .1-2woody6_s390.deb Debian libecpg3_7.2.1-2woody6_sparc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libecpg3_7.2 .1-2woody6_sparc.deb Debian libpgperl_7.2.1-2woody6_alpha.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7. 2.1-2woody6_alpha.deb Debian libpgperl_7.2.1-2woody6_arm.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7. 2.1-2woody6_arm.deb Debian libpgperl_7.2.1-2woody6_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7. 2.1-2woody6_hppa.deb Debian libpgperl_7.2.1-2woody6_i386.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7. 2.1-2woody6_i386.deb Debian libpgperl_7.2.1-2woody6_ia64.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7. 2.1-2woody6_ia64.deb Debian libpgperl_7.2.1-2woody6_m68k.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7. 2.1-2woody6_m68k.deb Debian libpgperl_7.2.1-2woody6_mips.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7. 2.1-2woody6_mips.deb Debian libpgperl_7.2.1-2woody6_mipsel.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7. 2.1-2woody6_mipsel.deb Debian libpgperl_7.2.1-2woody6_powerpc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7. 2.1-2woody6_powerpc.deb Debian libpgperl_7.2.1-2woody6_s390.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7. 2.1-2woody6_s390.deb Debian libpgperl_7.2.1-2woody6_sparc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgperl_7. 2.1-2woody6_sparc.deb Debian libpgsql2_7.2.1-2woody6_alpha.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7. 2.1-2woody6_alpha.deb Debian libpgsql2_7.2.1-2woody6_arm.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7. 2.1-2woody6_arm.deb Debian libpgsql2_7.2.1-2woody6_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7. 2.1-2woody6_hppa.deb Debian libpgsql2_7.2.1-2woody6_i386.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7. 2.1-2woody6_i386.deb Debian libpgsql2_7.2.1-2woody6_ia64.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/p/postgresql/libpgsql2_7. 2.1-2woody6_ia64.deb
参考网址
来源: BID 名称: 11295 链接:http://www.securityfocus.com/bid/11295 来源: DEBIAN 名称: DSA-577 链接:http://www.debian.org/security/2004/dsa-577 来源: XF 名称: script-temporary-file-overwrite(17583) 链接:http://xforce.iss.net/xforce/xfdb/17583 来源: TRUSTIX 名称: 2004-0050 链接:http://www.trustix.org/errata/2004/0050 来源: REDHAT 名称: RHSA-2004:489 链接:http://www.redhat.com/support/errata/RHSA-2004-489.HTML 来源: GENTOO 名称: GLSA-200410-16 链接:http://security.gentoo.org/glsa/glsa-200410-16.xml 来源: bugzilla.redhat.com 链接:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300 来源: MANDRAKE 名称: MDKSA-2004:149 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:149 来源: OPENPKG 名称: OpenPKG-SA-2004.046 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109910073808903&w=2 来源: UBUNTU 名称: USN-6-1 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109902101714725&w=2
受影响实体
- Mandrakesoft Mandrake_linux:10.1:X86_64
- Mandrakesoft Mandrake_linux:10.1
- Mandrakesoft Mandrake_linux:10.0:Amd64
- Mandrakesoft Mandrake_linux:10.0
- Mandrakesoft Mandrake_linux:9.2:Amd64
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论