漏洞信息详情
Mutt mail client mutt_adv_mktemp函数不安全临时文件创建漏洞
- CNNVD编号:CNNVD-200610-215
- 危害等级: 低危
- CVE编号: CVE-2006-5298
- 漏洞类型: 竞争条件
- 发布时间: 2006-10-16
- 威胁类型: 本地
- 更新时间: 2006-10-17
- 厂 商: mutt
- 漏洞来源: Derek D. Martin is...
漏洞简介
Mutt mail client 1.5.12和更早版本中的mutt_adv_mktemp函数,并未正确地验证使用受限权限创建临时文件,从而本地用户可以通过mktemp和safe_fopen函数调用之间的竞争状态利用较弱的权限创建文件。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
Mutt Mutt 1.5.5.1i
Mandriva mutt-1.5.5.1i-2.2.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva mutt-1.5.5.1i-2.2.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mandriva mutt-utf8-1.5.5.1i-2.2.C30mdk.i586.rpm
Corporate 3.0:
http://www.mandriva.com/en/download
Mandriva mutt-utf8-1.5.5.1i-2.2.C30mdk.x86_64.rpm
Corporate 3.0/X86_64:
http://www.mandriva.com/en/download
Mutt Mutt 1.4.2.2
RedHat Fedora mutt-1.4.2.2-3.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
RedHat Fedora mutt-1.4.2.2-3.fc6.ppc.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
RedHat Fedora mutt-1.4.2.2-3.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
RedHat Fedora mutt-debuginfo-1.4.2.2-3.fc6.i386.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
RedHat Fedora mutt-debuginfo-1.4.2.2-3.fc6.ppc.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
RedHat Fedora mutt-debuginfo-1.4.2.2-3.fc6.x86_64.rpm
Fedora Core 6
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/
Mutt Mutt 1.5.11
Ubuntu mutt_1.5.11-3ubuntu2.2_amd64.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu 2.2_amd64.deb
Ubuntu mutt_1.5.11-3ubuntu2.2_i386.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu 2.2_i386.deb
Ubuntu mutt_1.5.11-3ubuntu2.2_powerpc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu 2.2_powerpc.deb
Ubuntu mutt_1.5.11-3ubuntu2.2_sparc.deb
Ubuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.11-3ubuntu 2.2_sparc.deb
Ubuntu mutt_1.5.12-1ubuntu1.1_amd64.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.12-1ubuntu 1.1_amd64.deb
Mutt Mutt 1.5.12
Ubuntu mutt_1.5.12-1ubuntu1.1_i386.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.12-1ubuntu 1.1_i386.deb
Ubuntu mutt_1.5.12-1ubuntu1.1_powerpc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.12-1ubuntu 1.1_powerpc.deb
Ubuntu mutt_1.5.12-1ubuntu1.1_sparc.deb
Ubuntu 6.10:
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.12-1ubuntu 1.1_sparc.deb
Mutt Mutt 1.5.9
Ubuntu mutt_1.5.9-2ubuntu1.2_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1 .2_amd64.deb
Ubuntu mutt_1.5.9-2ubuntu1.2_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1 .2_i386.deb
Ubuntu mutt_1.5.9-2ubuntu1.2_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1 .2_powerpc.deb
Ubuntu mutt_1.5.9-2ubuntu1.2_sparc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/m/mutt/mutt_1.5.9-2ubuntu1 .2_sparc.deb
Trustix Secure Linux 2.2
Trustix ldapclients-common-183-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix mutt-1.4.2.1-6tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix pam_ldap-183-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-cli-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-curl-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-devel-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-exif-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-fcgi-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-gd-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-imap-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trustix.org/pub/trustix/updates
Trustix php-ldap-5.2.0-1tr.i586.rpm
TSL 2.2
ftp://ftp.trust
参考网址
来源: MLIST
名称: [mutt-dev] 20061004 security problem with temp files [was Re: mutt_adv_mktemp() ?]
链接:http://marc.theaimsgroup.com/?l=mutt-dev&m=115999486426292&w=2
来源: UBUNTU
名称: USN-373-1
链接:http://www.ubuntu.com/usn/usn-373-1
来源: TRUSTIX
名称: 2006-0061
链接:http://www.trustix.org/errata/2006/0061/
来源: MANDRIVA
名称: MDKSA-2006:190
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:190
来源: SECUNIA
名称: 22686
链接:http://secunia.com/advisories/22686
来源: SECUNIA
名称: 22685
链接:http://secunia.com/advisories/22685
来源: SECUNIA
名称: 22640
链接:http://secunia.com/advisories/22640
来源: SECUNIA
名称: 22613
链接:http://secunia.com/advisories/22613
来源: MANDRIVA
名称: MDKSA-2006:190
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:190
受影响实体
- Mutt Mutt:0.95.6
- Mutt Mutt:1.2.1
- Mutt Mutt:1.2.5
- Mutt Mutt:1.2.5.1
- Mutt Mutt:1.2.5.12
补丁
暂无
评论