漏洞信息详情
IRIX /usr/lib/netaddpr漏洞
- CNNVD编号:CNNVD-199705-010
- 危害等级: 中危
- CVE编号: CVE-1999-1410
- 漏洞类型: 其他
- 发布时间: 1997-05-09
- 威胁类型: 本地
- 更新时间: 2005-10-20
- 厂 商: sgi
- 漏洞来源: .');">This vulnerability...
漏洞简介
IRIX 5.3和6.2上的addnetpr存在漏洞。本地用户可以通过打印临时文件上的符号链接覆盖任意文件并可能获得根权限。
漏洞公告
A quick solution to this problem is to remove the setuid bit from the netaddpr program. This will prevent users from actively trying to exploit this problem. However, some risk still exists, as an attacker could wait until an administrator executes this program, and attempt to exploit the flaw at this time. While the likelihood of sucess is quite small, the risk still exists. Patches to this, and other printing related problems, are available from SGI.
参考网址
来源: BID 名称: 330 链接:http://www.securityfocus.com/bid/330 来源: patches.sgi.com 链接:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX 来源: BUGTRAQ 名称: 19970509 Re: Irix: misc 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420927&w=2
受影响实体
- Sgi Irix:5.0.1
- Sgi Irix:6.0.1
- Sgi Irix:6.0.1:Xfs
- Sgi Irix:6.2
- Sgi Irix:5.1
补丁
暂无
评论