漏洞信息详情

Tarantella Enterprise 3符号链接漏洞

• CNNVD编号：CNNVD-200205-149
• 危害等级： 低危
  
• CVE编号： CVE-2002-0296
• 漏洞类型： 访问验证错误
• 发布时间： 2002-05-31
• 威胁类型： 本地
• 更新时间： 2005-10-20
• 厂        商： tarantella
• 漏洞来源： Discovered by Larr...

漏洞简介

Tarantella Enterprise 3版本的安装存在漏洞。本地用户借助\"spinning\"临时文件中的符号链接攻击覆盖任意文件。

漏洞公告

The vendor is reportedly aware of the vulnerability and plans to correct it in the next release. Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] .

参考网址

来源: XF 名称: tarantella-tmp-spinning-symlink(8223) 链接:http://xforce.iss.net/xforce/xfdb/8223 来源: BID 名称: 4115 链接:http://www.securityfocus.com/bid/4115 来源: BUGTRAQ 名称: 20020219 Another local root vulnerability during installation of Tarantella Enterprise 3. 链接:http://archives.neohapsis.com/archives/bugtraq/2002-02/0187.HTML 来源: BUGTRAQ 名称: 20020224 Exploit for Tarantella Enterprise installation (bid 4115) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101467193803592&w=2

受影响实体

• Tarantella Tarantella_enterprise:3.11  
• Tarantella Tarantella_enterprise:3.0  
• Tarantella Tarantella_enterprise:3.01  
• Tarantella Tarantella_enterprise:3.10  
• Tarantella Tarantella_enterprise:3.20  

补丁

暂无