多厂商mgetty符号链接遍历漏洞

admin
admin
admin
0
文章
0
评论
2022-07-12 09:45:45 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

多厂商mgetty符号链接遍历漏洞

  • CNNVD编号:CNNVD-200010-029
  • 危害等级: 低危
  • CVE编号: CVE-2000-0691
  • 漏洞类型: 未知
  • 发布时间: 2000-10-20
  • 威胁类型: 本地
  • 更新时间: 2005-10-20
  • 厂        商: gert_doering
  • 漏洞来源: ');">This vulnerability...

漏洞简介

mgetty数据包的faxrunq和faxrunqd存在漏洞。本地用户可以借助符号链接攻击创建或修改任意文件,该漏洞会创建/var/spool/fax/outgoing/.last_run到目标文件的符号链接。

漏洞公告

Users of mgetty should upgrade to versions 1.1.22 to eliminate this vulnerability Mandrake Linux: The following patches are available for Mandrake Linux. Linux-Mandrake 6.0: a27f4bbce80bdc1e613eec900b581a44 6.0/RPMS/mgetty-1.1.22-2mdk.i586.rpm 485fd02bcacf5eace99276dd2ce7f554 6.0/RPMS/mgetty-contrib-1.1.22-2mdk.i586.rpm b407ad2c8a5fdc3fca31204667a63a04 6.0/RPMS/mgetty-sendfax-1.1.22-2mdk.i586.rpm 839b2c1f09694e81b40b9e244f68b80b 6.0/RPMS/mgetty-viewfax-1.1.22-2mdk.i586.rpm 5ed6b9290249a74aa9e308296cb02783 6.0/RPMS/mgetty-voice-1.1.22-2mdk.i586.rpm d1deb85b2deb0be64d48bf8138e06ae3 6.0/SRPMS/mgetty-1.1.22-2mdk.src.rpm Linux-Mandrake 6.1: 10583e14f13a43cb96abbbba7394b590 6.1/RPMS/mgetty-1.1.22-2mdk.i586.rpm a51aa6db2867b7a1c27e0a0a6601f57a 6.1/RPMS/mgetty-contrib-1.1.22-2mdk.i586.rpm deac3868dfe80f917d3951add26ec6bb 6.1/RPMS/mgetty-sendfax-1.1.22-2mdk.i586.rpm c24fc09f0621c083f526fcc554a9edac 6.1/RPMS/mgetty-viewfax-1.1.22-2mdk.i586.rpm 23bfc2f265564fc25c3316aa7d4df7d3 6.1/RPMS/mgetty-voice-1.1.22-2mdk.i586.rpm d1deb85b2deb0be64d48bf8138e06ae3 6.1/SRPMS/mgetty-1.1.22-2mdk.src.rpm Linux-Mandrake 7.0: 557a3d5d9e26c2d82e4f2f1384df9784 7.0/RPMS/mgetty-1.1.22-2mdk.i586.rpm 25b2bd75ba4c06b94ba3db25d4929354 7.0/RPMS/mgetty-contrib-1.1.22-2mdk.i586.rpm 5feb56b3a1e068afcef11c8fc4c74443 7.0/RPMS/mgetty-sendfax-1.1.22-2mdk.i586.rpm 78db1386e7ce356d5d5a1e05078cc6e3 7.0/RPMS/mgetty-viewfax-1.1.22-2mdk.i586.rpm b4c845e5ca1c2de9d5db00e546ea0c2e 7.0/RPMS/mgetty-voice-1.1.22-2mdk.i586.rpm d1deb85b2deb0be64d48bf8138e06ae3 7.0/SRPMS/mgetty-1.1.22-2mdk.src.rpm Linux-Mandrake 7.1: 76b71d096e4102f8b17de8ff07353200 7.1/RPMS/mgetty-1.1.22-2mdk.i586.rpm c90db3acf3c5161040510954905a2ab1 7.1/RPMS/mgetty-contrib-1.1.22-2mdk.i586.rpm 1e9af836c99a48f45278f2f45be4c148 7.1/RPMS/mgetty-sendfax-1.1.22-2mdk.i586.rpm 06169b07f2b3d091e011b68a2e9ca20f 7.1/RPMS/mgetty-viewfax-1.1.22-2mdk.i586.rpm 454aa7d8171a9645b4a77fee6d44a97a 7.1/RPMS/mgetty-voice-1.1.22-2mdk.i586.rpm d1deb85b2deb0be64d48bf8138e06ae3 7.1/SRPMS/mgetty-1.1.22-2mdk.src.rpm ________________________________________________________________________ To upgrade automatically, use « MandrakeUpdate ». If you want to upgrade manually, download the updated package from one of our FTP server mirrors and uprade with "rpm -Uvh package_name". You can download the updates directly from: ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates ftp://ftp.free.fr/pub/Distributions_Linux/Mandrake/updates Or try one of the other mirrors listed at: http://www.linux-mandrake.com/en/ftp.php3. Updated packages are available in the "updates/[ver]/RPMS/" directory. For example, if you are looking for an updated RPM package for Linux-Mandrake 7.1, look for it in "updates/7.1/RPMS/". Updated source RPMs are available as well, but you generally do not need to download them. Please be aware that sometimes it takes the mirrors a few hours to update, so if you want an immediate upgrade, please use one of the two above-listed mirrors. Gert Doering mgetty 1.1.19

  • Gert Doering mgetty 1.1.22 ftp://ftp.leo.org/pub/comp/os/unix/networking/mgetty/
Gert Doering mgetty 1.1.20
  • Gert Doering mgetty 1.1.22 ftp://ftp.leo.org/pub/comp/os/unix/networking/mgetty/
Gert Doering mgetty 1.1.21
  • Conectiva 4.0 i386 mgetty-1.1.22-1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0/i386/mgetty-1.1.22-1cl.i386.rp m
  • Conectiva 4.0 i386 mgetty-sendfax-1.1.22-1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0/i386/mgetty-sendfax-1.1.22-1cl .i386.rpm
  • Conectiva 4.0 i386 mgetty-viewfax-1.1.22-1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0/i386/mgetty-viewfax-1.1.22-1cl .i386.rpm
  • Conectiva 4.0 i386 mgetty-voice-1.1.22-1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/4.0/i386/mgetty-voice-1.1.22-1cl.i 386.rpm
  • Conectiva 4.0es : mgetty-1.1.22-1cl ftp://atualizacoes.conectiva.com.br/4.0es/i386/mgetty-1.1.22-1cl.i386. rpm
  • Conectiva 4.0es : mgetty-sendfax-1.1.22-1cl ftp://atualizacoes.conectiva.com.br/4.0es/i386/mgetty-sendfax-1.1.22-1 cl.i386.rpm
  • Gert Doering mgetty 1.1.22 ftp://ftp.leo.org/pub/comp/os/unix/networking/mgetty/

参考网址

来源: BID 名称: 1612 链接:http://www.securityfocus.com/bid/1612 来源: CALDERA 名称: CSSA-2000-029.0 链接:http://www.calderasystems.com/support/security/advisories/CSSA-2000-029.0.txt 来源: archives.neohapsis.com 链接:http://archives.neohapsis.com/archives/bugtraq/2000-08/0330.HTML 来源: BUGTRAQ 名称: 20000826 Advisory: mgetty local compromise 链接:http://archives.neohapsis.com/archives/bugtraq/2000-08/0329.HTML

受影响实体

  • Gert_doering Mgetty:1.1.19  
  • Gert_doering Mgetty:1.1.20  
  • Gert_doering Mgetty:1.1.21  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0