漏洞信息详情
Unix Shell Redirection竞态条件漏洞
- CNNVD编号:CNNVD-200101-072
- 危害等级: 高危
- CVE编号: CVE-2000-1134
- 漏洞类型: 竞争条件
- 发布时间: 2001-01-09
- 威胁类型: 本地
- 更新时间: 2006-09-15
- 厂 商: suse
- 漏洞来源:
. The tcsh variation was posted to BugTraq by proton
漏洞简介
多种Unix系统中的多个shell程序,包括:(1)tcsh,(2)csh,(3)sh,和(4)bash在处理<< 重新传送(又称为here-documents或者in-here documents)时后缀符号链接,本地用户借助一个符号链接攻击覆盖其他用户的文件。
漏洞公告
HP have released a security bulletin to address this issue in HP-UX. Customers who are affected by this issue are advised to apply appropriate patches as soon as possible. See referenced advisory for further detail regarding applying fixes. This bulletin has been revised to include fixes for HP-UX 11.04. Sun has released an alert containing fixes to address this issue. Sun has also released fixes for RaQ4, Qube3 and RaQXTR. Various upgrades and patches have been made available: Sun Cobalt RaQ4 Japanese RAID 3100R-ja
- Sun RaQ4-All-Security-2.0.1-16602.pkg http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0. 1-16602.pkg
- Sun RaQ4-All-Security-2.0.1-16602.pkg http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0. 1-16602.pkg
- Red Hat Inc. 6.2 i386 bash-1.14.7-23.6x.i386.rpm ftp://updates.redhat.com/6.2/i386/bash-1.14.7-23.6x.i386.rpm
- Red Hat Inc. 6.2 i386 bash-1.14.7-23.6x.i386.rpm ftp://updates.redhat.com/6.2/i386/bash-1.14.7-23.6x.i386.rpm
- Sun 109324-03For sh. http://sunsolve.sun.com
- Sun 110898-02For csh. http://sunsolve.sun.com
- Sun 110943-01 http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=110943&rev=01
- Sun Qube3-All-Security-4.0.1-16602.pkg http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0 .1-16602.pkg
- Sun Qube3-All-Security-4.0.1-16602.pkg http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0 .1-16602.pkg
- Sun RaQ4-All-Security-2.0.1-16602.pkg http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0. 1-16602.pkg
- Sun RaQXTR-All-Security-1.0.1-16602.pkg http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security- 1.0.1-16602.pkg
- Sun Qube3-All-Security-4.0.1-16602.pkg http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0 .1-16602.pkg
- Red Hat Inc. 5.2 i386 bash-1.14.7-23.5x.i386.rpm ftp://updates.redhat.com/5.2/i386/bash-1.14.7-23.5x.i386.rpm
- Conectiva graficas i386 bash-1.14.7-26cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/bash-1.1 4.7-26cl.i386.rpm
- Sun RaQXTR-All-Security-1.0.1-16602.pkg http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security- 1.0.1-16602.pkg
- Conectiva ecommerce i386 bash-1.14.7-26cl.i386.rpm ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/bash-1. 14.7-26cl.i386.rpm
- Sun Qube3-All-Security-4.0.1-16602.pkg http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0 .1-16602.pkg
- Sun RaQXTR-All-Security-1.0.1-16602.pkg http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security- 1.0.1-16602.pkg
- Sun Qube3-All-Security-4.0.1-16602.pkg http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0 .1-16602.pkg
- Sun Qube3-All-Security-4.0.1-16602.pkg http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0 .1-16602.pkg
- Sun Qube3-All-Security-4.0.1-16602.pkg http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0 .1-16602.pkg
- HP PHCO_27803 http://itrc.hp.com
- HP PHCO_27804 http://itrc.hp.com
- HP PHCO_27819 http://itrc.hp.com
- HP PHCO_29698 http://itrc.hp.com
- HP PHCO_29702 http://itrc.hp.com
- HP PHCO_29814 http://itrc.hp.com
- HP PHCO_27344 http://itrc.hp.com
- HP PHCO_27418 http://itrc.hp.com
- HP PHCO_27763 http://itrc.hp.com
- HP PHCO_26561 http://itrc.hp.com
- HP PHCO_27019 http://itrc.hp.com
- HP PHCO_27345 http://itrc.hp.com
- Caldera Desktop 2.3 bash-1.14.7-14.i386.rpm ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ba sh-1.14.7-14.i386.rpm
参考网址
来源:US-CERT Vulnerability Note: VU#10277 名称: VU#10277 链接:http://www.kb.cert.org/vuls/id/10277 来源: BID 名称: 2006 链接:http://www.securityfocus.com/bid/2006 来源: FREEBSD 名称: FreeBSD-SA-00:76 链接:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.asc 来源: BID 名称: 1926 链接:http://www.securityfocus.com/bid/1926 来源: BUGTRAQ 名称: 20001128 /bin/sh creates insecure tmp files 链接:http://www.securityfocus.com/archive/1/146657 来源: REDHAT 名称: RHSA-2000:121 链接:http://www.redhat.com/support/errata/RHSA-2000-121.HTML 来源: REDHAT 名称: RHSA-2000:117 链接:http://www.redhat.com/support/errata/RHSA-2000-117.HTML 来源: MANDRAKE 名称: MDKSA-2000:075 链接:http://www.linux-mandrake.com/en/security/MDKSA-2000-075.php3 来源: MANDRAKE 名称: MDKSA-2000-069 链接:http://www.linux-mandrake.com/en/security/MDKSA-2000-069.php3 来源: DEBIAN 名称: 20001111a 链接:http://www.debian.org/security/2000/20001111a 来源: CALDERA 名称: CSSA-2000-043.0 链接:http://www.calderasystems.com/support/security/advisories/CSSA-2000-043.0.txt 来源: CALDERA 名称: CSSA-2000-042.0 链接:http://www.calderasystems.com/support/security/advisories/CSSA-2000-042.0.txt 来源: BUGTRAQ 名称: 20001130 [ADV/EXP]: RH6.x root from bash /tmp vuln + MORE 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=97561816504170&w=2 来源: CONECTIVA 名称: CLSA-2000:354 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000354 来源: CONECTIVA 名称: CLA-2000:350 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000350 来源: COMPAQ 名称: SSRT1-41U 链接:http://archives.neohapsis.com/archives/tru64/2002-q1/0009.HTML 来源: BUGTRAQ 名称: 20001028 tcsh: unsafe tempfile in < redirects="" 链接:http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.HTML="" 来源:="" sgi="" 名称:="" 20011103-02-p="" 链接:ftp://patches.sgi.com/support/free/security/advisories/20011103-02-p="" 来源:="" us="" government="" resource:="" oval:org.mitre.oval:def:4047="" 名称:="" oval:org.mitre.oval:def:4047="" 链接:http://oval.mitre.org/repository/data/getdef?id="oval:org.mitre.oval:def:4047">
受影响实体
- Suse Suse_linux:7.0
补丁
暂无
评论