漏洞信息详情
RSync 安全漏洞
- CNNVD编号:CNNVD-200203-042
- 危害等级: 低危
- CVE编号: CVE-2002-0080
- 漏洞类型: 其他
- 发布时间: 2002-03-15
- 威胁类型: 本地
- 更新时间: 2020-11-17
- 厂 商: redhat
- 漏洞来源: Ethan Benson
漏洞简介
rsync 存在安全漏洞,该漏洞源于在守护进程模式下运行时,在删除特权之前没有正确地调用setgroups,这可能为本地用户提供补充的组特权,这样本地用户就可以读取某些文件,否则这些文件是不允许的。
漏洞公告
临时解决方法:
如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 没有合适的临时解决方法。
厂商补丁:
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2002:024)以及相应补丁:
MDKSA-2002:024:rsync update
链接:
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3" target="_blank">
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
补丁下载:
Linux-Mandrake 7.1:
fdfd74524914606306ab5717b696e030 7.1/RPMS/rsync-2.5.4-1.2mdk.i586.rpm
34a71b565a7413ecb4efe48acb4df65f 7.1/SRPMS/rsync-2.5.4-1.2mdk.src.rpm
Linux-Mandrake 7.2:
7eda7d7a7df5bf088a64990bf5c4d70d 7.2/RPMS/rsync-2.5.4-1.1mdk.i586.rpm
f425baa9b832265d6a199bd4409a28db 7.2/SRPMS/rsync-2.5.4-1.1mdk.src.rpm
Mandrake Linux 8.0:
914f020aa62c9ce6fdd61dfce245fc1c 8.0/RPMS/rsync-2.5.4-1.1mdk.i586.rpm
f425baa9b832265d6a199bd4409a28db 8.0/SRPMS/rsync-2.5.4-1.1mdk.src.rpm
Mandrake Linux 8.0/ppc:
c9c5275126721f7aa38f6a4e09742ce9 ppc/8.0/RPMS/rsync-2.5.4-1.1mdk.ppc.rpm
f425baa9b832265d6a199bd4409a28db ppc/8.0/SRPMS/rsync-2.5.4-1.1mdk.src.rpm
Mandrake Linux 8.1:
e3733dc91021b997e656fafe86915fe9 8.1/RPMS/rsync-2.5.4-1.1mdk.i586.rpm
f425baa9b832265d6a199bd4409a28db 8.1/SRPMS/rsync-2.5.4-1.1mdk.src.rpm
Corporate Server 1.0.1:
fdfd74524914606306ab5717b696e030 1.0.1/RPMS/rsync-2.5.4-1.2mdk.i586.rpm
34a71b565a7413ecb4efe48acb4df65f 1.0.1/SRPMS/rsync-2.5.4-1.2mdk.src.rpm
Single Network Firewall 7.2:
7eda7d7a7df5bf088a64990bf5c4d70d snf7.2/RPMS/rsync-2.5.4-1.1mdk.i586.rpm
f425baa9b832265d6a199bd4409a28db snf7.2/SRPMS/rsync-2.5.4-1.1mdk.src.rpm
参考网址
来源:MANDRAKE
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
来源:BID
链接:https://www.securityfocus.com/bid/4285
来源:XF
链接:http://www.iss.net/security_center/static/8463.php
来源:CALDERA
链接:http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
来源:REDHAT
链接:http://www.redhat.com/support/errata/RHSA-2002-026.HTML
受影响实体
- Redhat Linux:7.2:Ia64
- Redhat Linux:7.2:I686
- Redhat Linux:7.2:I586
- Redhat Linux:7.2:I386
- Redhat Linux:7.1:Ia64
补丁
- RSync 安全漏洞的修复措施
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论