NeXTstep npd漏洞

漏洞信息详情

NeXTstep npd漏洞

• CNNVD编号：CNNVD-199010-002
• 危害等级： 高危
  
  
• CVE编号：
  CVE-1999-1391
  
• 漏洞类型：
  
  
  未知
  
• 发布时间：
  
  1990-10-03
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  next
• 漏洞来源：

具有可公共访问打印机的NeXT 1.0a和1.0版本存在漏洞。本地用户可以借助npd程序和弱目录访问权限的结合提升特权。

NeXT computer owners running Release 1.0 or 1.0a should
do two things to fix a potential security problem. First, the
binary /usr/lib/NextPrinter/npd must be replaced with a
more secure version. This more secure version of npd is
available through your NeXT support center. Upon
receiving a copy of the more secure npd, you must become
root and install it in place of the old one in
/usr/lib/NextPrinter/npd. The new npd binary needs to be
installed with the same permission bits (6755) and owner
(root) as the old npd binary. The commands to install the
new npd binary are the following:
# /bin/mv /usr/lib/NextPrinter/npd /usr/lib/NextPrinter/npd.old
# /bin/mv newnpd /usr/lib/NextPrinter/npd
(In the above command, “newnpd” is the npd binary
that you obtained from your NeXT support center.)
# /etc/chown root /usr/lib/NextPrinter/npd
# /etc/chmod 6755 /usr/lib/NextPrinter/npd
# /etc/chmod 440 /usr/lib/NextPrinter/npd.old
The second half of the fix to this potential problem is to
change the permissions of directories on the system that
are currently owned and able to be written by group
“wheel”. The command that will remove write permission
for directories owned and writable by group “wheel” is
below. This command is all one line, and should be run as
root.
# find / -group wheel ! -type l -perm -20 ! -perm -2 -ls -exec chmod
g-w {} \; -o -fstype nfs -prune

来源:CERT/CC Advisory: CA-1990-06
名称: CA-1990-06
链接:http://www.cert.org/advisories/CA-1990-06.html

来源: CIAC
名称: B-01
链接:http://ciac.llnl.gov/ciac/bulletins/b-01.shtml

来源: BID
名称: 10
链接:http://www.securityfocus.com/bid/10

来源: XF
名称: nextstep-npd-root-access(7143)
链接:http://www.iss.net/security_center/static/7143.php