NeXTstep /usr/etc/restore0.9 suid shell脚本漏洞

漏洞信息详情

NeXTstep /usr/etc/restore0.9 suid shell脚本漏洞

• CNNVD编号：CNNVD-199010-003
• 危害等级： 高危
  
  
• CVE编号：
  CVE-1999-1392
  
• 漏洞类型：
  
  
  未知
  
• 发布时间：
  
  1990-10-03
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  next
• 漏洞来源：

NeXT 1.0a和1.0版本中的restore0.9安装脚本存在漏洞。本地用户可以提升根特权。

NeXT owners running Release 1.0 or 1.0a should remove
/usr/etc/restore0.9 from all disks. This file is installed by the
“BuildDisk” application, so it should be removed from all
systems built with the standard release disk, as well as from
the standard release disk itself (which will prevent the file
from being installed on system built with the standard
release disk in the future). You must be root to remove this
script, and the command that will remove the script is the
following:
# /bin/rm /usr/etc/restore0.9

来源:CERT/CC Advisory: CA-1990-06
名称: CA-1990-06
链接:http://www.cert.org/advisories/CA-1990-06.html

来源: BID
名称: 9
链接:http://www.securityfocus.com/bid/9

来源: CIAC
名称: B-01
链接:http://ciac.llnl.gov/ciac/bulletins/b-01.shtml

来源: XF
名称: nextstep-restore09-root-access(7144)
链接:http://www.iss.net/security_center/static/7144.php