IRIX /usr/lib/netaddpr漏洞

漏洞信息详情

IRIX /usr/lib/netaddpr漏洞

• CNNVD编号：CNNVD-199705-010
• 危害等级： 中危
  
  
• CVE编号：
  CVE-1999-1410
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  1997-05-09
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  sgi
• 漏洞来源：
  This vulnerability…

IRIX 5.3和6.2上的addnetpr存在漏洞。本地用户可以通过打印临时文件上的符号链接覆盖任意文件并可能获得根权限。

A quick solution to this problem is to remove the setuid bit from the netaddpr program. This will prevent users from actively trying to exploit this problem. However, some risk still exists, as an attacker could wait until an administrator executes this program, and attempt to exploit the flaw at this time. While the likelihood of sucess is quite small, the risk still exists.
Patches to this, and other printing related problems, are available from SGI.

来源: BID
名称: 330
链接:http://www.securityfocus.com/bid/330

来源: patches.sgi.com
链接:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX

来源: BUGTRAQ
名称: 19970509 Re: Irix: misc
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420927&w=2