IRIX /usr/lib/netaddpr漏洞

漏洞信息详情

IRIX /usr/lib/netaddpr漏洞

• CNNVD编号：CNNVD-199705-011
• 危害等级： 高危
  
  
• CVE编号：
  CVE-1999-1286
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  1997-05-09
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  sgi
• 漏洞来源：
  This vulnerability…

SGI IRIX 6.2及早期版本上的addnetpr存在漏洞。本地用户可以通过临时文件的符号链接修改任意文件并可能访问根目录。

A quick solution to this problem is to remove the setuid bit from the netaddpr program. This will prevent users from actively trying to exploit this problem. However, some risk still exists, as an attacker could wait until an administrator executes this program, and attempt to exploit the flaw at this time. While the likelihood of sucess is quite small, the risk still exists.
Patches to this, and other printing related problems, are available from SGI.

来源: XF
名称: irix-addnetpr(1433)
链接:http://xforce.iss.net/static/1433.php

来源: BUGTRAQ
名称: 19970509 Re: Irix: misc
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=87602167420927&w=2

来源: BID
名称: 330
链接:http://www.securityfocus.com/bid/330

来源: OSVDB
名称: 8560
链接:http://www.osvdb.org/8560

来源: patches.sgi.com
链接:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX