SIGINT，SIGIO ISC BIND符号链接漏洞

漏洞信息详情

SIGINT，SIGIO ISC BIND符号链接漏洞

• CNNVD编号：CNNVD-199804-022
• 危害等级： 低危
  
  
• CVE编号：
  CVE-1999-1499
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  1998-04-10
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  isc
• 漏洞来源：
  to BugTraq on April 10, 1998.’);”>Made public in “”B…

ISC BIND 4.9和8.1版本中的named存在漏洞。本地用户借助对（1）当根目录用一个SIGINT杀死进程的named_dump.db，或者（2）当使用SIGIOT的named.stats进行符号链接攻击摧毁文件。

Upgrade to BIND 4.9.7, BIND 8.1.x or apply the following
patch.
*** named/ns_init.c.000 Mon Jun 2 06:34:35 1997
— named/ns_init.c Sun Apr 12 13:12:05 1998
***************
*** 560,567 ****
* We will always transfer this zone again
* after a reload.
*/
! sprintf(buf, “%s/NsTmp%ld.%d”, _PATH_TMPDIR,
! (long)getpid(), tmpnum++);
source = savestr(buf);
zp->z_flags |= Z_TMP_FILE;
} else
— 560,567 —-
* We will always transfer this zone again
* after a reload.
*/
! sprintf(buf, “NsTmp%ld.%d”, (long)getpid(),
! tmpnum++);
source = savestr(buf);
zp->z_flags |= Z_TMP_FILE;
} else
*** named/ns_main.c.000 Mon Jun 2 06:34:36 1997
— named/ns_main.c Sun Apr 12 14:51:45 1998
***************
*** 1463,1469 ****
dprintf(1, (ddt, “sigprof()\n”));
if (fork() == 0)
{
– (void) chdir(_PATH_TMPDIR);
exit(1);
}
errno = save_errno;
— 1463,1468 —-
*** named/pathnames.h.000 Thu Dec 15 17:24:22 1994
— named/pathnames.h Sat Apr 11 10:57:45 1998
***************
*** 74,88 ****
#ifndef _PATH_XFER
# define _PATH_XFER “/usr/libexec/named-xfer”
#endif
! #define _PATH_DEBUG “/var/tmp/named.run”
! #define _PATH_DUMPFILE “/var/tmp/named_dump.db”
#ifndef _PATH_PIDFILE
# define _PATH_PIDFILE “/var/run/named.pid”
#endif
! #define _PATH_STATS “/var/tmp/named.stats”
! #define _PATH_XFERTRACE “/var/tmp/xfer.trace”
! #define _PATH_XFERDDT “/var/tmp/xfer.ddt”
! #define _PATH_TMPXFER “/var/tmp/xfer.ddt.XXXXXX”
#define _PATH_TMPDIR “/var/tmp”
#else /* BSD */
— 74,88 —-
#ifndef _PATH_XFER
# define _PATH_XFER “/usr/libexec/named-xfer”
#endif
! #define _PATH_DEBUG “named.run”
! #define _PATH_DUMPFILE “named_dump.db”
#ifndef _PATH_PIDFILE
# define _PATH_PIDFILE “/var/run/named.pid”
#endif
! #define _PATH_STATS “named.stats”
! #define _PATH_XFERTRACE “xfer.trace”
! #define _PATH_XFERDDT “xfer.ddt”
! #define _PATH_TMPXFER “xfer.ddt.XXXXXX”
#define _PATH_TMPDIR “/var/tmp”
#else /* BSD */
***************
*** 92,106 ****
#ifndef _PATH_XFER
# define _PATH_XFER “/etc/named-xfer”
#endif
! #define _PATH_DEBUG “/usr/tmp/named.run”
! #define _PATH_DUMPFILE “/usr/tmp/named_dump.db”
#ifndef _PATH_PIDFILE
# define _PATH_PIDFILE “/etc/named.pid”
#endif
! #define _PATH_STATS “/usr/tmp/named.stats”
! #define _PATH_XFERTRACE “/usr/tmp/xfer.trace”
! #define _PATH_XFERDDT “/usr/tmp/xfer.ddt”
! #define _PATH_TMPXFER “/usr/tmp/xfer.ddt.XXXXXX”
#define _PATH_TMPDIR “/usr/tmp”
#endif /* BSD */
— 92,106 —-
#ifndef _PATH_XFER
# define _PATH_XFER “/etc/named-xfer”
#endif
! #define _PATH_DEBUG “named.run”
! #define _PATH_DUMPFILE “named_dump.db”
#ifndef _PATH_PIDFILE
# define _PATH_PIDFILE “/etc/named.pid”
#endif
! #define _PATH_STATS “named.stats”
! #define _PATH_XFERTRACE “xfer.trace”
! #define _PATH_XFERDDT “xfer.ddt”
! #define _PATH_TMPXFER “xfer.ddt.XXXXXX”
#define _PATH_TMPDIR “/usr/tmp”
#endif /* BSD */

来源: BID
名称: 80
链接:http://www.securityfocus.com/bid/80

来源: BUGTRAQ
名称: 19980410 BIND 4.9.7 named follows symlinks, clobbers anything
链接:http://www.securityfocus.com/archive/1/8966