SCO UnixWare ‘uidadmin’漏洞

漏洞信息详情

SCO UnixWare ‘uidadmin’漏洞

• CNNVD编号：CNNVD-199812-008
• 危害等级： 超危
  
  
• CVE编号：
  CVE-1999-0836
  
• 漏洞类型：
  
  
  其他
  
• 发布时间：
  
  1998-12-02
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  sco
• 漏洞来源：
  This vulnerability…

UnixWare uidadmin存在漏洞。本地用户借助一个符号链接攻击可以修改任意文件。

SSE046 has been released to fix security holes in uidadmin:
ftp://ftp.sco.com/SSE/sse046.tar.Z
This patch should only be installed on UnixWare 7.0 through 7.1.1.
Installation:
1. Create a temporary directory, and copy sse046 into it:
# mkdir /tmp/sse046
# cp sse046.tar /tmp/sse046
2. Extract files from the tar file:
# cd /tmp/sse046
# tar xvf sse046.tar
3. Follow the instructions in sse7046a.txt
Disclaimer: SCO believes that this patch addresses the reported vulnerability. However, in order that it be released as soon as possible, this patch has not been fully tested or packaged to SCO’s normal exacting standards. For that reason, this patch is not officially supported. Official supported and packaged fixes for current SCO products will be available in due course.

来源: BUGTRAQ
名称: 19991202 UnixWare 7 uidadmin exploit + discussion
链接:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991202160111.20553.qmail@nwcst282.netaddress.usa.net

来源: BID
名称: 842
链接:http://www.securityfocus.com/bid/842

来源: SCO
名称: SB-99.22a
链接:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.22a