漏洞信息详情
多厂商CDE dtaction Userlag缓冲区溢出漏洞
- CNNVD编号:CNNVD-199909-022
- 危害等级: 高危
![图片[1]-多厂商CDE dtaction Userlag缓冲区溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-07/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-1999-0691
- 漏洞类型:
缓冲区溢出
- 发布时间:
1999-09-13
- 威胁类型:
本地
- 更新时间:
2005-05-02
- 厂 商:
sun - 漏洞来源:
This vulnerability… -
漏洞简介
CDE dtaction实用程序的AddSuLog函数存在缓冲区溢出漏洞。本地用户可以借助一个长用户名获得根权限。
漏洞公告
Updated SGI advisory (20021102-02-P) and patch details available.
This solution information has been quoted from CERT Advisory CA-99-11: Four Vulnerabilities in the Common Desktop Environment. This advisory is referenced in the ‘Credit’ section of this vulnerability entry. Please note that some of these fixes are temporary, this information is not considered to be complete given that some vendors are still investigating this problem as of the posting of this entry and some of the provided information is incomplete.
Compaq’s Tru64/DIGITAL UNIX
——————————————-
This potential security problem has been resolved and a patch for this problem has been made available for Tru64 UNIX V4.0D, V4.0E and V4.0F.
This patch can be installed on:
V4.0D Patch kit BL11 or BL12
V4.0E Patch kit BL1 or BL12
V4.0F Patch kit BL1
*This solution will be included in a future distributed release of Compaq’s Tru64/ DIGITAL UNIX.
This patch may be obtained from the World Wide Web at the following FTP address:
http://www.service.digital.com/patches
IBM Corporation
All releases of AIX version 4 are vulnerable to vulnerabilities #1, #3, and #4. AIX is not vulnerable to #2. The following APARs will be available soon:
AIX 4.1.x: IY03125 IY03847
AIX 4.2.x: IY03105 IY03848
AIX 4.3.x: IY02944 IY03849
Customers that do not require the CDE desktop functionality can disable CDE by restricting access to the CDE daemons and removing the dt entry from /etc/inittab. Run the following commands as root to disable CDE:
# /usr/dt/bin/dtconfig -d
# chsubserver -d -v dtspc
# chsubserver -d -v ttdbserver
# chsubserver -d -v cmsd
# chown root.system /usr/dt/bin/*
# chmod 0 /usr/dt/bin/*
For customers that require the CDE desktop functionality, a temporary fix is available via anonymous ftp from:
ftp://aix.software.ibm.com/aix/efixes/security/cdecert.tar.Z
Filename sum md5
=================================================================
dtaction_4.1 32885 18 82af470bbbd334b240e874ff6745d8ca
dtaction_4.2 52162 18 b10f21abf55afc461882183fbd30e602
dtaction_4.3 56550 19 6bde84b975db2506ab0cbf9906c275ed
libtt.a_4.1 29234 2132 f5d5a59956deb8b1e8b3a14e94507152
libtt.a_4.2 21934 2132 73f32a73873caff06057db17552b8560
libtt.a_4.3 12154 2118 b0d14b9fe4a483333d64d7fd695f084d
ttauth 56348 31 495828ea74ec4c8f012efc2a9e6fa731
ttsession_4.1 19528 337 bfac4a06b90cbccc0cd494a44bd0ebc9
ttsession_4.2 46431 338 05949a483c4e390403055ff6961b0816
ttsession_4.3 54031 339 e1338b3167c7edf899a33520a3adb060
NOTE – This temporary fix has not been fully regression tested. Use the following steps (as root) to install the temporary fix.
1. Uncompress and extract the fix.
# uncompress < cdecert.tar.Z | tar xf –
# cd cdecert
2. Replace the vulnerable executables with the temporary fix for
your version of AIX.
# (cd /usr/dt/lib && mv libtt.a libtt.a.before_security_fix)
# (cd /usr/dt/bin && mv ttsession ttsession.before_security_fix)
# (cd /usr/dt/bin && mv dtaction dtaction.before_security_fix)
# chown root.system /usr/dt/lib/libtt.a.before_security_fix
# chown root.system /usr/dt/bin/ttsession.before_security_fix
# chown root.system /usr/dt/bin/dtaction.before_security_fix
# chmod 0 /usr/dt/lib/libtt.a.before_security_fix
# chmod 0 /usr/dt/bin/ttsession.before_security_fix
# chmod 0 /usr/dt/bin/dtaction.before_security_fix
# cp ./libtt.a_ /usr/dt/lib/libtt.a
# cp ./ttsession_ /usr/dt/bin/ttsession
# cp ./dtaction_ /usr/dt/bin/dtaction
# cp ./ttauth /usr/dt/bin/ttauth
# chmod 555 /usr/dt/lib/libtt.a
# chmod 555 /usr/dt/bin/ttsession
# chmod 555 /usr/dt/bin/dtaction
# chmod 555 /usr/dt/bin/ttauth
IBM AIX APARs may be ordered using Electronic Fix Distribution (via the FixDist program), or from the IBM Support Center. For more information on FixDist, and to obtain fixes via the Internet, please reference
http://techsupport.services.ibm.com/support/rs6000.support/downloads
or send electronic mail to “aixserv@austin.ibm.com” with the word “FixDist” in the “Subject:” line. To facilitate ease of ordering all security related APARs for each AIX release, security fixes are periodically bundled into a cumulative APAR. For more information on these cumulative APARs including last update and list of individual fixes, send electronic mail to “aixserv@austin.ibm.com” with the word “subscribe Security_APARs” in the “Subject:” line.
Sun Microsystems
————————-
The following patches are available:
CDE versionPatch ID
____________________
1.3sparc108219-01
1.3×86108220-01
1.2×86108201-01
1.2×86108202-01
SunOS versionPatch ID
——————————-
SunOS 5.7sparc108219-01
SunOS 5.7×86108220-01
SunOS 5.6sparc108201-01
SunOS 5.6×86108202-01
Patches are available to all Sun customers at
http://sunsolve.sun.com
Sun Solaris 2.6
IBM AIX 4.3
IBM AIX 4.3.1
IBM AIX 4.3.2
SGI IRIX 6.5
-
SGI 4416
ftp://patches.sgi.com/support/free/security/patches/ -
SGI patch4915.tar
ftp://patches.sgi.com/support/free/security/patches/
SGI IRIX 6.5.1
-
SGI 4416
ftp://patches.sgi.com/support/free/security/patches/ -
SGI patch4915.tar
ftp://patches.sgi.com/support/free/security/patches/
SGI IRIX 6.5.10
-
SGI 4416
ftp://patches.sgi.com/support/free/security/patches/ -
SGI patch4915.tar
ftp://patches.sgi.com/support/free/security/patches/
SGI IRIX 6.5.10 f
SGI IRIX 6.5.10 m
SGI IRIX 6.5.11
-
SGI 4416
ftp://patches.sgi.com/support/free/security/patches/ -
SGI patch4915.tar
ftp://patches.sgi.com/support/free/security/patches/
SGI IRIX 6.5.11 m
SGI IRIX 6.5.11 f
SGI IRIX 6.5.12 f
SGI IRIX 6.5.12 m
-
SGI 4416
f
参考网址
来源: HP
名称: HPSBUX9909-103
链接:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103
来源: BID
名称: 635
链接:http://www.securityfocus.com/bid/635
来源: SUN
名称: 00192
链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192
来源: US Government Resource: oval:org.mitre.oval:def:3078
名称: oval:org.mitre.oval:def:3078
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3078
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
