多个供应商CDETT Session缓冲区溢出漏洞-一一网

漏洞信息详情

多个供应商CDETT Session缓冲区溢出漏洞

CNNVD编号：CNNVD-200003-007

危害等级：高危
CVE编号：
CVE-1999-0693
漏洞类型：

缓冲区溢出
发布时间：

2000-03-02
威胁类型：

本地
更新时间：

2005-05-02
厂商：

sco
漏洞来源：
This vulnerability…

漏洞简介

ToolTalk共享目录的TT_SESSION环境变量存在缓冲区溢出漏洞。本地用户利用此漏洞可以提升根特权。

漏洞公告

Updated SGI advisory (20021102-02-P) and patch details available.
This solution information has been quoted from CERT Advisory CA-99-11: Four Vulnerabilities in the Common Desktop Environment. This advisory is referenced in the ‘Credit’ section of this vulnerability entry. Please note that some of these fixes are temporary, this information is not considered to be complete given that some vendors are still investigating this problem as of the posting of this entry and some of the provided information is incomplete.
Compaq Computer Corporation
——————————————–
This potential security problem has been resolved and a patch for this problem has been made available for Tru64 UNIX V4.0D, V4.0E, V4.0F and V5.0.
This patch can be installed on:
V4.0D-F, all patch kits
V5.0, all patch kits
*This solution will be included in a future distributed release of Compaq’s Tru64/ DIGITAL UNIX.
This patch may be obtained from the World Wide Web at the following FTP address:
http://www.service.digital.com/patches
The patch file name is SSRT0617_ttsession.tar.Z
IBM Corporation
———————-
AIX 4.1.x: IY03125 IY03847
AIX 4.2.x: IY03105 IY03848
AIX 4.3.x: IY02944 IY03849
Customers that do not require the CDE desktop functionality can disable CDE by restricting access to the CDE daemons and removing the dt entry from /etc/inittab. Run the following commands as root to disable CDE:
# /usr/dt/bin/dtconfig -d
# chsubserver -d -v dtspc
# chsubserver -d -v ttdbserver
# chsubserver -d -v cmsd
# chown root.system /usr/dt/bin/*
# chmod 0 /usr/dt/bin/*
For customers that require the CDE desktop functionality, a temporary fix is available via anonymous ftp from:
ftp://aix.software.ibm.com/aix/efixes/security/cdecert.tar.Z
Filename sum md5
=================================================================
dtaction_4.1 32885 18 82af470bbbd334b240e874ff6745d8ca
dtaction_4.2 52162 18 b10f21abf55afc461882183fbd30e602
dtaction_4.3 56550 19 6bde84b975db2506ab0cbf9906c275ed
libtt.a_4.1 29234 2132 f5d5a59956deb8b1e8b3a14e94507152
libtt.a_4.2 21934 2132 73f32a73873caff06057db17552b8560
libtt.a_4.3 12154 2118 b0d14b9fe4a483333d64d7fd695f084d
ttauth 56348 31 495828ea74ec4c8f012efc2a9e6fa731
ttsession_4.1 19528 337 bfac4a06b90cbccc0cd494a44bd0ebc9
ttsession_4.2 46431 338 05949a483c4e390403055ff6961b0816
ttsession_4.3 54031 339 e1338b3167c7edf899a33520a3adb060
NOTE – This temporary fix has not been fully regression tested. Use the following steps (as root) to install the temporary fix.
1. Uncompress and extract the fix.
# uncompress < cdecert.tar.Z | tar xf –
# cd cdecert
2. Replace the vulnerable executables with the temporary fix for
your version of AIX.
# (cd /usr/dt/lib && mv libtt.a libtt.a.before_security_fix)
# (cd /usr/dt/bin && mv ttsession ttsession.before_security_fix)
# (cd /usr/dt/bin && mv dtaction dtaction.before_security_fix)
# chown root.system /usr/dt/lib/libtt.a.before_security_fix
# chown root.system /usr/dt/bin/ttsession.before_security_fix
# chown root.system /usr/dt/bin/dtaction.before_security_fix
# chmod 0 /usr/dt/lib/libtt.a.before_security_fix
# chmod 0 /usr/dt/bin/ttsession.before_security_fix
# chmod 0 /usr/dt/bin/dtaction.before_security_fix
# cp ./libtt.a_ /usr/dt/lib/libtt.a
# cp ./ttsession_ /usr/dt/bin/ttsession
# cp ./dtaction_ /usr/dt/bin/dtaction
# cp ./ttauth /usr/dt/bin/ttauth
# chmod 555 /usr/dt/lib/libtt.a
# chmod 555 /usr/dt/bin/ttsession
# chmod 555 /usr/dt/bin/dtaction
# chmod 555 /usr/dt/bin/ttauth
IBM AIX APARs may be ordered using Electronic Fix Distribution (via the FixDist program), or from the IBM Support Center. For more information on FixDist, and to obtain fixes via the Internet, please reference
http://techsupport.services.ibm.com/support/rs6000.support/downloads
Sun:
Patches are available to all Sun customers at
http://sunsolve.sun.com
Sun Solaris 2.3