漏洞信息详情
OpenLDAP /usr/tmp/ 的符号连接漏洞
- CNNVD编号:CNNVD-200004-056
- 危害等级: 低危
![图片[1]-OpenLDAP /usr/tmp/ 的符号连接漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-04-24/fa6998ac850c38cb90c47a02e5a8652c.png)
- CVE编号:
CVE-2000-0336
- 漏洞类型:
竞争条件
- 发布时间:
2000-04-21
- 威胁类型:
本地
- 更新时间:
2005-05-02
- 厂 商:
openldap - 漏洞来源:
This vulnerability… -
漏洞简介
Linux OpenLDAP 服务器存在漏洞,本地用户可以通过符号连接攻击修改任意文件。
漏洞公告
Patches are available from RedHat and TurboLinux to remedy this problem.
Rebuilding OpenLDAP, and configuring the following values to something other than /usr/tmp will fix this problem:
servers/slapd/back-ldbm/back-ldbm.g, “DEFAULT_DB_DIRECTORY” variable
servers/slapd/slapd.conf, “directory” variable
servers/slurpd/slurp.h, “DEFAULT_SLURPD_REPLICA_DIR” variable
The latest version, 1.2.10, still appears vulnerable to this problem.
RedHat openldap-1.2.7-2.i386.rpm
-
Red Hat Inc. 6.1 i386 openldap-1.2.9-6.i386.rpm
ftp://updates.redhat.com/6.1/i386/openldap-1.2.9-6.i386.rpm
RedHat openldap-1.2.9-5.i386.rpm
-
Red Hat Inc. 6.2 i386 openldap-1.2.9-6.i386.rpm
ftp://updates.redhat.com/6.2/i386/openldap-1.2.9-6.i386.rpm
Turbolinux Turbolinux 6.0.2
-
TurboLinux openldap-1.2.10-1.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/openldap-1.2.10-1.i3
86.rpm -
TurboLinux openldap-devel-1.2.10-1.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/openldap-devel-1.2.1
0-1.i386.rpm -
TurboLinux openldap-libs-1.2.10-1.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/openldap-libs-1.2.10
-1.i386.rpm -
TurboLinux openldap-server-1.2.10-1.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/security/openldap-server-1.2.
10-1.i386.rpm
MandrakeSoft Linux Mandrake 6.1
-
MandrakeSoft 7.0 i386 openldap-1.2.9-5mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates
/
RedHat Linux 6.1 i386
-
Red Hat Inc. 6.1 i386 openldap-1.2.9-6.i386.rpm
ftp://updates.redhat.com/6.1/i386/openldap-1.2.9-6.i386.rpm
RedHat Linux 6.1 sparc
-
Red Hat Inc. 6.1 sparc openldap-1.2.9-6.sparc.rpm
ftp://updates.redhat.com/6.1/sparc/openldap-1.2.9-6.sparc.rpm
RedHat Linux 6.1 alpha
-
Red Hat Inc. 6.1 alpha openldap-1.2.9-6.alpha.rpm
ftp://updates.redhat.com/6.1/alpha/openldap-1.2.9-6.alpha.rpm
RedHat Linux 6.2 sparc
-
Red Hat Inc. 6.2 sparc openldap-1.2.9-6.sparc.rpm
ftp://updates.redhat.com/6.2/sparc/openldap-1.2.9-6.sparc.rpm
RedHat Linux 6.2 alpha
-
Red Hat Inc. 6.2 alpha openldap-1.2.9-6.alpha.rpm
ftp://updates.redhat.com/6.2/alpha/openldap-1.2.9-6.alpha.rpm
RedHat Linux 6.2 i386
-
Red Hat Inc. 6.2 i386 openldap-1.2.9-6.i386.rpm
ftp://updates.redhat.com/6.2/i386/openldap-1.2.9-6.i386.rpm
MandrakeSoft Linux Mandrake 7.0
-
MandrakeSoft 7.0 i386 openldap-1.2.9-5mdk.i586.rpm
ftp://ftp.linux.tucows.com/pub/distributions/Mandrake/Mandrake/updates
/
参考网址
来源: CALDERA
名称: CSSA-2000-009.0
链接:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt
来源: TURBO
名称: TLSA2000010-1
链接:http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html
来源: BID
名称: 1232
链接:http://www.securityfocus.com/bid/1232
来源: REDHAT
名称: RHSA-2000:012
链接:http://www.redhat.com/support/errata/RHSA-2000-012.html
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
