Tmpwatch任意命执行漏洞

漏洞信息详情

Tmpwatch任意命执行漏洞

• CNNVD编号：CNNVD-200010-001
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2000-0816
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2000-10-06
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  redhat
• 漏洞来源：
  This vulneability …

Linux tmpwatch –fuser选项存在漏洞。本地用户通过创建文件名包含shell元字符的文件执行任意命令。

Do not use the –fuser or -s options with tmpwatch.
Red Hat:
Red Hat has issued the following RPMs that contain fixes for this vulnerability.
Red Hat Linux 6.2:
alpha:
ftp://updates.redhat.com/6.2/alpha/tmpwatch-2.6.2-1.6.2.alpha.rpm
sparc:
ftp://updates.redhat.com/6.2/sparc/tmpwatch-2.6.2-1.6.2.sparc.rpm
i386:
ftp://updates.redhat.com/6.2/i386/tmpwatch-2.6.2-1.6.2.i386.rpm
sources:
ftp://updates.redhat.com/6.2/SRPMS/tmpwatch-2.6.2-1.6.2.src.rpm
Red Hat Linux 7.0:
i386:
ftp://updates.redhat.com/7.0/i386/tmpwatch-2.6.2-1.7.i386.rpm
sources:
ftp://updates.redhat.com/7.0/SRPMS/tmpwatch-2.6.2-1.7.src.rpm
Immunix:
Immunix OS 6.2 (StackGuarded
versions of the RedHat packages.) They can be found at:
http://www.immunix.org:8080/ImmunixOS/6.2/updates/RPMS/tmpwatch-2.6.2-1.6.2_StackGuard.i386.rpm
or
http://www.immunix.org:8080/ImmunixOS/6.2/updates/SRPMS/tmpwatch-2.6.2-1.6.2_StackGuard.src.rpm
Trustix:
All users of TSL should upgrade to the new rpm:
tmpwatch-2.6.2-1tr.i586.rpm (MD5sum: 3200b3812bfe6e87f326e240fed0686a)
This file can be found at:
http://www.trustix.net/download/Trustix/updates/1.1/RPMS/
or
ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/

来源: ISS
名称: 20001006 Insecure call of external programs in Red Hat Linux tmpwatch
链接:http://xforce.iss.net/alerts/advise64.php

来源: XF
名称: linux-tmpwatch-fuser(5320)
链接:http://xforce.iss.net/xforce/xfdb/5320

来源: BID
名称: 1785
链接:http://www.securityfocus.com/bid/1785

来源: REDHAT
名称: RHSA-2000:080
链接:http://www.redhat.com/support/errata/RHSA-2000-080.html

来源: MANDRAKE
名称: MDKSA-2000:056
链接:http://www.linux-mandrake.com/en/security/MDKSA-2000-056.php3?dis=7.1