Unix Shell Redirection竞态条件漏洞

漏洞信息详情

Unix Shell Redirection竞态条件漏洞

• CNNVD编号：CNNVD-200101-072
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2000-1134
  
• 漏洞类型：
  
  
  竞争条件
  
• 发布时间：
  
  2001-01-09
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2006-09-15
  
• 厂        商：
  
  suse
• 漏洞来源：
  This issue for bas…

多种Unix系统中的多个shell程序，包括：(1)tcsh，(2)csh，(3)sh，和(4)bash在处理＜＜ 重新传送(又称为here-documents或者in-here documents)时后缀符号链接，本地用户借助一个符号链接攻击覆盖其他用户的文件。

HP have released a security bulletin to address this issue in HP-UX. Customers who are affected by this issue are advised to apply appropriate patches as soon as possible. See referenced advisory for further detail regarding applying fixes. This bulletin has been revised to include fixes for HP-UX 11.04.
Sun has released an alert containing fixes to address this issue.
Sun has also released fixes for RaQ4, Qube3 and RaQXTR.
Various upgrades and patches have been made available:
Sun Cobalt RaQ4 Japanese RAID 3100R-ja

• Sun RaQ4-All-Security-2.0.1-16602.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0.
  1-16602.pkg

Sun Cobalt RaQ 4

• Sun RaQ4-All-Security-2.0.1-16602.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0.
  1-16602.pkg

RedHat bash-1.14.7-16.i386.rpm

• Red Hat Inc. 6.2 i386 bash-1.14.7-23.6x.i386.rpm
  ftp://updates.redhat.com/6.2/i386/bash-1.14.7-23.6x.i386.rpm

RedHat bash-1.14.7-22.i386.rpm

• Red Hat Inc. 6.2 i386 bash-1.14.7-23.6x.i386.rpm
  ftp://updates.redhat.com/6.2/i386/bash-1.14.7-23.6x.i386.rpm

Sun Solaris 8

• Sun 109324-03For sh.
  
  http://sunsolve.sun.com
• Sun 110898-02For csh.
  
  http://sunsolve.sun.com
• Sun 110943-01
  
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=110943&rev=01

Sun Cobalt Qube3 4000WG

• Sun Qube3-All-Security-4.0.1-16602.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0
  .1-16602.pkg

Sun Cobalt Qube3 w/ Caching and RAID 4100WG

• Sun Qube3-All-Security-4.0.1-16602.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0
  .1-16602.pkg

Sun Cobalt RaQ4 3001R

• Sun RaQ4-All-Security-2.0.1-16602.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/raq4/eng/RaQ4-All-Security-2.0.
  1-16602.pkg

Sun Cobalt RaQ XTR 3500R

• Sun RaQXTR-All-Security-1.0.1-16602.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security-
  1.0.1-16602.pkg

Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ

• Sun Qube3-All-Security-4.0.1-16602.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0
  .1-16602.pkg

RedHat bash-1.14.7-13.i386.rpm

• Red Hat Inc. 5.2 i386 bash-1.14.7-23.5x.i386.rpm
  ftp://updates.redhat.com/5.2/i386/bash-1.14.7-23.5x.i386.rpm

Conectiva Linux graficas

• Conectiva graficas i386 bash-1.14.7-26cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/bash-1.1
  4.7-26cl.i386.rpm

Sun Cobalt RaQ XTR Japanese 3500R-ja

• Sun RaQXTR-All-Security-1.0.1-16602.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security-
  1.0.1-16602.pkg

Conectiva Linux ecommerce

• Conectiva ecommerce i386 bash-1.14.7-26cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/bash-1.
  14.7-26cl.i386.rpm

Sun Cobalt Qube3 w/Caching 4010WG

• Sun Qube3-All-Security-4.0.1-16602.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0
  .1-16602.pkg

Sun Cobalt RaQ XTR

• Sun RaQXTR-All-Security-1.0.1-16602.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/raqxtr/eng/RaQXTR-All-Security-
  1.0.1-16602.pkg

Sun Cobalt Qube3 Japanese 4000WGJ

• Sun Qube3-All-Security-4.0.1-16602.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0
  .1-16602.pkg

Sun Cobalt Qube3 Japanese w/Caching 4010WGJ

• Sun Qube3-All-Security-4.0.1-16602.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0
  .1-16602.pkg

Sun Cobalt Qube 3

• Sun Qube3-All-Security-4.0.1-16602.pkg
  
  http://ftp.cobalt.sun.com/pub/packages/qube3/ml/Qube3-All-Security-4.0
  .1-16602.pkg

HP HP-UX 10.20

• HP PHCO_27803
  
  http://itrc.hp.com
• HP PHCO_27804
  
  http://itrc.hp.com
• HP PHCO_27819
  
  http://itrc.hp.com

HP HP-UX 11.0 4

• HP PHCO_29698
  
  http://itrc.hp.com
• HP PHCO_29702
  
  http://itrc.hp.com
• HP PHCO_29814
  
  http://itrc.hp.com

HP HP-UX 11.0

• HP PHCO_27344
  
  http://itrc.hp.com
• HP PHCO_27418
  
  http://itrc.hp.com
• HP PHCO_27763
  
  http://itrc.hp.com

HP HP-UX 11.11

• HP PHCO_26561
  
  http://itrc.hp.com
• HP PHCO_27019
  
  http://itrc.hp.com
• HP PHCO_27345
  
  http://itrc.hp.com

Caldera OpenLinux Desktop 2.3

• Caldera Desktop 2.3 bash-1.14.7-14.i386.rpm
  ftp://ftp.calderasystems.com/pub/updates/OpenLinux/2.3/current/RPMS/ba
  sh-1.14.7-14.i386.rpm

来源:US-CERT Vulnerability Note: VU#10277
名称: VU#10277
链接:http://www.kb.cert.org/vuls/id/10277

来源: BID
名称: 2006
链接:http://www.securityfocus.com/bid/2006

来源: FREEBSD
名称: FreeBSD-SA-00:76
链接:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:76.tcsh-csh.asc

来源: BID
名称: 1926
链接:http://www.securityfocus.com/bid/1926

来源: BUGTRAQ
名称: 20001128 /bin/sh creates insecure tmp files
链接:http://www.securityfocus.com/archive/1/146657

来源: REDHAT
名称: RHSA-2000:121
链接:http://www.redhat.com/support/errata/RHSA-2000-121.html

来源: REDHAT
名称: RHSA-2000:117
链接:http://www.redhat.com/support/errata/RHSA-2000-117.html

来源: MANDRAKE
名称: MDKSA-2000:075
链接:http://www.linux-mandrake.com/en/security/MDKSA-2000-075.php3

来源: MANDRAKE
名称: MDKSA-2000-069
链接:http://www.linux-mandrake.com/en/security/MDKSA-2000-069.php3

来源: DEBIAN
名称: 20001111a
链接:http://www.debian.org/security/2000/20001111a

来源: CALDERA
名称: CSSA-2000-043.0
链接:http://www.calderasystems.com/support/security/advisories/CSSA-2000-043.0.txt

来源: CALDERA
名称: CSSA-2000-042.0
链接:http://www.calderasystems.com/support/security/advisories/CSSA-2000-042.0.txt

来源: BUGTRAQ
名称: 20001130 [ADV/EXP]: RH6.x root from bash /tmp vuln + MORE
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=97561816504170&w=2

来源: CONECTIVA
名称: CLSA-2000:354
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000354

来源: CONECTIVA
名称: CLA-2000:350
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000350

来源: COMPAQ
名称: SSRT1-41U
链接:http://archives.neohapsis.com/archives/tru64/2002-q1/0009.html

来源: BUGTRAQ
名称: 20001028 tcsh: unsafe tempfile in << redirects
链接:http://archives.neohapsis.com/archives/bugtraq/2000-10/0418.html

来源: SGI
名称: 20011103-02-P
链接:ftp://patches.sgi.com/support/free/security/advisories/20011103-02-P

来源: US Government Resource: oval:org.mitre.oval:def:4047
名称: oval:org.mitre.oval:def:4047
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4047