Util-Linux脚本命令覆盖任意文件漏洞

漏洞信息详情

Util-Linux脚本命令覆盖任意文件漏洞

• CNNVD编号：CNNVD-200112-221
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2001-1494
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2001-12-31
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  andries_brouwer
• 漏洞来源：
  Discovered by Marc…

util-linux包2.11n之前版本的脚本命令存在漏洞。本地用户可以通过设置系统上类型脚本日志文件和任意文件的硬链接覆盖任意文件，然后执行目录脚本命令。

Util-linux 2.11n and subsequent versions are not vulnerable to this issue.
RedHat has released advisory RHSA-2005:782-12 to address this issue. Please see the referenced advisory for more information.
Avaya has released advisory ASA-2006-014 to identify vulnerable Avaya products. Avaya advises customers to ENTER actions for products which use vulnerable versions of util-linux and mount. Please see the referenced advisory for more information.

来源: XF
名称: util-linux-script-hardlink(7718)
链接:http://xforce.iss.net/xforce/xfdb/7718

来源: REDHAT
名称: RHSA-2005:782
链接:http://www.redhat.com/support/errata/RHSA-2005-782.html

来源: BUGTRAQ
名称: 20011212 Silly ‘script’ hardlink bug
链接:http://seclists.org/bugtraq/2001/Dec/0123.html

来源: BUGTRAQ
名称: 20011213 Silly ‘script’ hardlink bug – fixed
链接:http://seclists.org/bugtraq/2001/Dec/0122.html

来源: OVAL
名称: oval:org.mitre.oval:def:10723
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10723

来源: BID
名称: 16280
链接:http://www.securityfocus.com/bid/16280

来源: support.avaya.com
链接:http://support.avaya.com/elmodocs2/security/ASA-2006-014.htm

来源: SECUNIA
名称: 18502
链接:http://secunia.com/advisories/18502

来源: SECUNIA
名称: 16785
链接:http://secunia.com/advisories/16785