xtell登录文件符号链接攻击

漏洞信息详情

xtell登录文件符号链接攻击

• CNNVD编号：CNNVD-200206-070
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2002-0334
  
• 漏洞类型：
  
  
  竞争条件
  
• 发布时间：
  
  2002-06-25
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  xtell
• 漏洞来源：
  .’);”>Discovered by “Spy…

xtell (xtelld) 1.91.1及其早期版本和2.7之前的2.x版本存在漏洞。本地用户借助.xtell-log文件中的一个符号链接攻击修改文件。

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
xtell xtell 1.91.1
@securityfocus.com>

• Debian xtell_1.91.1_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xtel
  l_1.91.1_alpha.deb
• Debian xtell_1.91.1_arm.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-arm/xtell_
  1.91.1_arm.deb
• Debian xtell_1.91.1_i386.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-i386/xtell
  _1.91.1_i386.deb
• Debian xtell_1.91.1_m68k.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-m68k/xtell
  _1.91.1_m68k.deb
• Debian xtell_1.91.1_powerpc.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/xt
  ell_1.91.1_powerpc.deb
• Debian xtell_1.91.1_sparc.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-sparc/xtel
  l_1.91.1_sparc.deb

来源: BID
名称: 4197
链接:http://www.securityfocus.com/bid/4197

来源: XF
名称: xtell-log-symlink(8314)
链接:http://www.iss.net/security_center/static/8314.php

来源: DEBIAN
名称: DSA-121
链接:http://www.debian.org/security/2002/dsa-121

来源: BUGTRAQ
名称: 20020227 Remote exploit against xtelld and other fun
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101494896516467&w=2