信任TTY的xtell设备名称远程漏洞

漏洞信息详情

信任TTY的xtell设备名称远程漏洞

• CNNVD编号：CNNVD-200206-096
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-0333
  
• 漏洞类型：
  
  
  路径遍历
  
• 发布时间：
  
  2002-06-25
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  xtell
• 漏洞来源：
  .’);”>Discovered by “Spy…

xtell (xtelld) 1.91.1版本及之前版本，以及2.x 2.7之前版本存在目录遍历漏洞。远程攻击者可以借助TTY参数中的..读取带有短名称的文件，并且本地用户可以通过使用带有短名称的符号链接读取更多的文件。

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
xtell xtell 1.91.1
@securityfocus.com>

• Debian xtell_1.91.1_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/xtel
  l_1.91.1_alpha.deb
• Debian xtell_1.91.1_arm.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-arm/xtell_
  1.91.1_arm.deb
• Debian xtell_1.91.1_i386.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-i386/xtell
  _1.91.1_i386.deb
• Debian xtell_1.91.1_m68k.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-m68k/xtell
  _1.91.1_m68k.deb
• Debian xtell_1.91.1_powerpc.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/xt
  ell_1.91.1_powerpc.deb
• Debian xtell_1.91.1_sparc.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-sparc/xtel
  l_1.91.1_sparc.deb

来源: BID
名称: 4194
链接:http://www.securityfocus.com/bid/4194

来源: XF
名称: xtell-tty-directory-traversal(8313)
链接:http://www.iss.net/security_center/static/8313.php

来源: DEBIAN
名称: DSA-121
链接:http://www.debian.org/security/2002/dsa-121

来源: BUGTRAQ
名称: 20020227 Remote exploit against xtelld and other fun
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101494896516467&w=2