Courier SqWebMail可访问本地特权文件漏洞

漏洞信息详情

Courier SqWebMail可访问本地特权文件漏洞

• CNNVD编号：CNNVD-200211-065
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2002-1311
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2002-11-29
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-05-13
  
• 厂        商：
  
  double_precision_incorporated
• 漏洞来源：
  Debian Security Ad…

Courier sqwebmail是一款基于WEB的邮件系统。
Courier sqwebmail在启动的时候没有丢弃权限，本地攻击者可以利用这个漏洞读取本地文件系统任意文件内容。
攻击者可以通过执行SqWebMail程序，利用这个漏洞访问敏感文件。
具体漏洞细节没有获得。

厂商补丁：
Debian
——
Debian已经为此发布了一个安全公告(DSA-197-1)以及相应补丁:

DSA-197-1：New sqwebmail packages fix local information exposure

链接：http://www.debian.org/security/2002/dsa-197” target=”_blank”>
http://www.debian.org/security/2002/dsa-197

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.3.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.3.diff.gz

Size/MD5 checksum: 31812 1e442e4981a72331ee5cd14c3a9b38b6

http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.3.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3-2.3.dsc

Size/MD5 checksum: 913 b0f1eca2a415ad9489fcddffc763133c

http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier_0.37.3.orig.tar.gz

Size/MD5 checksum: 3238013 350cbb2e8b5f384409bdf2a15d605bc9

Architecture independent components:

http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.37.3-2.3_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-doc_0.37.3-2.3_all.deb

Size/MD5 checksum: 313318 9ffb97bf4dfb7d8c81cad69a3a8e3fa9

Alpha architecture:

http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_alpha.deb

Size/MD5 checksum: 52090 f0c8be437fab3970abe1f85fd3d031ef

http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_alpha.deb

Size/MD5 checksum: 47134 5ab678174a550e0aaba0a66621bc1f4d

http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_alpha.deb

Size/MD5 checksum: 146116 d37e896ddceb6a22f9ab07839c58d142

http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_alpha.deb

Size/MD5 checksum: 18480 aca373081b7bcc49f543a0f9f22c66a3

http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_alpha.deb

Size/MD5 checksum: 138688 6bbf7789d3d5b922c8804b5e92ef6498

http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier-ssl/courier-imap-ssl_1.4.3-3.1_alpha.deb

Size/MD5 checksum: 9770 011e7fa45ec87997bd350d9db9bdd5ae

http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_alpha.deb

Size/MD5 checksum: 61156 2d09044e391d7a093ae3575b98520f29

http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_alpha.deb

Size/MD5 checksum: 208022 83c5fe4793107b4844f8553b859c470e

http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_alpha.deb

Size/MD5 checksum: 134074 280ac1c073b271412c0932e20ec1e045

http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_alpha.deb

Size/MD5 checksum: 667280 35b51e45df915bf437b978613b5932e1

http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_alpha.deb

Size/MD5 checksum: 62176 3776eb4c75541fb0c640a3d29b58f603

http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-pop_0.37.3-2.3_alpha.deb

Size/MD5 checksum: 40030 ef7e68249a62d103a230f4411174a1de

http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-webadmin_0.37.3-2.3_alpha.deb

Size/MD5 checksum: 25174 98a826fc4b31ca9d21052a8830475ff0

http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/sqwebmail_0.37.3-2.3_alpha.deb

Size/MD5 checksum: 329272 8088db6cdb6dd3e6f48916769329a8a1

ARM architecture:

http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-authdaemon_0.37.3-2.3_arm.deb

Size/MD5 checksum: 47026 d99f2b77e05fafaa03c4fd8cc14c2d68

http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-authmysql_0.37.3-2.3_arm.deb

Size/MD5 checksum: 42244 07a25700c5180e6bc66528a5e1418e34

http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-base_0.37.3-2.3_arm.deb

Size/MD5 checksum: 128422 dabd5b6b22e83e543d63ce5037b06e82

http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-debug_0.37.3-2.3_arm.deb

Size/MD5 checksum: 17434 add1f98ed948318ab0d903fe9a40679e

http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-imap_1.4.3-2.3_arm.deb

Size/MD5 checksum: 124394 9e40158fd8a3706991d519846aaf6029

http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-ldap_0.37.3-2.3_arm.deb

Size/MD5 checksum: 53362 3b4973e062ffc1c64b4aec1afbb778e8

http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-maildrop_0.37.3-2.3_arm.deb

Size/MD5 checksum: 179910 9d8dff9a47b00f0676a043558c59637d

http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-mlm_0.37.3-2.3_arm.deb

Size/MD5 checksum: 116014 17b071b5baea820e437756406fed408b

http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/courier/courier-mta_0.37.3-2.3_arm.deb

Size/MD5 checksum: 549508 de4ecc66d28851548c4d526c76d9a9fd

http://security.debian.org/pool/updates/main/c/courier/courier-pcp_0.37.3-2.3_arm.deb” target=”_blank”>htt