Sun Solaris RPC AUTH_DES权限提升漏洞

漏洞信息详情

Sun Solaris RPC AUTH_DES权限提升漏洞

• CNNVD编号：CNNVD-200212-078
• 危害等级： 超危
  
  
• CVE编号：
  CVE-2002-1584
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2002-12-27
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  sgi
• 漏洞来源：
  Sun Alert.

Solaris是Sun公司开发维护的商业Unix系统。
某些版本的Solaris软件实现的RPC AUTH_DES存在溢出漏洞，远程或本地攻击者可能利用此漏洞通过发送特殊的请求来获得权限提升。
还未得到具体漏洞细节。

厂商补丁：
Sun
—
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

Sun Solaris 2.5.1 _x86:

Sun Upgrade 103641-41

http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=103641&rev=41” target=”_blank”>
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=103641&rev=41

Sun Solaris 2.5.1:

Sun Upgrade 103640-41

http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=103640&rev=41” target=”_blank”>
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=103640&rev=41

Sun Solaris 2.6 _x86:

Sun Upgrade 105565-05

http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105565&rev=05” target=”_blank”>
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105565&rev=05

Sun Upgrade 105402-38

http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105402&rev=38” target=”_blank”>
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105402&rev=38

Sun Solaris 2.6:

Sun Upgrade 105401-38

http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105401&rev=38” target=”_blank”>
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105401&rev=38

Sun Upgrade 105564-05

http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105564&rev=05” target=”_blank”>
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105564&rev=05

Sun Solaris 7.0 _x86:

Sun Upgrade 106943-21

http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=106943&rev=21” target=”_blank”>
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=106943&rev=21

Sun Solaris 7.0:

Sun Upgrade 106942-21

http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=106942&rev=21” target=”_blank”>
http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=106942&rev=21

来源:US-CERT Vulnerability Note: VU#518057
名称: VU#518057
链接:http://www.kb.cert.org/vuls/id/518057

来源: SGI
名称: 20030402-01-P
链接:ftp://patches.sgi.com/support/free/security/advisories/20030402-01-P

来源: XF
名称: solaris-authdes-gain-privileges(10935)
链接:http://xforce.iss.net/xforce/xfdb/10935

来源: SUNALERT
名称: 46944
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-46944-1

来源: SECUNIA
名称: 7899
链接:http://secunia.com/advisories/7899/

来源: SECTRACK
名称: 1005934
链接:http://www.securitytracker.com/id?1005934

来源: BID
名称: 6484
链接:http://www.securityfocus.com/bid/6484