SCO UnixWare/OpenServer未明的CHRoot突围漏洞

漏洞信息详情

SCO UnixWare/OpenServer未明的CHRoot突围漏洞

• CNNVD编号：CNNVD-200401-028
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-1124
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2004-01-14
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  sco
• 漏洞来源：
  Discovery of this …

SCO UnixWare从 7.1.1到7.1.4版本中的chroot存在未知漏洞，本地用户可以摆脱chroot环境并进行未经许可的活动。

The vendor has released an advisory (SCOSA-2005.2) and fixes to address this vulnerability for UnixWare.
A fix for UnixWare 7.1.3 is included in UnixWare Release 7.1.3 Maintenance Pack 4 or later and a fix for UnixWare 7.1.1 is available in UnixWare Release 7.1.1 Maintenance Pack 5 or later
The vendor has released an advisory (SCOSA-2005.22) and fixes to address this vulnerability for OpenServer.
Customers are advised to see the referenced advisories for further information in regards to obtaining and applying appropriate fixes.
SCO Open Server 5.0.6

• SCO VOL.000.000 for SCOSA-2005.22
  ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.22

SCO Open Server 5.0.7

• SCO VOL.000.000 for SCOSA-2005.22
  ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.22

SCO Unixware 7.1.4

• SCO erg712629c.pkg.Z
  ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.2

来源: XF
名称: chroot-jail-security-bypass(18970)
链接:http://xforce.iss.net/xforce/xfdb/18970

来源: SCO
名称: SCOSA-2005.2
链接:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.2/SCOSA-2005.2.txt

来源: BID
名称: 12300
链接:http://www.securityfocus.com/bid/12300

来源: SECUNIA
名称: 15339
链接:http://secunia.com/advisories/15339

来源: SECUNIA
名称: 13915
链接:http://secunia.com/advisories/13915

来源: SCO
名称: SCOSA-2005.22
链接:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.22/SCOSA-2005.22.txt