KSymoops KSymoops-GZNM处理不安全的临时文件符号链接漏洞

漏洞信息详情

KSymoops KSymoops-GZNM处理不安全的临时文件符号链接漏洞

• CNNVD编号：CNNVD-200408-119
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-0581
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2004-08-06
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  gnu
• 漏洞来源：
  Discovery of this …

Mandrake Linux 9.1到10.0版本以及Corporate Server 2.1版本中的ksymoops-gznm脚本存在漏洞。本地用户可以通过在/ tmp目录文件上的链接攻击删除任意文件。

Mandrake has released an advisory(MDKSA-2004:060) and updates to address this issue in Mandrake Linux. Users are advised to read the referenced advisory for further details regarding obtaining and applying appropriate updates.
GNU Ksymoops 2.4.5

• Mandrake ksymoops-2.4.5-1.1.C21mdk.i586.rpmMandrake Corporate Server 2.1
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake ksymoops-2.4.5-1.1.C21mdk.x86_64.rpmMandrake Corporate Server 2.1/X86_64
  
  http://www.mandrakesecure.net/en/ftp.php

GNU Ksymoops 2.4.8

• Mandrake ksymoops-2.4.8-1.1.91mdk.i586.rpmMandrake Linux 9.1
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake ksymoops-2.4.8-1.1.91mdk.ppc.rpmMandrake Linux 9.1/PPC
  
  http://www.mandrakesecure.net/en/ftp.php

GNU Ksymoops 2.4.9

• Mandrake ksymoops-2.4.9-2.1.100mdk.amd64.rpmMandrake Linux 10.0/AMD64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake ksymoops-2.4.9-2.1.100mdk.i586.rpmMandrake Linux 10.0
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake ksymoops-2.4.9-2.1.92mdk.amd64.rpmMandrake Linux 9.2/AMD64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake ksymoops-2.4.9-2.1.92mdk.i586.rpmMandrake Linux 9.2
  
  http://www.mandrakesecure.net/en/ftp.php

来源: BID
名称: 10516
链接:http://www.securityfocus.com/bid/10516

来源: XF
名称: ksymoops-symlink(16392)
链接:http://xforce.iss.net/xforce/xfdb/16392

来源: MANDRAKE
名称: MDKSA-2004:060
链接:http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:060