CatDoc XLSView本地不安全临时文件创建漏洞

漏洞信息详情

CatDoc XLSView本地不安全临时文件创建漏洞

• CNNVD编号：CNNVD-200408-180
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2003-0193
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2004-08-18
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  catdoc
• 漏洞来源：
  The individual or …

catdoc 0.91及其早期版本xlsview中的msxlsview.sh存在漏洞。本地用户可以通过在可预见的临时文件的名称符号（“字$ $的。html”）链接攻击覆盖任意文件。

Debian Linux has released advisory DSA 575-1 along with fixes dealing with this issue. Please see the referenced advisory for more information.
Free Software Foundation CatDoc 0.91.5

• Debian catdoc_0.91.5-1.woody3_alpha.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.
  woody3_alpha.deb
• Debian catdoc_0.91.5-1.woody3_hppa.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.
  woody3_hppa.deb
• Debian catdoc_0.91.5-1.woody3_i386.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.
  woody3_i386.deb
• Debian catdoc_0.91.5-1.woody3_ia64.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.
  woody3_ia64.deb
• Debian catdoc_0.91.5-1.woody3_m68k.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.
  woody3_m68k.deb
• Debian catdoc_0.91.5-1.woody3_mips.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.
  woody3_mips.deb
• Debian catdoc_0.91.5-1.woody3_mipsel.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.
  woody3_mipsel.deb
• Debian catdoc_0.91.5-1.woody3_powerpc.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.
  woody3_powerpc.deb
• Debian catdoc_0.91.5-1.woody3_s390.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.
  woody3_s390.deb
• Debian catdoc_0.91.5-1.woody3_sparc.debDebian GNU/Linux 3.0 alias woody
  
  http://security.debian.org/pool/updates/main/c/catdoc/catdoc_0.91.5-1.
  woody3_sparc.deb

来源: DEBIAN
名称: DSA-575
链接:http://www.debian.org/security/2004/dsa-575

来源: XF
名称: catdoc-xlsview-symlink(16335)
链接:http://xforce.iss.net/xforce/xfdb/16335

来源: BID
名称: 11560
链接:http://www.securityfocus.com/bid/11560

来源: OSVDB
名称: 11193
链接:http://www.osvdb.org/11193

来源: SECUNIA
名称: 13022
链接:http://secunia.com/advisories/13022/

来源: SECUNIA
名称: 13021
链接:http://secunia.com/advisories/13021/

来源: bugs.debian.org
链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525