UTempter多个本地漏洞

漏洞信息详情

UTempter多个本地漏洞

• CNNVD编号：CNNVD-200408-197
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2004-0233
  
• 漏洞类型：
  
  
  路径遍历
  
• 发布时间：
  
  2004-08-18
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2006-09-22
  
• 厂        商：
  
  slackware
• 漏洞来源：
  Discovery of these…

Utempter允许包含..（点 点）目录遍历序列的设备名称，本地用户可以通过在与信任utmp或者wtmp文件的应用程序相组合的设备名称上的链接攻击覆盖任意文件。

Red Hat has released an advisory RHSA-2004:175-01 and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes.
Mandrake has released an advisory MDKSA-2004:031-1 and fixes to address this issue. Please see referenced advisory for further details regarding obtaining and applying appropriate fixes.
Slackware Linux has released advisory SSA:2004-110-01 and updates dealing with this issue.
Red Hat Fedora has released advisory FEDORA-2004-108 and information on updated the affected application. Please see the referenced advisory for more information.
Gentoo Linux has released advisory GLSA 200405-05 dealing with this issue. It is recommended that affected users issue these commands to ensure their system is properly updated:
# emerge sync
# emerge -pv “>=sys-apps/utempter-0.5.5.4”
# emerge “>=sys-apps/utempter-0.5.5.4”
Red Hat Fedora Legacy has released advisory FLSA:1546 dealing with this issue for Red Hat Linux 8.0, 7.3 and 7.2. Please see the referenced advisory for more information.
Red Hat has released advisory RHSA-2004:174-09 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
SGI has released an advisory (20040603-01-U) to address this and other issues in SGI ProPack 3. Please see the referenced advisory for more information.
SGI has released an advisory (20040602-01-U) to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information.
Sun has released Sun Alert Notification #57658 to address this issue in Sun Java Desktop System operating systems. Please see the referenced alert for further information on obtaining fixes.
RedHat utempter-0.5.2-16.i386.rpm

• RedHat utempter-0.5.5-2.RHL9.0.i386.rpm
  ftp://updates.redhat.com/9/en/os/i386/utempter-0.5.5-2.RHL9.0.i386.rpm
  

Slackware Linux -current

• Slackware utempter-1.1.1-i486-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/ut
  empter-1.1.1-i486-1.tgz

utempter utempter 0.5.2

• Fedora utempter-0.5.2-6.7.x.1.legacy.i386.rpmRed Hat Linux 7.2 & 7.3
  
  http://download.fedoralegacy.org/redhat/7.2/updates/i386/utempter-0.5.
  2-6.7.x.1.legacy.i386.rpm
• Fedora utempter-0.5.2-6.8.0.1.legacy.i386.rpmRed Hat Linux 8.0
  
  http://download.fedoralegacy.org/redhat/8.0/updates/i386/utempter-0.5.
  2-6.8.0.1.legacy.i386.rpm
• Mandrake lib64utempter0-0.5.2-12.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake lib64utempter0-0.5.2-12.2.92mdk.amd64.rpmMandrake Linux 9.2/AMD64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake lib64utempter0-devel-0.5.2-12.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake lib64utempter0-devel-0.5.2-12.2.92mdk.amd64.rpmMandrake Linux 9.2/AMD64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake libutempter0-0.5.2-10.2.91mdk.i586.rpmMandrake Linux 9.1
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake libutempter0-0.5.2-10.2.91mdk.ppc.rpmMandrake Linux 9.1/PPC
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake libutempter0-0.5.2-11.2.C21mdk.i586.rpmMandrake Corporate Server 2.1
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake libutempter0-0.5.2-11.2.C21mdk.x86_64.rpmMandrake Corporate Server 2.1/X86_64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake libutempter0-0.5.2-12.2.100mdk.i586.rpmMandrake Linux 10.0
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake libutempter0-0.5.2-12.2.92mdk.i586.rpmMandrake Linux 9.2
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake libutempter0-0.5.2-5.2.M82mdk.i586.rpmMandrake Multi Network Firewall 8.2
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake libutempter0-devel-0.5.2-10.2.91mdk.i586.rpmMandrake Linux 9.1
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake libutempter0-devel-0.5.2-10.2.91mdk.ppc.rpmMandrake Linux 9.1/PPC
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake libutempter0-devel-0.5.2-11.2.C21mdk.i586.rpmMandrake Corporate Server 2.1
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake libutempter0-devel-0.5.2-11.2.C21mdk.x86_64.rpmMandrake Corporate Server 2.1/X86_64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake libutempter0-devel-0.5.2-12.2.100mdk.i586.rpmMandrake Linux 10.0
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake libutempter0-devel-0.5.2-12.2.92mdk.i586.rpmMandrake Linux 9.2
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake libutempter0-devel-0.5.2-5.2.M82mdk.i586.rpmMandrake Multi Network Firewall 8.2
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake utempter-0.5.2-10.2.91mdk.i586.rpmMandrake Linux 9.1
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake utempter-0.5.2-10.2.91mdk.ppc.rpmMandrake Linux 9.1/PPC
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake utempter-0.5.2-11.2.C21mdk.i586.rpmMandrake Corporate Server 2.1
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake utempter-0.5.2-11.2.C21mdk.x86_64.rpmMandrake Corporate Server 2.1/X86_64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake utempter-0.5.2-12.2.100mdk.amd64.rpmMandrake Linux 10.0/AMD64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake utempter-0.5.2-12.2.100mdk.i586.rpm

来源: BID
名称: 10178
链接:http://www.securityfocus.com/bid/10178

来源: REDHAT
名称: RHSA-2004:174
链接:http://www.redhat.com/support/errata/RHSA-2004-174.html

来源: XF
名称: utemper-symlink(15904)
链接:http://xforce.iss.net/xforce/xfdb/15904

来源: SLACKWARE
名称: SSA:2004-110
链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404389

来源: REDHAT
名称: RHSA-2004:175
链接:http://www.redhat.com/support/errata/RHSA-2004-175.html

来源: SUNALERT
名称: 1000752
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000752.1-1

来源: GENTOO
名称: GLSA-200405-05
链接:http://security.gentoo.org/glsa/glsa-200405-05.xml

来源: OVAL
名称: oval:org.mitre.oval:def:10115
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10115

来源: MANDRAKE
名称: MDKSA-2004:031
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:031

来源: US Government Resource: oval:org.mitre.oval:def:979
名称: oval:org.mitre.oval:def:979
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:979