Apple PPPDialer不安全记录文件创建符号连接漏洞

漏洞信息详情

Apple PPPDialer不安全记录文件创建符号连接漏洞

• CNNVD编号：CNNVD-200412-633
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2004-0824
  
• 漏洞类型：
  
  
  访问验证错误
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  apple
• 漏洞来源：
  This vulnerability…

Mac OS X 10.2.8版本到10.3.5版本的PPPDialer存在漏洞。本地用户可以借助对PPPDialer记录文件的符号攻击来覆盖系统文件。

Apple has released an advisory (APPLE-SA-0024-09-07) along with fixes to address this, and many other issues. Please see the referenced advisory for further information.
Apple Mac OS X 10.2.8

• Apple SecUpd2004-09-07JagClient.dmg
  
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04717&plat
  form=osx&method=sa/SecUpd2004-09-07JagClient.dmg

Apple Mac OS X Server 10.2.8

• Apple SecUpdSrvr2004-09-07Jag.dmg
  
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04716&plat
  form=osx&method=sa/SecUpdSrvr2004-09-07Jag.dmg

Apple Mac OS X 10.3.4

• Apple SecUpd2004-09-07PanClient.dmg
  
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04712&plat
  form=osx&method=sa/SecUpd2004-09-07PanClient.dmg

Apple Mac OS X Server 10.3.4

• Apple SecUpdSrvr2004-09-07PanL.dmg
  
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04713&plat
  form=osx&method=sa/SecUpdSrvr2004-09-07PanL.dmg

Apple Mac OS X 10.3.5

• Apple SecUpd2004-09-07PanMClient.dmg
  
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04715&plat
  form=osx&method=sa/SecUpd2004-09-07PanMClient.dmg

Apple Mac OS X Server 10.3.5

• Apple SecUpdSrvr2004-09-07PanM.dmg
  
  http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=04714&plat
  form=osx&method=sa/SecUpdSrvr2004-09-07PanM.dmg

来源: XF
名称: macosx-pppdialer-symlink(17298)
链接:http://xforce.iss.net/xforce/xfdb/17298

来源: BID
名称: 11139
链接:http://www.securityfocus.com/bid/11139

来源: APPLE
名称: APPLE-SA-2004-09-07
链接:http://www.securityfocus.com/advisories/7148

来源: AUSCERT
名称: ESB-2004.0559
链接:http://www.auscert.org.au/render.html?it=4363

来源: SECTRACK
名称: 1011175
链接:http://securitytracker.com/id?1011175

来源: CIAC
名称: O-212
链接:http://www.ciac.org/ciac/bulletins/o-212.shtml