Mandrake Linux passwd未明安全漏洞

漏洞信息详情

Mandrake Linux passwd未明安全漏洞

• CNNVD编号：CNNVD-200412-780
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2004-2394
  
• 漏洞类型：
  
  
  未知
  
• 发布时间：
  
  2004-05-17
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  mandrakesoft
• 漏洞来源：
  Steve Grubb※ linux…

Mandrake Linux是一款开放源代码操作系统。
Mandrake Linux的passwd实现存在问题，可能导致安全级别降低，用户不能登录等问题。
根据报告，Mandrake Linux通过stdin提供给passwd的密码比预想的要少一字符，目前还不清楚是否会在交互提示状况下发生。这可导致用户密码存储不正确或用户不能登录。
另外PAM不正确初始化和\”safe and proper\”\”操作存在一定问题。

厂商补丁：
MandrakeSoft
————
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:045)以及相应补丁:

MDKSA-2004:045：Updated passwd packages fix vulnerabilities

链接：http://www.linux-mandrake.com/en/security/2004/2004-045.php” target=”_blank”>
http://www.linux-mandrake.com/en/security/2004/2004-045.php

补丁下载：

Updated Packages:

Mandrakelinux 10.0:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/passwd-0.68-2.2.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/passwd-0.68-2.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/passwd-0.68-2.2.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/SRPMS/passwd-0.68-2.2.100mdk.src.rpm

Corporate Server 2.1:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/passwd-0.67-5.2.C21mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/passwd-0.67-5.2.C21mdk.src.rpm

Corporate Server 2.1/x86_64:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/passwd-0.67-5.2.C21mdk.x86_64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/SRPMS/passwd-0.67-5.2.C21mdk.src.rpm

Mandrakelinux 9.1:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/passwd-0.68-2.2.91mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/passwd-0.68-2.2.91mdk.src.rpm

Mandrakelinux 9.1/PPC:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/passwd-0.68-2.2.91mdk.ppc.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/SRPMS/passwd-0.68-2.2.91mdk.src.rpm

Mandrakelinux 9.2:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/passwd-0.68-2.2.92mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/SRPMS/passwd-0.68-2.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/passwd-0.68-2.2.92mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/SRPMS/passwd-0.68-2.2.92mdk.src.rpm

Multi Network Firewall 8.2:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/mnf8.2/RPMS/passwd-0.64.1-9.2.M82mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/mnf8.2/SRPMS/passwd-0.64.1-9.2.M82mdk.src.rpm

_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php” target=”_blank”>
http://www.mandrakesecure.net/en/ftp.php

上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载：

http://www.mandrakesecure.net/en/ftp.php” target=”_blank”>
http://www.mandrakesecure.net/en/ftp.php

来源: XF
名称: passwd-stdin-offbyone-bo(16178)
链接:http://xforce.iss.net/xforce/xfdb/16178

来源: BID
名称: 10370
链接:http://www.securityfocus.com/bid/10370

来源: MANDRAKE
名称: MDKSA-2004:045
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:045

来源: bugzilla.redhat.com
链接:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120060

来源：NSFOCUS
名称：6467
链接：http://www.nsfocus.net/vulndb/6467