漏洞信息详情
Trustix LVM实用程序未指定的不安全临时文件创建漏洞
- CNNVD编号:CNNVD-200502-030
- 危害等级: 低危
![图片[1]-Trustix LVM实用程序未指定的不安全临时文件创建漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-09-08/fa6998ac850c38cb90c47a02e5a8652c.png)
- CVE编号:
CVE-2004-0972
- 漏洞类型:
设计错误
- 发布时间:
2005-02-09
- 威胁类型:
本地
- 更新时间:
2005-10-20
- 厂 商:
gentoo - 漏洞来源:
Trustix security e… -
漏洞简介
LVM (Logic Volume Management,逻辑卷管理),是传统商业Unix就带有的一项高级磁盘管理工具。
Trustix Secure Linux 1.5至2.1以及其他可能操作系统中的lvm程序包内的 lvmcreate_initrd脚本,可让本地用户通过象征性的链接攻击临时文件,从而覆盖这些文件。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
LVM Logical Volume Management Utilities 1.0.1
Mandrake lvm-1.0.1-2.1.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php
Mandrake lvm-1.0.1-2.1.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php
LVM Logical Volume Management Utilities 1.0.4
Debian lvm10_1.0.4-5woody2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_alpha.deb
Debian lvm10_1.0.4-5woody2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_arm.deb
Debian lvm10_1.0.4-5woody2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_hppa.deb
Debian lvm10_1.0.4-5woody2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_i386.deb
Debian lvm10_1.0.4-5woody2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_ia64.deb
Debian lvm10_1.0.4-5woody2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_m68k.deb
Debian lvm10_1.0.4-5woody2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_mips.deb
Debian lvm10_1.0.4-5woody2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_mipsel.deb
Debian lvm10_1.0.4-5woody2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_powerpc.deb
Debian lvm10_1.0.4-5woody2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_s390.deb
Debian lvm10_1.0.4-5woody2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/l/lvm10/lvm10_1.0.4-5wood y2_sparc.deb
LVM Logical Volume Management Utilities 1.0.7
Mandrake lvm-1.0.7-2.1.92mdk.amd64.rpm
Mandrake Linux 9.2/AMD64
http://www.mandrakesecure.net/en/ftp.php
Mandrake lvm-1.0.7-2.1.92mdk.i586.rpm
Mandrake Linux 9.2
http://www.mandrakesecure.net/en/ftp.php
Trustix lvm-1.0.7-6tr.i586.rpm
Trustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
Trustix lvm-1.0.8-5tr.i586.rpm
Trustix Secure Linux 2.1 & Enterprise Server 2
ftp://ftp.trustix.org/pub/trustix/updates/
Trustix lvm-devel-1.0.7-6tr.i586.rpm
Trustix Secure Linux 2.0
ftp://ftp.trustix.org/pub/trustix/updates/
Trustix lvm-devel-1.0.8-5tr.i586.rpm
Trustix Secure Linux 2.1 & Enterprise Server 2
ftp://ftp.trustix.org/pub/trustix/updates/
LVM Logical Volume Management Utilities 1.0.8
Mandrake lvm1-1.0.8-3.1.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php
Mandrake lvm1-1.0.8-3.1.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php
Mandrake lvm1-1.0.8-3.1.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php
Mandrake lvm1-1.0.8-3.1.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php
Ubuntu lvm10-udeb_1.0.8-4ubuntu1.1_amd64.udeb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/lvm10-udeb_1.0.8-4 ubuntu1.1_amd64.udeb
Ubuntu lvm10-udeb_1.0.8-4ubuntu1.1_i386.udeb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/lvm10-udeb_1.0.8-4 ubuntu1.1_i386.udeb
Ubuntu lvm10-udeb_1.0.8-4ubuntu1.1_powerpc.udeb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/lvm10-udeb_1.0.8-4 ubuntu1.1_powerpc.udeb
Ubuntu lvm10_1.0.8-4ubuntu1.1_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/lvm10_1.0.8-4ubunt u1.1_amd64.deb
Ubuntu lvm10_1.0.8-4ubuntu1.1_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/lvm10_1.0.8-4ubunt u1.1_i386.deb
Ubuntu lvm10_1.0.8-4ubuntu1.1_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/l/lvm10/lvm10_1.0.8-4ubunt u1.1_powerpc.deb
参考网址
来源: TRUSTIX
名称: 2004-0050
链接:http://www.trustix.org/errata/2004/0050
来源: BID
名称: 11290
链接:http://www.securityfocus.com/bid/11290
来源: XF
名称: script-temporary-file-overwrite(17583)
链接:http://xforce.iss.net/xforce/xfdb/17583
来源: bugzilla.redhat.com
链接:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136308
来源: REDHAT
名称: RHBA-2004:232
链接:http://rhn.redhat.com/errata/RHBA-2004-232.html
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
