CERTA-2001-AVI-156

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité dans le shell sh permet, à un utilisateur mal intentionné, de corrompre n'importe quel fichier du système. Les shells tcsh, csh, ksh et bash, qui en sont dérivés, peuvent être concernés.

Description

Lorsque l'opérateur de redirection \<\< est utilisé, le shell crée un fichier temporaire dont le nom est prédictible. Ceci peut être exploité par un utilisateur local pour corrompre n'importe quel fichier du système, lorsque le shell est invoqué avec des droits root.

Solution

Appliquer les correctifs fournis par les vendeurs :

  • Linux Mandrake (bash1, tcsh)

    http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-075.php3

http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-069.php3

  • Linux RedHat (tcsh)

    http://www.redhat.com/support/errata/RHSA-2000-121.html

  • Debian (tcsh)

    http://www.debian.org/security/2000/20001111a

  • Trustix (tcsh)

    http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html

  • Conectiva (tcsh)

    http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000354

  • Caldera (bash, tcsh)

    http://www.caldera.com/support/security/advisories/CSSA-2000-042.0.txt

http://www.caldera.com/support/security/advisories/CSSA-2000-042.0.txt

  • Immunix (bash1)

    http://archives.neohapsis.com/archives/linux/immunix/2000-q4/0034.html

  • Sun Solaris (tcsh, csh, sh, ksh)

    http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=salert%2F27694

  • SGI Irix (tcsh, bsh, ksh)

    ftp://patches.sgi.com/support/free/security/advisories/20011103-01-I

  • FreeBSD (bash1)

    ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01%3A03.bash1.asc

Potentiellement tout système d'exploitation Unix.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003ePotentiellement tout syst\u00e8me d\u0027exploitation Unix.\u003c/P\u003e",
  "content": "## Description\n\nLorsque l\u0027op\u00e9rateur de redirection \\\u003c\\\u003c est utilis\u00e9, le shell cr\u00e9e un\nfichier temporaire dont le nom est pr\u00e9dictible. Ceci peut \u00eatre exploit\u00e9\npar un utilisateur local pour corrompre n\u0027importe quel fichier du\nsyst\u00e8me, lorsque le shell est invoqu\u00e9 avec des droits root.\n\n## Solution\n\nAppliquer les correctifs fournis par les vendeurs :\n\n-   Linux Mandrake (bash1, tcsh)\n\n        http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-075.php3\n\n        http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-069.php3\n\n-   Linux RedHat (tcsh)\n\n        http://www.redhat.com/support/errata/RHSA-2000-121.html\n\n-   Debian (tcsh)\n\n        http://www.debian.org/security/2000/20001111a\n\n-   Trustix (tcsh)\n\n        http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html\n\n-   Conectiva (tcsh)\n\n        http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000354\n\n-   Caldera (bash, tcsh)\n\n        http://www.caldera.com/support/security/advisories/CSSA-2000-042.0.txt\n\n        http://www.caldera.com/support/security/advisories/CSSA-2000-042.0.txt\n\n-   Immunix (bash1)\n\n        http://archives.neohapsis.com/archives/linux/immunix/2000-q4/0034.html\n\n-   Sun Solaris (tcsh, csh, sh, ksh)\n\n        http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=salert%2F27694\n\n-   SGI Irix (tcsh, bsh, ksh)\n\n        ftp://patches.sgi.com/support/free/security/advisories/20011103-01-I\n\n-   FreeBSD (bash1)\n\n        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01%3A03.bash1.asc\n",
  "cves": [],
  "links": [],
  "reference": "CERTA-2001-AVI-156",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2001-11-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Corruption de fichiers"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le shell \u003cspan class=\"textit\"\u003esh\u003c/span\u003e permet, \u00e0\nun utilisateur mal intentionn\u00e9, de corrompre n\u0027importe quel fichier du\nsyst\u00e8me. Les shells \u003cspan class=\"textit\"\u003etcsh\u003c/span\u003e, \u003cspan\nclass=\"textit\"\u003ecsh\u003c/span\u003e, \u003cspan class=\"textit\"\u003eksh\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003ebash\u003c/span\u003e, qui en sont d\u00e9riv\u00e9s, peuvent \u00eatre concern\u00e9s.\n",
  "title": "Fichiers temporaires mal s\u00e9curis\u00e9s cr\u00e9\u00e9s par divers shells",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Rapport de vuln\u00e9rabilit\u00e9 VU#10277 du CERT/CC",
      "url": "http://www.kb.cert.org/vuls/id/10277"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.