CERTA-2001-AVI-156
Vulnerability from certfr_avis

Une vulnérabilité dans le shell sh permet, à un utilisateur mal intentionné, de corrompre n'importe quel fichier du système. Les shells tcsh, csh, ksh et bash, qui en sont dérivés, peuvent être concernés.

Description

Lorsque l'opérateur de redirection \<\< est utilisé, le shell crée un fichier temporaire dont le nom est prédictible. Ceci peut être exploité par un utilisateur local pour corrompre n'importe quel fichier du système, lorsque le shell est invoqué avec des droits root.

Solution

Appliquer les correctifs fournis par les vendeurs :

  • Linux Mandrake (bash1, tcsh)

    http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-075.php3

http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-069.php3

  • Linux RedHat (tcsh)

    http://www.redhat.com/support/errata/RHSA-2000-121.html

  • Debian (tcsh)

    http://www.debian.org/security/2000/20001111a

  • Trustix (tcsh)

    http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html

  • Conectiva (tcsh)

    http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000354

  • Caldera (bash, tcsh)

    http://www.caldera.com/support/security/advisories/CSSA-2000-042.0.txt

http://www.caldera.com/support/security/advisories/CSSA-2000-042.0.txt

  • Immunix (bash1)

    http://archives.neohapsis.com/archives/linux/immunix/2000-q4/0034.html

  • Sun Solaris (tcsh, csh, sh, ksh)

    http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=salert%2F27694

  • SGI Irix (tcsh, bsh, ksh)

    ftp://patches.sgi.com/support/free/security/advisories/20011103-01-I

  • FreeBSD (bash1)

    ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01%3A03.bash1.asc

Potentiellement tout système d'exploitation Unix.

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003ePotentiellement tout syst\u00e8me d\u0027exploitation Unix.\u003c/P\u003e",
  "content": "## Description\n\nLorsque l\u0027op\u00e9rateur de redirection \\\u003c\\\u003c est utilis\u00e9, le shell cr\u00e9e un\nfichier temporaire dont le nom est pr\u00e9dictible. Ceci peut \u00eatre exploit\u00e9\npar un utilisateur local pour corrompre n\u0027importe quel fichier du\nsyst\u00e8me, lorsque le shell est invoqu\u00e9 avec des droits root.\n\n## Solution\n\nAppliquer les correctifs fournis par les vendeurs :\n\n-   Linux Mandrake (bash1, tcsh)\n\n        http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-075.php3\n\n        http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-069.php3\n\n-   Linux RedHat (tcsh)\n\n        http://www.redhat.com/support/errata/RHSA-2000-121.html\n\n-   Debian (tcsh)\n\n        http://www.debian.org/security/2000/20001111a\n\n-   Trustix (tcsh)\n\n        http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html\n\n-   Conectiva (tcsh)\n\n        http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000354\n\n-   Caldera (bash, tcsh)\n\n        http://www.caldera.com/support/security/advisories/CSSA-2000-042.0.txt\n\n        http://www.caldera.com/support/security/advisories/CSSA-2000-042.0.txt\n\n-   Immunix (bash1)\n\n        http://archives.neohapsis.com/archives/linux/immunix/2000-q4/0034.html\n\n-   Sun Solaris (tcsh, csh, sh, ksh)\n\n        http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=salert%2F27694\n\n-   SGI Irix (tcsh, bsh, ksh)\n\n        ftp://patches.sgi.com/support/free/security/advisories/20011103-01-I\n\n-   FreeBSD (bash1)\n\n        ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01%3A03.bash1.asc\n",
  "cves": [],
  "initial_release_date": "2001-11-30T00:00:00",
  "last_revision_date": "2001-11-30T00:00:00",
  "links": [],
  "reference": "CERTA-2001-AVI-156",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2001-11-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Corruption de fichiers"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans le shell \u003cspan class=\"textit\"\u003esh\u003c/span\u003e permet, \u00e0\nun utilisateur mal intentionn\u00e9, de corrompre n\u0027importe quel fichier du\nsyst\u00e8me. Les shells \u003cspan class=\"textit\"\u003etcsh\u003c/span\u003e, \u003cspan\nclass=\"textit\"\u003ecsh\u003c/span\u003e, \u003cspan class=\"textit\"\u003eksh\u003c/span\u003e et \u003cspan\nclass=\"textit\"\u003ebash\u003c/span\u003e, qui en sont d\u00e9riv\u00e9s, peuvent \u00eatre concern\u00e9s.\n",
  "title": "Fichiers temporaires mal s\u00e9curis\u00e9s cr\u00e9\u00e9s par divers shells",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Rapport de vuln\u00e9rabilit\u00e9 VU#10277 du CERT/CC",
      "url": "http://www.kb.cert.org/vuls/id/10277"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.