首页 -> 安全研究

安全研究

绿盟月刊
绿盟安全月刊->第1期->最新漏洞
期刊号: 类型: 关键词:
Debian 发布补丁程序修正crond安全问题

整理:小鱼儿(littlefish@soim.net)
出处:Debian Security Advisory
主页:http://www.debian.org/security/
日期:1999-09-15

在 Red Hat 所发布的 Security Advisory (RHSA-1999:030-01) 中,Red Hat 已经现一样可获得 root 权限的安全性漏洞,但因为遗漏细节部份的原因,让这个漏远比 Security Advisory 所发布的影响程度更大。根据 Caldera 及 Debian 的查发现:一般使用者甚至可通过设置 cron table 定时在SMTP端口收信,即使系统没有启动 sendmail 程序。

建议尽快更新您的 cron package。

受影响平台:

Debian GNU/Linux 2.1 Intel Motorola 68xxx alpha Sun sparc architecture
Debian GNU/Linux pre2.2 Alpha ARM Intel ia32 Motorola 680x0 PowerPC Sun Sparc architecture

影响结果:用户可获取额外的 root 权限。


解决方案:

以下是各版本之对应的修正补丁程序:

Debian GNU/Linux 2.1 alias slink
--------------------------------

这一版本的Debian只适用于Intel, the Motorola 68xxx, the alpha and the Sun sparc 构架。

源代码:

http://security.debian.org/dists/stable/updates/source/cron_3.0pl1-50.2.diff.gz
MD5 checksum: 96a4b55e06127c4a6cf31ee511227adb
http://security.debian.org/dists/stable/updates/source/cron_3.0pl1-50.2.dsc
MD5 checksum: 3998735f00d3f10a5e290227db6bf611
http://security.debian.org/dists/stable/updates/source/cron_3.0pl1.orig.tar.gz
MD5 checksum: 4c64aece846f8483daf440f8e3dd210f

Alpha 构架:

http://security.debian.org/dists/stable/updates/binary-alpha/cron_3.0pl1-50.2_alpha.deb
MD5 checksum: cbab162fffd7dba71373b3eb62201b52

Intel ia32 构架:

http://security.debian.org/dists/stable/updates/binary-i386/cron_3.0pl1-50.2_i386.deb
MD5 checksum: 85d9ffff103d0121101b7b80817d0abe

Motorola 680x0 构架:

http://security.debian.org/dists/stable/updates/binary-m68k/cron_3.0pl1-50.2_m68k.deb
MD5 checksum: 62a039991c237a92c4a3cdcef4a328d7

Sun Sparc 构架:

http://security.debian.org/dists/stable/updates/binary-sparc/cron_3.0pl1-50.2_sparc.deb
MD5 checksum: 56f5e099ab621572b560706e1eec9ebb


Debian GNU/Linux pre2.2 alias potato
------------------------------------

源代码:

http://security.debian.org/dists/unstable/updates/source/cron_3.0pl1-52.diff.gz
MD5 checksum: f500a0dc7175d64de4822f159a51d739
http://security.debian.org/dists/unstable/updates/source/cron_3.0pl1-52.dsc
MD5 checksum: 1a16af335a106805ecdd6585a75ee61a
http://security.debian.org/dists/unstable/updates/source/cron_3.0pl1.orig.tar.gz
MD5 checksum: 4c64aece846f8483daf440f8e3dd210f

Alpha 构架:

http://security.debian.org/dists/unstable/updates/binary-alpha/cron_3.0pl1-52_alpha.deb
MD5 checksum: 8e5246a79269b8f489a3cdb7efc41661

ARM 构架:

http://security.debian.org/dists/unstable/updates/binary-arm/cron_3.0pl1-52_arm.deb
MD5 checksum: 8d103d4a60ec94d1f0fb07caabd34575

Intel ia32 构架:

http://security.debian.org/dists/unstable/updates/binary-i386/cron_3.0pl1-52_i386.deb
MD5 checksum: a7f8de4f43aa21e2fe94fe602c6c2c83

Motorola 680x0 构架:

http://security.debian.org/dists/unstable/updates/binary-m68k/cron_3.0pl1-52_m68k.deb
MD5 checksum: b2e866ecc10e95094202327eab5fc0fd

PowerPC 构架:


http://security.debian.org/dists/unstable/updates/binary-powerpc/cron_3.0pl1-52_powerpc.deb
MD5 checksum: 058a25564bc7c9c6fb153eafa0126cee

Sun Sparc 构架:

http://security.debian.org/dists/unstable/updates/binary-sparc/cron_3.0pl1-52_sparc.deb
MD5 checksum: ed34f37c41d9322ba094ede04d8d2e16

  

版权所有,未经许可,不得转载