首页 -> 安全研究
安全研究
安全漏洞
MM共享内存库临时文件本地权限提升漏洞
发布日期:2002-07-29
更新日期:2002-08-05
受影响系统:
OSSP mm 1.1.3不受影响系统:
OSSP mm 1.1.2
OSSP mm 1.1.1
OSSP mm 1.1.0
OSSP mm 1.0.9
OSSP mm 1.0.8
OSSP mm 1.0.7
OSSP mm 1.0.6
OSSP mm 1.0.5
OSSP mm 1.0.4
OSSP mm 1.0.3
OSSP mm 1.0.2
OSSP mm 1.0.12
OSSP mm 1.0.11
OSSP mm 1.0.10
OSSP mm 1.0.1
OSSP mm 1.0.0
- Linux系统
OSSP mm 1.2.1描述:
OSSP mm 1.2.0
BUGTRAQ ID: 5352
CVE(CAN) ID: CVE-2002-0658
OSSP MM是一款共享内存程序库。
OSSP MM存在竞争条件漏洞,本地攻击者可以利用这个漏洞进行权限提升。
Marcus Meissner和Sebastian Krahmer发现在MM共享库中在处理临时文件时存在竞争条件漏洞,本地攻击者可以利用这个漏洞进行权限提升。
Apache Web服务程序使用了MM共享库,如果拥有Apache用户权限的攻击者,可以利用这个漏洞获得root用户权限。
<*来源:Marcus Meissner
Sebastian Krahmer (krahmer@suse.de)
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-045.php
https://www.redhat.com/support/errata/RHSA-2002-153.html
http://www.suse.com/de/support/security/2002_028_mod_ssl.html
http://www.debian.org/security/2002/dsa137-
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 暂时没有合适的临时解决方法。
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-137-1)以及相应补丁:
DSA-137-1:New mm packages fix insecure temporary file creation
链接:http://www.debian.org/security/2002/dsa137-
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/m/mm/mm_1.0.11-1.2.dsc
Size/MD5 checksum: 553 6bf8816fa3395bc685451501f203b60b
http://security.debian.org/pool/updates/main/m/mm/mm_1.0.11.orig.tar.gz
Size/MD5 checksum: 142893 e8f12c85582bd9994369ea4098c3424c
http://security.debian.org/pool/updates/main/m/mm/mm_1.0.11-1.2.diff.gz
Size/MD5 checksum: 5184 81bd3aaa499f029254fa64a7fc9a1660
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_alpha.deb
Size/MD5 checksum: 13788 e45aec9dc3688a0a8500c88d04c49f33
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_alpha.deb
Size/MD5 checksum: 32060 3a20277fd97bdf52afc511c5cf7a922a
ARM architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_arm.deb
Size/MD5 checksum: 11876 36bf40e33e1e58ab59bdbc7e6b27327a
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_arm.deb
Size/MD5 checksum: 29194 eeba5fb89081bfc67cc1eb4c8ae7beaf
Intel ia32 architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_i386.deb
Size/MD5 checksum: 12100 52a6b793c890790319b5d328ee1b7a0d
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_i386.deb
Size/MD5 checksum: 28924 888a040a28f6c942424b609bb92ddc88
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_m68k.deb
Size/MD5 checksum: 11560 f86c03c040087127c74f8ddb0ebb23b4
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_m68k.deb
Size/MD5 checksum: 28752 aba689b014f669d0cadeefaa7720b9d7
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_powerpc.deb
Size/MD5 checksum: 12286 159aa5cb4938fa844ad6b93990d125b3
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_powerpc.deb
Size/MD5 checksum: 30340 785b5ed0a9cb5b00f4e3182b7a457b44
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm10_1.0.11-1.2_sparc.deb
Size/MD5 checksum: 12170 f4f4911490dcec804e2215d8c6dcb373
http://security.debian.org/pool/updates/main/m/mm/libmm10-dev_1.0.11-1.2_sparc.deb
Size/MD5 checksum: 29664 fa63ddb6ab216e7d7d7caa09531a6967
Debian GNU/Linux 3.0 alias woody
- ------------------------------------
Source archives:
http://security.debian.org/pool/updates/main/m/mm/mm_1.1.3-6.1.dsc
Size/MD5 checksum: 565 90c7910a97454ac9aa1abc0bc79cf316
http://security.debian.org/pool/updates/main/m/mm/mm_1.1.3.orig.tar.gz
Size/MD5 checksum: 137951 ba14a90239e26337eef079b698f35eae
http://security.debian.org/pool/updates/main/m/mm/mm_1.1.3-6.1.diff.gz
Size/MD5 checksum: 4300 44c3bd2710d53798f19228ffb4a32b78
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_alpha.deb
Size/MD5 checksum: 15884 e95d9355d8c1ce4e67b057e9f7b644ed
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_alpha.deb
Size/MD5 checksum: 35894 613548b6398dff2a72d8831dfa0bd405
ARM architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_arm.deb
Size/MD5 checksum: 14082 bc8d016410dc8ae21bd273239432e58e
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_arm.deb
Size/MD5 checksum: 33312 e148f2ef714cc6cd7b4021ec75fb19e0
Intel ia32 architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_i386.deb
Size/MD5 checksum: 14090 f118e324b0b4baf755e4b6c0532138f0
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_i386.deb
Size/MD5 checksum: 32750 d089be8693d8c2dcaae3fb953d9eec54
Intel ia64 architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_ia64.deb
Size/MD5 checksum: 18668 a2a7024d9f7fae7823bf6f4eb7d9f04d
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_ia64.deb
Size/MD5 checksum: 37466 1b6a21155340aa8ba1a407ac3ca6f92e
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_hppa.deb
Size/MD5 checksum: 15124 a727a96c2deaecc8744a38c2790dd3c6
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_hppa.deb
Size/MD5 checksum: 34442 b3c909102201481260e990c879b0cbd4
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_m68k.deb
Size/MD5 checksum: 13724 838d7d18852fdbb29d13b564810d123b
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_m68k.deb
Size/MD5 checksum: 32642 1008ea0662fd538477e330af50eb24b0
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_mips.deb
Size/MD5 checksum: 14526 4e6623322ddf327a785fd6ffe6b8ac53
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_mips.deb
Size/MD5 checksum: 35110 ab27174539b582b6076bfd2e9c39f1c9
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_mipsel.deb
Size/MD5 checksum: 14530 2964c06a127258d7e3fb877e52106566
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_mipsel.deb
Size/MD5 checksum: 35138 6a6727101d30da5446b71cf8a17df09a
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_powerpc.deb
Size/MD5 checksum: 14430 0926f90a07eb1fbd17a6f668b5a7fa5d
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_powerpc.deb
Size/MD5 checksum: 34468 0ae6359e654bad4eab542318112185de
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_s390.deb
Size/MD5 checksum: 14688 e9e1d8caaf6a92862ea416f05150c56b
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_s390.deb
Size/MD5 checksum: 33184 9f493d157472503aed37bc8f40a3dcfa
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mm/libmm11_1.1.3-6.1_sparc.deb
Size/MD5 checksum: 14310 57a9315214fb39d0aacbf31a23393161
http://security.debian.org/pool/updates/main/m/mm/libmm11-dev_1.1.3-6.1_sparc.deb
Size/MD5 checksum: 33756 e0efa30728f179a3c201c29676786ef4
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2002:045)以及相应补丁:
MDKSA-2002:045:mm
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-045.php
补丁下载:
Updated Packages:
Linux-Mandrake 7.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.1/RPMS/mm-1.1.3-8.5mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.1/RPMS/mm-devel-1.1.3-8.5mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.1/SRPMS/mm-1.1.3-8.5mdk.src.rpm
Linux-Mandrake 7.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/mm-1.1.3-8.5mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/RPMS/mm-devel-1.1.3-8.5mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/7.2/SRPMS/mm-1.1.3-8.5mdk.src.rpm
Mandrake Linux 8.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/mm-1.1.3-8.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/mm-devel-1.1.3-8.4mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/SRPMS/mm-1.1.3-8.4mdk.src.rpm
Mandrake Linux 8.0/ppc:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/mm-1.1.3-8.4mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/RPMS/mm-devel-1.1.3-8.4mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.0/SRPMS/mm-1.1.3-8.4mdk.src.rpm
Mandrake Linux 8.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/libmm1-1.1.3-9.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/libmm1-devel-1.1.3-9.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/SRPMS/mm-1.1.3-9.1mdk.src.rpm
Mandrake Linux 8.1/ia64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/libmm1-1.1.3-9.1mdk.ia64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/RPMS/libmm1-devel-1.1.3-9.1mdk.ia64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ia64/8.1/SRPMS/mm-1.1.3-9.1mdk.src.rpm
Mandrake Linux 8.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/libmm1-1.1.3-9.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/libmm1-devel-1.1.3-9.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/SRPMS/mm-1.1.3-9.1mdk.src.rpm
Mandrake Linux 8.2/ppc:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/libmm1-1.1.3-9.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/RPMS/libmm1-devel-1.1.3-9.1mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/8.2/SRPMS/mm-1.1.3-9.1mdk.src.rpm
Corporate Server 1.0.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/1.0.1/RPMS/mm-1.1.3-8.5mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/1.0.1/RPMS/mm-devel-1.1.3-8.5mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/1.0.1/SRPMS/mm-1.1.3-8.5mdk.src.rpm
Single Network Firewall 7.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/RPMS/mm-1.1.3-8.5mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/RPMS/mm-devel-1.1.3-8.5mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/snf7.2/SRPMS/mm-1.1.3-8.5mdk.src.rpm
上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:153-07)以及相应补丁:
RHSA-2002:153-07:Updated mm packages fix temporary file handling
链接:https://www.redhat.com/support/errata/RHSA-2002-153.html
补丁下载:
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/mm-1.1.3-8.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/mm-1.1.3-8.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/mm-devel-1.1.3-8.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/mm-1.1.3-8.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/mm-devel-1.1.3-8.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/mm-1.1.3-8.src.rpm
alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/mm-1.1.3-8.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/mm-devel-1.1.3-8.alpha.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/mm-1.1.3-8.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/mm-devel-1.1.3-8.i386.rpm
ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/mm-1.1.3-8.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/mm-devel-1.1.3-8.ia64.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/mm-1.1.3-8.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/mm-1.1.3-8.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/mm-devel-1.1.3-8.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/mm-1.1.3-8.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/mm-devel-1.1.3-8.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/mm-1.1.3-8.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/mm-1.1.3-8.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/mm-devel-1.1.3-8.i386.rpm
可使用下列命令安装补丁:
rpm -Fvh [文件名]
S.u.S.E.
--------
S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2002:028)以及相应补丁:
SuSE-SA:2002:028:mod_ssl, mm
链接:http://www.suse.com/de/support/security/2002_028_mod_ssl.html
补丁下载:
SuSE Upgrade mm-1.1.3-165.alpha.rpm
ftp://ftp.suse.com/pub/suse/axp/update/7.1/d2/mm-1.1.3-165.alpha.rpm
SuSE Upgrade mm-1.1.3-202.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/d2/mm-1.1.3-202.ppc.rpm
SuSE Upgrade mm-1.1.3-203.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/d2/mm-1.1.3-203.ppc.rpm
SuSE Upgrade mm-1.1.3-290.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d2/mm-1.1.3-290.i386.rpm
SuSE Upgrade mm-1.1.3-292.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/d2/mm-1.1.3-292.i386.rpm
SuSE Upgrade mm-1.1.3-290.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/d1/mm-1.1.3-290.i386.rpm
SuSE Upgrade mm-1.1.3-293.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.1/d2/mm-1.1.3-293.i386.rpm
SuSE Upgrade mm-1.1.3-163.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/d2/mm-1.1.3-163.sparc.rpm
OSSP
----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
OSSP Upgrade mm-1.2.1.tar.gz
ftp://ftp.ossp.org/pkg/lib/mm/mm-1.2.1.tar.gz
浏览次数:4047
严重程度:0(网友投票)
绿盟科技给您安全的保障