wmtv 本地root权限漏洞

/ns/ld/unix/data/20011218211316.htm

发布日期: 2001-12-6

更新日期: 2001-12-14
受影响的系统: wliang wmtv 0.6.5
+ Debian Linux 2.2

描述:
--------------------------------------------------------------------------------

漏洞描述:

BUGTRAQ ID: 3658

wmtv是一款针对windowmaker的Linux视频电视播放器。

该程序存在一个安全问题,可能导致本地用户以root权限执行任意代码。

当双击视频电视窗口时,该程序允许你运行一个外部命令,该命令由“-e”参数指定,
由于wmtv是suid程序,因此本地用户可能以root权限执行任意代码。

<*来源:Wichert Akkerman (wichert@wiggy.net)
链接:http://archives.neohapsis.com/archives/bugtraq/2001-12/0055.html
http://www.debian.org/security/2001/dsa-092
*>



--------------------------------------------------------------------------------
建议:
临时解决方法:

如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:

* 暂时去掉wmtv程序的suid属性
#chmod a-s `which wmtv`

厂商补丁:

Debian已经发布了安全公告(DSA-092-1)和相应补丁程序:

Debian Linux:
http://www.debian.org/security/2001/dsa-092

Source archives:

2potato1.diff.gz>http://security.debian.org/dists/stable/updates/main/source/wmtv_0.6.5-
2potato1.diff.gz
MD5 checksum: 71436864099e31a54191828eba1a5af1

2potato1.dsc>http://security.debian.org/dists/stable/updates/main/source/wmtv_0.6.5-
2potato1.dsc
MD5 checksum: fcfed7fae275bcd74f135db0fb315e27

orig.tar.gz>http://security.debian.org/dists/stable/updates/main/source/wmtv_0.6.5.
orig.tar.gz
MD5 checksum: 2ee18b3f1261137e8772d4f6a9dd0031

Alpha architecture:

0.6.5-2potato1_alpha.deb>http://security.debian.org/dists/stable/updates/main/binary-alpha/wmtv_
0.6.5-2potato1_alpha.deb
MD5 checksum: da07aa390b028396000c8c8ebf180c44

ARM architecture:

6.5-2potato1_arm.deb>http://security.debian.org/dists/stable/updates/main/binary-arm/wmtv_0.
6.5-2potato1_arm.deb
MD5 checksum: b0ee729c7de7dfb2b3e1c4c7a8f37e69

Intel IA-32 architecture:

.6.5-2potato1_i386.deb>http://security.debian.org/dists/stable/updates/main/binary-i386/wmtv_0
.6.5-2potato1_i386.deb
MD5 checksum: fd3ce69d983ae4b316114628c7c5fc74

Motorola 680x0 architecture:

.6.5-2potato1_m68k.deb>http://security.debian.org/dists/stable/updates/main/binary-m68k/wmtv_0
.6.5-2potato1_m68k.deb
MD5 checksum: 774a7f254a1a1f27cd7a03f66ac11308

PowerPC architecture:

v_0.6.5-2potato1_powerpc.deb>http://security.debian.org/dists/stable/updates/main/binary-powerpc/wmt
v_0.6.5-2potato1_powerpc.deb
MD5 checksum: 3b98c87d44c9570e4001ceec82d832be

Sun Sparc architecture:

0.6.5-2potato1_sparc.deb>http://security.debian.org/dists/stable/updates/main/binary-sparc/wmtv_
0.6.5-2potato1_sparc.deb
MD5 checksum: 7ecfd9e694e3b22b101c52c7f8c4f627





绿盟科技翻译整理,未经许可,不得转载