微慑信息网

CVE-2008-0890-漏洞详情

CVE-2008-0890
CVSS 4.6
发布时间 :2008-03-11 20:44:00
修订时间 :2008-09-05 17:36:15
NMCOS    

[原文]Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors.


[CNNVD]redhat directory_server 权限许可和访问控制漏洞(CNNVD-200803-180)

        SP4版本以前的Red Hat Directory Server 7.1使用了对某些目录不安全的权限许可,本地用户通过未知向量来修改JAR文件和执行任意代码。


CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]


CWE (弱点类目)

CWE-264 [权限、特权与访问控制]


CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用


OVAL (用于检测的技术细节)

未找到相关OVAL定义


官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0890

(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0890

(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200803-180

(官方数据源) CNNVD


其它链接及资源

http://www.securityfocus.com/bid/28204


(UNKNOWN)  BID  28204
http://www.redhat.com/support/errata/RHSA-2008-0173.html


(UNKNOWN)  REDHAT  RHSA-2008:0173
http://xforce.iss.net/xforce/xfdb/41152


(UNKNOWN)  XF  rhds-jars-insecure-permissions(41152)
http://www.securitytracker.com/id?1019577


(UNKNOWN)  SECTRACK  1019577
http://secunia.com/advisories/29350


(UNKNOWN)  SECUNIA  29350


漏洞信息

redhat directory_server 权限许可和访问控制漏洞
中危 权限许可和访问控制
2008-03-11 00:00:00 2008-09-05 00:00:00
远程  
        SP4版本以前的Red Hat Directory Server 7.1使用了对某些目录不安全的权限许可,本地用户通过未知向量来修改JAR文件和执行任意代码。


公告与补丁

        目前厂商已经发布了以修复这个安全问题,补丁下载链接:


        http://rhn.redhat.com/errata/RHSA-2008-0173.html


漏洞信息


42844
Red Hat Directory Server JAR File Permission Weakness Local Privilege Escalation

Local Access Required
Loss of Integrity Upgrade
Vendor Verified


漏洞描述


时间线


2008-03-11

Unknow
Unknow Unknow


解决方案

Upgrade to version 7.1 SP4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.


相关参考


漏洞作者

Unknown or Incomplete


漏洞信息

Red Hat Directory Server 7.1 Local Insecure Permissions Vulnerability

Access Validation Error

28204
No Yes
2008-03-11 12:00:00 2008-03-12 08:51:00

The vendor disclosed this issue.


受影响的程序版本

RedHat Directory Server 7.1 SP3

RedHat Directory Server 7.1 SP2

RedHat Directory Server 7.1 SP1

RedHat Directory Server 7.1

RedHat Directory Server 7.1 SP4


不受影响的程序版本

RedHat Directory Server 7.1 SP4


漏洞讨论

Red Hat Directory Server is prone to an insecure-permissions vulnerability.



A local attacker can exploit this issue to execute arbitrary code with the privileges of the user running Directory Server or its applications.



Red Hat Directory Server 7.1 prior to Service Pack 4 is vulnerable.


漏洞利用

To exploit this issue, an attacker requires local interactive access to a computer running the affected application.


解决方案

Red Hat has released an advisory and Directory Server 7.1 Service Pack 4 to address this issue. Please see the referenced advisory for more information.




相关参考

本文标题:CVE-2008-0890-漏洞详情
本文链接:
(转载请附上本文链接)
http://vulsee.com/archives/vulsee_2019/0713_2938.html
转载请附本站链接,未经允许不得转载,,谢谢:微慑信息网-VulSee.com » CVE-2008-0890-漏洞详情
分享到: 更多 (0)

评论 抢沙发

  • 昵称 (必填)
  • 邮箱 (必填)
  • 网址

微慑信息网 专注工匠精神

访问我们联系我们