ncompress 不安全临时文件创建漏洞-安全小百科

ncompress 不安全临时文件创建漏洞

漏洞ID	1197826	漏洞类型	未知
发布时间	2005-09-20	更新时间	2005-09-20
CVE编号	CVE-2005-2991	CNNVD-ID	CNNVD-200509-183
漏洞平台	N/A	CVSS评分	2.1

|漏洞来源

https://www.securityfocus.com/bid/89298
https://cxsecurity.com/issue/WLB-2005090010
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200509-183

|漏洞详情

ncompress是一个快速压缩软件，兼容于.Z文件，但不兼容.gz文件。ncompress4.2.4版本及早期版本中，本地用户可以通过使用(1)zdiff或(2)zcmp对临时文件发起symlink攻击。

|漏洞EXP

#########################################################

ncompress insecure temporary file creation

Vendor: ftp://ftp.leo.org/pub/comp/os/unix/linux/sunsite/utils/compress/
Advisory: http://www.zataz.net/adviso/ncompress-09052005.txt
Vendor informed: yes
Exploit available: yes
Impact : low
Exploitation : low

#########################################################

The vulnerability is caused due to temporary file being created insecurely.
This can be exploited via symlink attacks in combination with a race
condition to create and overwrite arbitrary files
with the privileges of the user running the affected script.

Secunia has reported that D1g1t4lLeech has discovered this bug
the 2005-09-16

ZATAZ Audit has discovered this bug the 2005-09-05

D1g1t4lLeech is a true Leecher :)

Gentoo Security take care on your IRC Channel, spy everywhere.

##########
Versions:
##########

ncompress <= 4.2.4-r1

##########
Solution:
##########

To prevent symlink attack use kernel patch such as grsecurity

#########
Timeline:
#########

Discovered : 2005-09-05
Vendor notified : 2005-09-05
Vendor response : no reponse
Vendor fix : no patch
Vendor Sec report (vendor-sec (at) lst (dot) de [email concealed]) :
Disclosure :

#####################
Technical details :
#####################

ncompress use vulnerable version off zdiff and zcmp.

#########
Related :
#########

Secunia : http://secunia.com/advisories/13131/
CVE : CAN-2004-0970

#####################
Credits :
#####################

Eric Romang (eromang (at) zataz (dot) net [email concealed] - ZATAZ Audit)
Thxs to Gentoo Security Team. (Taviso, jaervosz, solar, Koon, etc.)

|受影响的产品

ncompress ncompress 4.2.4 R1

|参考资料

来源:MISC
链接:http://www.zataz.net/adviso/ncompress-09052005.txt
来源:FULLDISC
名称:20050916ncompressinsecuretemporaryfilecreation
链接:http://marc.theaimsgroup.com/?l=full-disclosure&m;=112688098630314&w;=2
来源:BUGTRAQ
名称:20050916ncompressinsecuretemporaryfilecreation
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112689772732098&w;=2
来源:SREASON
名称:12
链接:http://securityreason.com/securityalert/12

相关推荐: COWS CGI Online Worldweb Shopping Compatible.CGI Cross-Site Scripting Vulnerability

COWS CGI Online Worldweb Shopping Compatible.CGI Cross-Site Scripting Vulnerability 漏洞ID 1102519 漏洞类型 Input Validation Error 发布时间 …

文章版权归作者所有，未经允许请勿转载。

THE END