Lucene search
RootSSV:2400HistoryNov 09, 2007 - 12:00 a.m.
CoolKey以不安全的方式创建PK11IPC1临时文件漏洞
2007-11-0900:00:00
Root
www.seebug.org
13
0.0004 Low
EPSS
Percentile
5.1%
BUGTRAQ ID: 26369
CVE(CAN) ID: CVE-2007-4129
CoolKey是PKI解决方案的一部分,提供智能卡登录、单点登录、安全邮件访问等服务。
CoolKey在不安全的方式创建临时文件,本地攻击者可能利用此漏洞覆盖系统文件。
CoolKey以完全可写的权限创建/tmp/.pk11ipc1临时目录,该目录中的文件也是完全可写的,因此本地攻击者可以执行符号链接攻击导致覆盖任意文件。
CoolKey CoolKey 1.0.1
CoolKey CoolKey 1.0
RedHat
RedHat已经为此发布了一个安全公告(RHSA-2007:0631-04)以及相应补丁:
RHSA-2007:0631-04:Low: coolkey security and bug fix update
链接:<a href=“https://www.redhat.com/support/errata/RHSA-2007-0631.html” target=“_blank”>https://www.redhat.com/support/errata/RHSA-2007-0631.html</a>
CoolKey
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://directory.fedora.redhat.com/download/coolkey/coolkey-1.1.0.tar._gz” target=“_blank”>http://directory.fedora.redhat.com/download/coolkey/coolkey-1.1.0.tar._gz</a>
ls -la /tmp | grep pk11ipc1
实际结果:
drwxrwxrwx 2 root root 4096 2007-08-03 19:57 .pk11ipc1
预期结果:
drwxrwxrwt 2 root root 4096 2007-08-03 19:57 .pk11ipc1
Related
ubuntucve
ubuntucve
CVE-2007-4129
2007-11-08 00:00:00
oraclelinux
oraclelinux
coolkey security and bug fix update
2007-11-19 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2007-0631)
2015-10-08 00:00:00
prion
prion
Directory traversal
2007-11-08 11:46:00
nessus
nessus
Scientific Linux Security Update : coolkey on SL5.x i386/x86_64
2012-08-01 00:00:00
Oracle Linux 5 : coolkey (ELSA-2007-0631)
2023-09-07 00:00:00
RHEL 5 : coolkey (RHSA-2007:0631)
2007-11-08 00:00:00
veracode
veracode
Arbitrary File Overwrite
2020-04-10 00:14:54
cvelist
cvelist
CVE-2007-4129
2007-11-08 11:00:00
redhat
redhat
(RHSA-2007:0631) Low: coolkey security and bug fix update
2007-11-07 00:00:00
nvd
nvd
CVE-2007-4129
2007-11-08 11:46:00
cve
cve
CVE-2007-4129
2007-11-08 11:46:00
debiancve
debiancve
CVE-2007-4129
2007-11-08 11:46:00