Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:2852
HistoryJan 23, 2008 - 12:00 a.m.

FreeBSD pty处理多个本地信息泄露漏洞

2008-01-2300:00:00
Root
www.seebug.org
10

0.0004 Low

EPSS

Percentile

5.7%

JSON

BUGTRAQ ID: 27284
CVE(CAN) ID: CVE-2008-0216,CVE-2008-0217

FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。

FreeBSD在处理pty的权限时存在漏洞,本地攻击者可能利用此漏洞提升自己的权限。

FreeBSD的openpty()函数在为打开的伪终端设置权限时存在错误,恶意的本地用户可以通过执行内部调用了openpty()的程序从非root用户所打开的pty读取文本;此外ptsname(3)函数错误的从/dev中的设备节点名获得了两个字符,但没有核实是否在操作调用用户所拥有的有效pty。pt_chown使用了ptsname(3)的错误结果将pty的所有权更改到调用pt_chown的用户,这样本地用户就可以获得正常情况下应受限的所有权。

FreeBSD FreeBSD 7.0
FreeBSD FreeBSD 6.3
FreeBSD FreeBSD 6.2
FreeBSD FreeBSD 6.1
FreeBSD FreeBSD 5.5
FreeBSD FreeBSD 5.0
厂商补丁:

FreeBSD

FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-08:01)以及相应补丁:
FreeBSD-SA-08:01:pty snooping
链接:<a href=“ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-08:01.pty.asc” target=“_blank”>ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-08:01.pty.asc</a>

补丁下载:

执行以下步骤之一:

  1. 将有漏洞的系统升级到5-STABLE、6-STABLE或7.0-PRERELEASE,或修改日期之后的RELENG_7_0、RELENG_6_3、RELENG_6_2、RELENG_6_1或RELENG_5_5安全版本。

  2. 为当前系统打补丁:

以下补丁确认可应用于FreeBSD 5.5、6.1、6.2、6.3和7.0系统。

a) 从以下位置下载相关补丁,并使用PGP工具验证附带的PGP签名。

[FreeBSD 5.5]

fetch <a href=“http://security.FreeBSD.org/patches/SA-08:01/pty5.patch” target=“_blank”>http://security.FreeBSD.org/patches/SA-08:01/pty5.patch</a>

fetch <a href=“http://security.FreeBSD.org/patches/SA-08:01/pty5.patch.asc” target=“_blank”>http://security.FreeBSD.org/patches/SA-08:01/pty5.patch.asc</a>

[FreeBSD 6.x]

fetch <a href=“http://security.FreeBSD.org/patches/SA-08:01/pty6.patch” target=“_blank”>http://security.FreeBSD.org/patches/SA-08:01/pty6.patch</a>

fetch <a href=“http://security.FreeBSD.org/patches/SA-08:01/pty6.patch.asc” target=“_blank”>http://security.FreeBSD.org/patches/SA-08:01/pty6.patch.asc</a>

[FreeBSD 7.0]

fetch <a href=“http://security.FreeBSD.org/patches/SA-08:01/pty7.patch” target=“_blank”>http://security.FreeBSD.org/patches/SA-08:01/pty7.patch</a>

fetch <a href=“http://security.FreeBSD.org/patches/SA-08:01/pty7.patch.asc” target=“_blank”>http://security.FreeBSD.org/patches/SA-08:01/pty7.patch.asc</a>

b) 以root执行以下命令:

cd /usr/src

patch < /path/to/patch

c) 如<URL: <a href=“http://www.freebsd.org/handbook/makeworld.html&gt;” target=“_blank”>http://www.freebsd.org/handbook/makeworld.html&gt;</a> 所述重新编译操作系统并重启系统。

Related

securityvulns 3
freebsd_advisory 1
openvas 2
cvelist 2
prion 2
cve 2
ubuntucve 2
securityvulns
securityvulns
FreeBSD Security Advisory FreeBSD-SA-08:01.pty
2008-01-16 00:00:00
FreeBSD pty hijacking
2008-01-16 00:00:00
Microsoft Security Bulletin MS08-011 – Important Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution &#40;947081&#41;
2008-02-13 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-08:01.pty
2008-01-14 00:00:00
openvas
openvas
FreeBSD Security Advisory (FreeBSD-SA-08:01.pty.asc)
2008-09-04 00:00:00
FreeBSD Security Advisory (FreeBSD-SA-08:01.pty.asc)
2008-09-04 00:00:00
cvelist
cvelist
CVE-2008-0216
2008-01-16 01:00:00
CVE-2008-0217
2008-01-16 01:00:00
prion
prion
Code injection
2008-01-16 02:00:00
Code injection
2008-01-16 02:00:00
cve
cve
CVE-2008-0216
2008-01-16 02:00:00
CVE-2008-0217
2008-01-16 02:00:00
ubuntucve
ubuntucve
CVE-2008-0216
2008-01-16 00:00:00
CVE-2008-0217
2008-01-16 00:00:00

0.0004 Low

EPSS

Percentile

5.7%

JSON
Related for SSV:2852
securityvulns3freebsd_advisory1openvas2cvelist2prion2cve2ubuntucve2