RootSSV:3691Vim不安全文件建立漏洞
BUGTRAQ ID: 30279
CNCAN ID:CNCAN-2008072101
Vim是一款常用的文本编辑器。
Vim configure.in不安全建立临时文件,本地攻击者可以利用漏洞以运行应用程序权限覆盖或删除系统文件。
当构建过程中,在’/tmp’目录中会建立可猜测名字的临时文件,当VIM使用Python支持构建时运行如下代码:
src/configure.in:
677 dnl – we need to examine Python’s config/Makefile too
678 dnl see what the interpreter is built from
679 AC_CACHE_VAL(vi_cv_path_python_plibs,
680 [
681 tmp_mkf="/tmp/Makefile-conf$$"
(1)–> 682 cat ${PYTHON_CONFDIR}/Makefile - <<‘eof’ >${tmp_mkf}
683 __:
684 @echo "python_MODLIBS=‘$(MODLIBS)’"
685 @echo "python_LIBS=‘$(LIBS)’"
686 @echo "python_SYSLIBS=‘$(SYSLIBS)’"
687 @echo "python_LINKFORSHARED=‘$(LINKFORSHARED)’"
688 eof
689 dnl – delete the lines from make about
Entering/Leaving directory
(2)–> 690 eval "`cd ${PYTHON_CONFDIR} && make -f
${tmp_mkf} __ | sed ‘/ directory /d’`"
691 rm -f ${tmp_mkf}
攻击者可以在(1)处写入前建立临时文件``/tmp/Makefile-conf<PID>‘’,在(1)和(2)之间,任何命令可写入到文件,并在(2)处执行。
VIM Development Group VIM 6.3
- MandrakeSoft Linux Mandrake 10.1 x86_64
- MandrakeSoft Linux Mandrake 10.1
VIM Development Group VIM 6.2 - MandrakeSoft Corporate Server 3.0 x86_64
- MandrakeSoft Corporate Server 3.0
- MandrakeSoft Linux Mandrake 10.0 AMD64
- MandrakeSoft Linux Mandrake 10.0
- RedHat Fedora Core1
- SCO OpenLinux Server 3.1.1
- SCO OpenLinux Workstation 3.1.1
VIM Development Group VIM 6.1 - Conectiva Linux 8.0
- MandrakeSoft Corporate Server 2.1 x86_64
- MandrakeSoft Corporate Server 2.1
- MandrakeSoft Linux Mandrake 9.0
- MandrakeSoft Linux Mandrake 8.2 ppc
- MandrakeSoft Linux Mandrake 8.2
- MandrakeSoft Linux Mandrake 8.1 ia64
- MandrakeSoft Linux Mandrake 8.1
- MandrakeSoft Linux Mandrake 8.0 ppc
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Multi Network Firewall 2.0
- MandrakeSoft Single Network Firewall 7.2
- RedHat Linux 9.0 i386
- RedHat Linux 8.0
- RedHat Linux for iSeries 7.1
- RedHat Linux for pSeries 7.1
- Sun Cobalt Qube 3
- Sun Cobalt RaQ 4
- Sun Cobalt RaQ 550
- Sun Cobalt RaQ XTR
- Sun Linux 5.0.6
VIM Development Group VIM 6.0 - RedHat Linux 7.3 i386
- RedHat Linux 7.2 ia64
- RedHat Linux 7.2 i386
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 i386
VIM Development Group VIM 5.8
VIM Development Group VIM 5.7 - Caldera OpenLinux 2.3
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.3
- S.u.S.E. Linux 6.2
- S.u.S.E. Linux 6.1
- SCO eDesktop 2.4
- SCO eServer 2.3.1
VIM Development Group VIM 5.6
VIM Development Group VIM 5.5
VIM Development Group VIM 5.4
VIM Development Group VIM 5.3
VIM Development Group VIM 5.2
VIM Development Group VIM 5.1
VIM Development Group VIM 5.0
VIM Development Group VIM 7.1
VIM Development Group VIM 7.1
VIM Development Group VIM 7.0 - MandrakeSoft Linux Mandrake 2007.1 x86_64
- MandrakeSoft Linux Mandrake 2007.1
- MandrakeSoft Linux Mandrake 2007.1
- MandrakeSoft Linux Mandrake 2007.0 x86_64
- MandrakeSoft Linux Mandrake 2007.0 x86_64
- MandrakeSoft Linux Mandrake 2007.0
- MandrakeSoft Linux Mandrake 2007.0
- Ubuntu Ubuntu Linux 7.04 sparc
- Ubuntu Ubuntu Linux 7.04 powerpc
- Ubuntu Ubuntu Linux 7.04 i386
- Ubuntu Ubuntu Linux 7.04 amd64
- Ubuntu Ubuntu Linux 6.10 sparc
- Ubuntu Ubuntu Linux 6.10 powerpc
- Ubuntu Ubuntu Linux 6.10 i386
- Ubuntu Ubuntu Linux 6.10 amd64
VIM Development Group VIM 6.4
目前没有解决方案提供:
<a href=“http://www.vim.org/” target=“_blank”>http://www.vim.org/</a>