Python 'move-faqwiz.sh'不安全临时文件建立漏洞

2008-09-16T00:00:00
ID SSV:4053
Type seebug
Reporter Root
Modified 2008-09-16T00:00:00

Description

BUGTRAQ ID: 31184 CNCAN ID:CNCAN-2008091609

Python是一款开放源代码的脚本编程语言。 Python以不安全方式建立临时文件,本地攻击者可以利用漏洞对设备进行拒绝服务攻击。 "Tools/faqwiz/move-faqwiz.sh"使用$RANDOM建立临时文件,攻击者可以通过建立符号链接指向tmpXXXXX.tmp(X由$RANDOM生成5位数),在运行Python通用FAQ知道删除工具时可导致覆盖或截断目标文件,造成拒绝服务攻击或可能造成特权提升。

RedHat Fedora 9 0 RedHat Fedora 8 0 RedHat Enterprise Linux WS 5 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop 5 client RedHat Enterprise Linux AS 4 RedHat Enterprise Linux Desktop version 4 RedHat Enterprise Linux 5 server Python Software Foundation Python 2.4.5 Python Software Foundation Python 2.4.4 r14 Python Software Foundation Python 2.4.4 Python Software Foundation Python 2.4.3 + Trustix Secure Linux 3.0.5 Python Software Foundation Python 2.4.2 Python Software Foundation Python 2.4.1 Python Software Foundation Python 2.4 Python Software Foundation Python 2.3.6 Python Software Foundation Python 2.3.5 Python Software Foundation Python 2.3.4 + MandrakeSoft Linux Mandrake 10.1 x86_64 + MandrakeSoft Linux Mandrake 10.1 + S.u.S.E. Linux Personal 9.2 x86_64 + S.u.S.E. Linux Personal 9.2 + Ubuntu Ubuntu Linux 4.1 ppc + Ubuntu Ubuntu Linux 4.1 ia64 + Ubuntu Ubuntu Linux 4.1 ia32 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0

目前没有解决方案提供: <a href=http://www.python.org/ target=_blank>http://www.python.org/</a>