首页 -> 安全研究
安全研究
安全漏洞
RedHat Interchange远程泄漏任意文件漏洞
发布日期:2002-08-13
更新日期:2002-08-15
受影响系统:
RedHat Interchange 4.8.5不受影响系统:
RedHat Interchange 4.8.4
RedHat Interchange 4.8.2
RedHat Interchange 4.8.1
RedHat Interchange 4.8.3
- Debian Linux 3.0
RedHat Interchange 4.8.6描述:
BUGTRAQ ID: 5453
CVE(CAN) ID: CVE-2002-0874
Interchange是一个电子商务和应用服务器系统,它使用户可以非常方便的构建一个基于数据库的Web服务器以及在线应用。
Interchange 4.8.5以及更低版本中存在一个安全漏洞,当它运行在"INET mode"方式时,允许攻击者读取任意Interchange进程有权读取的文件,这可能泄漏给攻击者一些敏感信息,攻击者可能利用这些信息发动进一步攻击。
<*来源:Mike Heins (mike@perusion.com)
链接:http://www.icdevgroup.org/pipermail/interchange-users/2002-August/024350.html
http://www.debian.org/security/2002/dsa-150
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-150-1)以及相应补丁:
DSA-150-1:New interchange packages fix illegal file exposition
链接:http://www.debian.org/security/2002/dsa-150
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1.dsc
Size/MD5 checksum: 883 ffa49ff2144a7bd4320eb9c2198d24b3
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1.diff.gz
Size/MD5 checksum: 528 60c7cb2c1798ae2f61365e130d1772d3
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306.orig.tar.gz
Size/MD5 checksum: 1858749 660c7e65732a052a81d2ae6e4c6ed2b5
Architecture independent components:
http://security.debian.org/pool/updates/main/i/interchange/interchange-cat-foundation_4.8.3.20020306-1.woody.1_all.deb
Size/MD5 checksum: 635062 6ebceb949aad1dc23e364dd297125c8f
http://security.debian.org/pool/updates/main/i/interchange/interchange-ui_4.8.3.20020306-1.woody.1_all.deb
Size/MD5 checksum: 432068 3f9574521ced0bc39c40793c74841947
Alpha architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_alpha.deb
Size/MD5 checksum: 856324 a903c5f415978bda83ebc64e533d6513
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_alpha.deb
Size/MD5 checksum: 13812 21dcdb083b2d93e8b72cb06e3b9b3d77
ARM architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_arm.deb
Size/MD5 checksum: 854980 80a5246531dc085d5ef629dd1337271c
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_arm.deb
Size/MD5 checksum: 13198 63fe3b689099793c61b2bbb870c101e3
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_i386.deb
Size/MD5 checksum: 852744 7a40058ecc9119c740826b3dbc9660d0
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_i386.deb
Size/MD5 checksum: 13156 234c7d614aa28de64d5d33dcb49e654d
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_ia64.deb
Size/MD5 checksum: 858420 6f16f350d5d162b2bbac98bb4e7dc857
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_ia64.deb
Size/MD5 checksum: 15670 fcfacf2758ac97a9ee6390bf20b9f64b
HP Precision architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_hppa.deb
Size/MD5 checksum: 856104 4d7932a5d476acf49eda3ca2ecc4bf89
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_hppa.deb
Size/MD5 checksum: 13920 a4593d918b5c9c87434544ed7d0af579
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_m68k.deb
Size/MD5 checksum: 855146 de6a211e1b615dded617c9ff9877b897
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_m68k.deb
Size/MD5 checksum: 13168 fda641d6355b9141fc2afde7b87c95c0
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_mips.deb
Size/MD5 checksum: 855866 75c9d826ef0c1352b3a035d22d0867cf
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_mips.deb
Size/MD5 checksum: 13236 4abca0332cc562ee5a624c8eb15cfa5f
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_mipsel.deb
Size/MD5 checksum: 855776 3d9df00fd5fb6bee01222e9e263edc66
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_mipsel.deb
Size/MD5 checksum: 13238 59556c80240d01d47bfba36b20e5c34b
PowerPC architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_powerpc.deb
Size/MD5 checksum: 855224 2b0bb6d175fbe6194ef1b05c14069fcc
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_powerpc.deb
Size/MD5 checksum: 13140 ff191322a2afd7b6bae946137f1835a8
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_s390.deb
Size/MD5 checksum: 855636 3e35f8611357c023520871f38782fc94
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_s390.deb
Size/MD5 checksum: 13440 22c5fdd8fe658f59db6ac859c6e8ff55
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/i/interchange/interchange_4.8.3.20020306-1.woody.1_sparc.deb
Size/MD5 checksum: 858130 7dafc5291988bf31737058939f381ab3
http://security.debian.org/pool/updates/main/i/interchange/libapache-mod-interchange_4.8.3.20020306-1.woody.1_sparc.deb
Size/MD5 checksum: 13274 6342b55b347c6bbd330f9facd1fd8122
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
RedHat
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Red Hat Linux 7.2:
source:
http://ftp.icdevgroup.org/interchange/4.8/tar/interchange-4.8.6.tar.gz
core:
http://ftp.icdevgroup.org/interchange/4.8/rpm/interchange-4.8.6-1.i386.rpm
foundation:
http://ftp.interchange.redhat.com/interchange/4.8/rpm/interchange-foundation-4.8.6-1.i386.rpm
foundation-demo:
http://ftp.interchange.redhat.com/interchange/4.8/rpm/interchange-foundation-demo-4.8.6-1.i386.rpm
浏览次数:3649
严重程度:0(网友投票)
绿盟科技给您安全的保障