首页 -> 安全研究
安全研究
安全漏洞
HP Tru64/HP-UX C库标准I/0文件描述符漏洞
发布日期:2003-03-18
更新日期:2003-03-25
受影响系统:
Compaq OpenVMS不受影响系统:
Compaq Tru64 5.1a PK3 (BL3)
Compaq Tru64 5.1a PK2 (BL2)
Compaq Tru64 5.1a PK1 (BL1)
Compaq Tru64 5.1a
Compaq Tru64 5.1 PK5 (BL19)
Compaq Tru64 5.1 PK4 (BL18)
Compaq Tru64 5.1 PK3 (BL17)
Compaq Tru64 5.1
Compaq Tru64 5.0f
Compaq Tru64 5.0a PK3 (BL17)
Compaq Tru64 5.0a
Compaq Tru64 5.0 PK4 (BL18)
Compaq Tru64 5.0 PK4 (BL17)
Compaq Tru64 5.0
Compaq Tru64 4.0g PK3 (BL17)
Compaq Tru64 4.0g
Compaq Tru64 4.0f PK7 (BL18)
Compaq Tru64 4.0f PK6 (BL17)
Compaq Tru64 4.0f
Compaq Tru64 4.0d PK9 (BL17)
Compaq Tru64 4.0d
HP HP-UX 9.9
HP HP-UX 9.8
HP HP-UX 9.7
HP HP-UX 9.6
HP HP-UX 9.5
HP HP-UX 9.4
HP HP-UX 9.3
HP HP-UX 9.10
HP HP-UX 9.1
HP HP-UX 9.0
HP HP-UX 8.9
HP HP-UX 8.8
HP HP-UX 8.7
HP HP-UX 8.6
HP HP-UX 8.5
HP HP-UX 8.4
HP HP-UX 8.2
HP HP-UX 8.1
HP HP-UX 8.0
HP HP-UX 11.22
HP HP-UX 11.20
HP HP-UX 11.11
HP HP-UX 11.04
HP HP-UX 11.0
HP HP-UX 10.9
HP HP-UX 10.8
HP HP-UX 10.34
HP HP-UX 10.30
HP HP-UX 10.26
HP HP-UX 10.24
HP HP-UX 10.20 SIS
HP HP-UX 10.20
HP HP-UX 10.16
HP HP-UX 10.10
HP HP-UX 10.10
HP HP-UX 10.01
HP HP-UX 10.0
HP MPE/iX
Compaq Nonstop Kernel S-Series
Compaq OpenVMS 7.3 VAX描述:
Compaq OpenVMS 7.3 Alpha
Compaq OpenVMS 7.2-2 Alpha
Compaq OpenVMS 7.2-1H1 Alpha
Compaq OpenVMS 7.2 VAX
Compaq OpenVMS 7.1-2 Alpha
Compaq OpenVMS 7.1 VAX
Compaq OpenVMS 6.2 VAX
Compaq OpenVMS 6.2 Alpha
Compaq OpenVMS 6.2
HP MPE/iX 7.0
HP MPE/iX 6.5
HP MPE/iX 6.0
HP MPE/iX 5.5
HP MPE/iX 5.0
HP MPE/iX 4.5
HP MPE/iX 4.0
Compaq Nonstop Kernel S-Series 3.0
BUGTRAQ ID: 7132
HP Tru64是一款HP公司开发的商业性质Unix操作系统。
HP Tru64在处理标准I/0文件描述符时存在漏洞,远程或本地攻击者利用这个漏洞未授权访问文件或以高权限访问系统。
HP Tru64和基于HP-UX的内核在执行(exec())setuid映象前没有正确检查C库标准I/O文件描述符0-2是否为合法打开的文件,攻击者可以提供数据写入敏感I/O通道,导致未授权访问文件和系统。
<*来源:HP Security Bulletin (security-alert@hp.com)
链接:*>
建议:
厂商补丁:
Compaq
------
Compaq已经为此发布了一个安全公告(SSRT0845U)以及相应补丁:
SSRT0845U:SSRT0845U: HP Tru64 UNIX, HP-UX stdio Potential Security Vulnerability
链接:
补丁下载:
Compaq Tru64 4.0 g PK3 (BL17):
HP Patch t64v40gb17-c0028500-17206-es-20030305.tar
ftp://ftp1.support.compaq.com/public/unix/v4.0g/t64v40gb17-c0028500-17206-es-20030305.tar
Compaq Tru64 4.0 g:
Compaq Tru64 4.0 f PK7 (BL18):
HP Patch t64v50ab17-c0031400-17220-es-20030305.tar
ftp://ftp1.support.compaq.com/public/unix/v5.0a/t64v50ab17-c0031400-17220-es-20030305.tar
Compaq Tru64 4.0 f PK6 (BL17):
Compaq Tru64 4.0 f:
Compaq Tru64 5.0 a PK3 (BL17):
HP Patch t64v50ab17-c0031400-17220-es-20030305.tar
ftp://ftp1.support.compaq.com/public/unix/v5.0a/t64v50ab17-c0031400-17220-es-20030305.tar
Compaq Tru64 5.0 a:
Compaq Tru64 5.1 a PK3 (BL3):
HP Patch t64v51ab3-c0106401-17256-es-20030306.tar
ftp://ftp1.support.compaq.com/public/unix/v5.1a/t64v51ab3-c0106401-17256-es-20030306.tar
Compaq Tru64 5.1 a PK2 (BL2):
Compaq Tru64 5.1 a PK1 (BL1):
Compaq Tru64 5.1 a:
Compaq Tru64 5.1 PK6 (BL20):
HP Patch t64v51b20-c0172301-17255-es-20030306.tar
ftp://ftp1.support.compaq.com/public/unix/v5.1/t64v51b20-c0172301-17255-es-20030306.tar
Compaq Tru64 5.1 PK5 (BL19):
HP Patch t64v51b19-c0143704-17254-es-20030306.tar
ftp://ftp1.support.compaq.com/public/unix/v5.1/t64v51b19-c0143704-17254-es-20030306.tar
浏览次数:2888
严重程度:0(网友投票)
绿盟科技给您安全的保障