安全研究
安全漏洞
Mandrake Linux passwd未明安全漏洞
发布日期:2004-05-17
更新日期:2004-05-25
受影响系统:
MandrakeSoft Corporate Server 2.1 x86_64描述:
MandrakeSoft Corporate Server 2.1
MandrakeSoft Linux Mandrake 9.2 amd64
MandrakeSoft Linux Mandrake 9.2
MandrakeSoft Linux Mandrake 9.1 ppc
MandrakeSoft Linux Mandrake 9.1
MandrakeSoft Linux Mandrake 9.0
MandrakeSoft Linux Mandrake 8.2
MandrakeSoft Linux Mandrake 10.0
MandrakeSoft Multi Network Firewall 8.2
BUGTRAQ ID: 10370
CVE(CAN) ID: CVE-2004-2394
Mandrake Linux是一款开放源代码操作系统。
Mandrake Linux的passwd实现存在问题,可能导致安全级别降低,用户不能登录等问题。
根据报告,Mandrake Linux通过stdin提供给passwd的密码比预想的要少一字符,目前还不清楚是否会在交互提示状况下发生。这可导致用户密码存储不正确或用户不能登录。
另外PAM不正确初始化和"safe and proper""操作存在一定问题。
<*来源:Steve Grubb (linux_4ever@yahoo.com)
链接:http://www.linux-mandrake.com/en/security/2004/2004-045.php
*>
建议:
厂商补丁:
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:045)以及相应补丁:
MDKSA-2004:045:Updated passwd packages fix vulnerabilities
链接:http://www.linux-mandrake.com/en/security/2004/2004-045.php
补丁下载:
Updated Packages:
Mandrakelinux 10.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/passwd-0.68-2.2.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/passwd-0.68-2.2.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/passwd-0.68-2.2.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/SRPMS/passwd-0.68-2.2.100mdk.src.rpm
Corporate Server 2.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/passwd-0.67-5.2.C21mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/passwd-0.67-5.2.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/passwd-0.67-5.2.C21mdk.x86_64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/SRPMS/passwd-0.67-5.2.C21mdk.src.rpm
Mandrakelinux 9.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/passwd-0.68-2.2.91mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/passwd-0.68-2.2.91mdk.src.rpm
Mandrakelinux 9.1/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/passwd-0.68-2.2.91mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/SRPMS/passwd-0.68-2.2.91mdk.src.rpm
Mandrakelinux 9.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/passwd-0.68-2.2.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/SRPMS/passwd-0.68-2.2.92mdk.src.rpm
Mandrakelinux 9.2/AMD64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/passwd-0.68-2.2.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/SRPMS/passwd-0.68-2.2.92mdk.src.rpm
Multi Network Firewall 8.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/mnf8.2/RPMS/passwd-0.64.1-9.2.M82mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/mnf8.2/SRPMS/passwd-0.64.1-9.2.M82mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php
浏览次数:3413
严重程度:0(网友投票)
绿盟科技给您安全的保障