发布时间:2003-11-04
更新时间:2003-11-04
严重程度:高
威胁程度:本地管理员权限
错误类型:边界检查错误
利用方式:服务器模式
BUGTRAQ ID:8973
CVE(CAN) ID:cgi-bin/cvename.
cgi?name=CAN-2003-0834">
CAN-2003-0834
受影响系统 Compaq Tru64 4.0 g PK4 (BL22)
Compaq Tru64 4.0 g PK3 (BL17)
Compaq Tru64 4.0 g
Compaq Tru64 4.0 f PK8 (BL22)
Compaq Tru64 4.0 f PK7 (BL18)
Compaq Tru64 4.0 f PK6 (BL17)
Compaq Tru64 4.0 f
Compaq Tru64 5.0 f
Compaq Tru64 5.0 a PK3 (BL17)
Compaq Tru64 5.0 a
Compaq Tru64 5.0 PK4 (BL18)
Compaq Tru64 5.0 PK4 (BL17)
Compaq Tru64 5.0
Compaq Tru64 5.1 PK6 (BL20)
Compaq Tru64 5.1 PK5 (BL19)
Compaq Tru64 5.1 PK4 (BL18)
Compaq Tru64 5.1 PK3 (BL17)
Compaq Tru64 5.1
HP HP-UX 11.0
HP HP-UX 11.11
HP HP-UX 11.22
HP HP-UX 11.23
SCO Open UNIX 8.0
SCO Unixware 7.1.1
SCO Unixware 7.1.3
Sun Solaris 7.0 _x86
Sun Solaris 7.0
Sun Solaris 8.0 _x86
Sun Solaris 8.0
Sun Solaris 9.0 _x86
Sun Solaris 9.0
详细描述
CDE libDtHelp是CDE显示帮助内容的程序
,在处理DTHelpUserSearchPath变量时存在问题
,可导致权限提升
。
解决方案
补丁下载:
Compaq Tru64 5.1 PK6 (BL20):
HP Patch T64KIT0020835-V51B20-ES-20031124
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020835-V51B20-ES-20031124
Patch requires PK6 (BL20)
Compaq Tru64 5.1 PK5 (BL19):
HP Patch T64KIT0020835-V51B20-ES-20031124
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020835-V51B20-ES-20031124
Patch requires PK6 (BL20)
Compaq Tru64 5.1 PK4 (BL18):
HP Patch T64KIT0020835-V51B20-ES-20031124
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020835-V51B20-ES-20031124
Patch requires PK6 (BL20)
Compaq Tru64 5.1 PK3 (BL17):
HP Patch T64KIT0020835-V51B20-ES-20031124
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020835-V51B20-ES-20031124
Patch requires PK6 (BL20)
Compaq Tru64 5.1:
HP Patch T64KIT0020835-V51B20-ES-20031124
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020835-V51B20-ES-20031124
Patch requires PK6 (BL20)
HP HP-UX 11.0:
HP Patch PHSS_30010
ftp://ftp.itrc.hp.com/hp-ux_patches/s700_800/11.X/PHSS_30010
HP HP-UX 11.11:
HP Patch PHSS_30011
ftp://ftp.itrc.hp.com/hp-ux_patches/s700_800/11.X/PHSS_30011
HP HP-UX 11.22:
HP Patch PHSS_30012
http://itrc.hp.com
HP HP-UX 11.23:
HP Patch PHSS_30013
http://itrc.hp.com
SCO Unixware 7.1.1:
SCO Patch erg712445.pkg.Z
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.31
SCO Unixware 7.1.3:
SCO Patch erg712445.pkg.Z
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.31
SCO Open UNIX 8.0:
SCO Patch erg712445.pkg.Z
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.31
Sun Solaris 7.0 _x86:
Sun Patch T107179-03
http://sunsolve.sun.com
Sun Solaris 7.0:
Sun Patch T107178-03
http://sunsolve.sun.com
Sun Solaris 8.0 _x86:
Sun Patch T108950-08
http://sunsolve.sun.com
Sun Solaris 8.0:
Sun Patch T108949-08
http://sunsolve.sun.com
Sun Solaris 9.0 _x86:
Sun Patch T116309-01
http://sunsolve.sun.com
Sun Solaris 9.0:
Sun Patch T116308-01
http://sunsolve.sun.com
相关信息
参考:
http://www.securityfocus.com/advisories/6022
http://www.securityfocus.com/advisories/6070
http://www.securityfocus.com/advisories/6133
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57414