CERTA-2004-AVI-385
Vulnerability from certfr_avis - Published: 2004-08-31 - Updated: 2004-12-06
Une vulnérabilité a été découverte dans certaines versions d'OpenSSL, permettant à un utilisateur local mal intentionné d'élever ses privilèges.
Description
Une vulnérabilité présente dans le script der_chop permet à un
utilisateur local mal intentionné, en utilisant un lien symbolique, de
créer ou d'écraser certains fichiers temporaires avec les privilèges de
l'utilisateur ayant lancé le script.
Solution
Appliquer le correctif corrigeant cette faille suivant la distribution affectée (cf. Documentation).
OpenSSL versions 0.9.6m, 0.9.7d et 0.9.7e.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eOpenSSL versions 0.9.6m, 0.9.7d et 0.9.7e.\u003c/p\u003e",
"content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 pr\u00e9sente dans le script `der_chop` permet \u00e0 un\nutilisateur local mal intentionn\u00e9, en utilisant un lien symbolique, de\ncr\u00e9er ou d\u0027\u00e9craser certains fichiers temporaires avec les privil\u00e8ges de\nl\u0027utilisateur ayant lanc\u00e9 le script.\n\n## Solution\n\nAppliquer le correctif corrigeant cette faille suivant la distribution\naffect\u00e9e (cf. Documentation).\n",
"cves": [],
"initial_release_date": "2004-08-31T00:00:00",
"last_revision_date": "2004-12-06T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandrake MDKSA-2004:147 du 06 d\u00e9cembre 2004 :",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:147"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-603 du 01 d\u00e9cembre 2004 :",
"url": "http://www.debian.org/security/2004/dsa-603"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Avaya ASA-2005-170 du 29 ao\u00fbt 2005 :",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-170.pdf"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200411-15 du 08 Novembre 2004 :",
"url": "http://security.gentoo.org/glsa/glsa-200411-15.xml"
}
],
"reference": "CERTA-2004-AVI-385",
"revisions": [
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Avaya.",
"revision_date": "2004-08-31T00:00:00.000000"
},
{
"description": "version initiale.",
"revision_date": "2004-12-02T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Mandrake.",
"revision_date": "2004-12-06T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans certaines versions d\u0027OpenSSL,\npermettant \u00e0 un utilisateur local mal intentionn\u00e9 d\u0027\u00e9lever ses\nprivil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 dans OpenSSL",
"vendor_advisories": [
{
"published_at": null,
"title": "Avis de s\u00e9curit\u00e9 Debian DSA-603 du 01 d\u00e9cembre 2004",
"url": null
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…