int(1860)

Boletines de Vulnerabilidades


Creación insegura de ficheros temporales en cfengine

Clasificación de la vulnerabilidad

Propiedad Valor
Nivel de Confianza Oficial
Impacto Integridad
Dificultad Avanzado
Requerimientos del atacante Acceso remoto con cuenta

Información sobre el sistema

Propiedad Valor
Fabricante afectado GNU/Linux
Software afectado cfengine <= 1.6.5
cfengine <= 2.1.16

Descripción

Se ha descubierto múltiples vulnerabilidades en cfengine 1.6.5 y cfengine 2.1.16, y anteriores. Las vulnerabilidades son descritas a continuación:

- CAN-2005-2960: La vulnerabilidad reside en la función "contrib/vicf.in" que crea ficheros temporales de forma insegura en /tmp. Un atacante local podría crear o sobrescribir ficheros arbitrarios, en los que la víctima que ejecuta el script, que probablemente sea root, tenga permiso de escritura, mediante un ataque de enlace simbólico.

- CAN-2005-3137: La vulnerabilidad reside en las funciones "contrib/vicf.in" y "/bin/cfmailfilter" que crean ficheros temporales de forma insegura en /tmp. Un atacante local podría crear o sobrescribir ficheros arbitrarios, en los que la víctima que ejecuta el script tenga permiso de escritura, mediante un ataque de enlace simbólico.

Solución



Actualización de software

Debian (cfengine)

Debian Linux 3.0
Source
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1.dsc
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1.diff.gz
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3.orig.tar.gz
Architecture independent
http://security.debian.org/pool/updates/main/c/cfengine/cfengine-doc_1.6.3-9woody1_all.deb
Alpha
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_alpha.deb
ARM
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_arm.deb
Intel IA-32
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_i386.deb
Intel IA-64
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_ia64.deb
HP Precision
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_hppa.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_m68k.deb
Big endian MIPS
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_mips.deb
Little endian MIPS
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_mipsel.deb
PowerPC
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_powerpc.deb
IBM S/390
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_s390.deb
Sun Sparc
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.3-9woody1_sparc.deb

Debian Linux 3.1
Source
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1.dsc
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1.diff.gz
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5.orig.tar.gz
Architecture independent
http://security.debian.org/pool/updates/main/c/cfengine/cfengine-doc_1.6.5-1sarge1_all.deb
Alpha
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_alpha.deb
AMD64
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_amd64.deb
ARM
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_arm.deb
Intel IA-32
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_i386.deb
Intel IA-64
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_ia64.deb
HP Precision
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_hppa.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_m68k.deb
Big endian MIPS
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_mips.deb
Little endian MIPS
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_mipsel.deb
PowerPC
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_powerpc.deb
IBM S/390
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_s390.deb
Sun Sparc
http://security.debian.org/pool/updates/main/c/cfengine/cfengine_1.6.5-1sarge1_sparc.deb

Debian (cfengine2)

Debian Linux 3.1
Source
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1.dsc
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1.diff.gz
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14.orig.tar.gz
Architecture independent
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2-doc_2.1.14-1sarge1_all.deb
Alpha
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_alpha.deb
AMD64
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_amd64.deb
ARM
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_arm.deb
Intel IA-32
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_i386.deb
Intel IA-64
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_ia64.deb
HP Precision
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_hppa.deb
Motorola 680x0
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_m68k.deb
Big endian MIPS
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_mips.deb
Little endian MIPS
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_mipsel.deb
PowerPC
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_powerpc.deb
IBM S/390
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_s390.deb
Sun Sparc
http://security.debian.org/pool/updates/main/c/cfengine2/cfengine2_2.1.14-1sarge1_sparc.deb

Mandriva

Mandrakelinux 10.1
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/cfengine-1.6.5-4.3.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/cfengine-1.6.5-4.3.101mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/cfengine-1.6.5-4.3.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/cfengine-1.6.5-4.3.101mdk.src.rpm

Corporate Server 2.1
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/cfengine-1.6.3-8.3.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/cfengine-1.6.3-8.3.C21mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/cfengine-1.6.3-8.3.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/cfengine-1.6.3-8.3.C21mdk.src.rpm

Corporate Server 3.0
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/cfengine-1.6.5-3.3.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/cfengine-1.6.5-3.3.C30mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/cfengine-1.6.5-3.3.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/cfengine-1.6.5-3.3.C30mdk.src.rpm

Mandrivalinux LE2005
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/cfengine-2.1.12-7.2.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/cfengine-cfservd-2.1.12-7.2.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/cfengine-2.1.12-7.2.102mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/cfengine-2.1.12-7.2.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/cfengine-cfservd-2.1.12-7.2.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/cfengine-2.1.12-7.2.102mdk.src.rpm

Mandrivalinux 2006
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/cfengine-base-2.1.15-2.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/cfengine-cfagent-2.1.15-2.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/cfengine-cfenvd-2.1.15-2.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/cfengine-cfexecd-2.1.15-2.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/cfengine-cfservd-2.1.15-2.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/cfengine-2.1.15-2.2.20060mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/cfengine-base-2.1.15-2.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/cfengine-cfagent-2.1.15-2.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/cfengine-cfenvd-2.1.15-2.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/cfengine-cfexecd-2.1.15-2.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/cfengine-cfservd-2.1.15-2.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/cfengine-2.1.15-2.2.20060mdk.src.rpm

Identificadores estándar

Propiedad Valor
CVE CAN-2005-2960
CAN-2005-3137
BID

Recursos adicionales

Debian Security Advisory (DSA 835-1)
http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00228.html

Debian Security Advisory (DSA 836-1)
http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00229.html

Mandriva Security Advisory (MDKSA-2005:184)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:184

Histórico de versiones

Versión Comentario Fecha
1.0 Aviso emitido 2005-10-07
1.1 Aviso emitido por Mandriva (MDKSA-2005:184) 2005-10-19

Miembros de

Ministerio de Defensa
CNI
CCN
CCN-CERT