Heimdal RSHD未明漏洞

CNNVD-ID编号	CNNVD-200602-075
CVE编号	CVE-2006-0582
发布时间	2006-02-07
更新时间	2006-03-29
漏洞类型	设计错误
漏洞来源	N/A
危险等级	低危
威胁类型	本地
厂商	kth

漏洞介绍

Heimdal rshl文件中存在未明漏洞。在存储转发的凭证时，攻击者可以借助未知向量覆盖任意文件并更改文件的所有权。

漏洞补丁

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Heimdal Heimdal 0.6

Heimdal Heimdal 0.6.6

ftp://ftp.pdc.kth.se/pub/heimdal/src/

Heimdal Heimdal 0.6.1

Heimdal Heimdal 0.6.6

ftp://ftp.pdc.kth.se/pub/heimdal/src/

SuSE heimdal-0.6.1rc3-55.21.i586.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/

SuSE heimdal-0.6.1rc3-55.21.x86_64.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/heimdal-0.6.1 rc3-55.21.x86_64.rpm

SuSE heimdal-devel-0.6.1rc3-55.21.i586.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/

SuSE heimdal-devel-0.6.1rc3-55.21.x86_64.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/heimdal-0.6.1 rc3-55.21.x86_64.rpm

SuSE heimdal-lib-0.6.1rc3-55.21.i586.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/

SuSE heimdal-lib-0.6.1rc3-55.21.x86_64.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/heimdal-0.6.1 rc3-55.21.x86_64.rpm

SuSE heimdal-lib-32bit-9.1-200602210606.i586.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/

SuSE heimdal-tools-devel-0.6.2-8.4.x86_64.rpm

SUSE LINUX 9.1:

ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/heimdal-0.6.1 rc3-55.21.x86_64.rpm

Heimdal Heimdal 0.6.2

Heimdal Heimdal 0.6.6

ftp://ftp.pdc.kth.se/pub/heimdal/src/

SuSE heimdal-0.6.2-8.6.i586.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/

SuSE heimdal-0.6.2-8.6.i586.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/heimdal-0.6.2-8.6 .i586.rpm

SuSE heimdal-0.6.2-8.6.x86_64.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/

SuSE heimdal-0.6.2-8.6.x86_64.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-0.6.2-8 .6.x86_64.rpm

SuSE heimdal-devel-0.6.2-8.6.i586.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/

SuSE heimdal-devel-0.6.2-8.6.i586.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/heimdal-devel-0.6 .2-8.6.i586.rpm

SuSE heimdal-devel-0.6.2-8.6.x86_64.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-devel-0 .6.2-8.6.x86_64.rpm

SuSE heimdal-devel-32bit-9.2-200602211039.x86_64.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-devel-3 2bit-9.2-200602211039.x86_64.rpm

SuSE heimdal-lib-0.6.2-8.6.i586.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/

SuSE heimdal-lib-0.6.2-8.6.i586.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/heimdal-lib-0.6.2 -8.6.i586.rpm

SuSE heimdal-lib-0.6.2-8.6.x86_64.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-lib-0.6 .2-8.6.x86_64.rpm

SuSE heimdal-tools-0.6.2-8.4.i586.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/

SuSE heimdal-tools-devel-0.6.2-8.4.i586.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/

SuSE heimdal-tools-devel-0.6.2-8.4.x86_64.rpm

SUSE LINUX 9.2:

ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/heimdal-tools-d evel-0.6.2-8.4.x86_64.rpm

Ubuntu heimdal-clients-x_0.6.2-3ubuntu0.2_amd64.deb

Ubuntu 4.10:

http://security.ubuntu.com/ubuntu/pool/universe/h/heimdal/heimdal-clie nts-x_0.6.2-3ubuntu0.2_amd64.deb

Ubuntu heimdal-clients-x_0.6.2-3ubuntu0.2_i386.deb

Ubuntu 4.10:

http://security.ubuntu.com/ubuntu/pool/universe/h/heimdal/heimdal-clie nts-x_0.6.2-3ubuntu0.2_i386.deb

Ubuntu heimdal-clients-x_0.6.2-3ubuntu0.2_powerpc.deb

Ubuntu 4.10:

http://security.ubuntu.com/ubuntu/pool/universe/h/heimdal/heimdal-clie nts-x_0.6.2-3ubuntu0.2_powerpc.deb

Ubuntu heimdal-clients_0.6.2-3ubuntu0.2_amd64.deb

Ubuntu 4.10:

http://security.ubuntu.com/ubuntu/pool/universe/h/heimdal/heimdal-clie nts_0.6.2-3ubuntu0.2_amd64.deb

Ubuntu heimdal-clients_0.6.2-3ubuntu0.2_i386.deb

Ubuntu 4.10:

http://security.ubuntu.com/ubuntu/pool/universe/h/heimdal/heimdal-clie nts_0.6.2-3ubuntu0.2_i386.deb

Ubuntu heimdal-clients_0.6.

参考网址

来源: XF

名称: heimdal-rshd-privilege-elevation(24532)

链接：http://xforce.iss.net/xforce/xfdb/24532
来源: BID

名称: 16524

链接：http://www.securityfocus.com/bid/16524
来源: SUSE

名称: SUSE-SA:2006:011

链接：http://www.securityfocus.com/archive/1/archive/1/426043/100/0/threaded
来源: www.pdc.kth.se

链接：http://www.pdc.kth.se/heimdal/advisory/2006-02-06/
来源: GENTOO

名称: GLSA-200603-14

链接：http://www.gentoo.org/security/en/glsa/glsa-200603-14.xml
来源: VUPEN

名称: ADV-2006-0456

链接：http://www.frsirt.com/english/advisories/2006/0456
来源: DEBIAN

名称: DSA-977

链接：http://www.debian.org/security/2006/dsa-977
来源: SECUNIA

名称: 19302

链接：http://secunia.com/advisories/19302
来源: SECUNIA

名称: 19005

链接：http://secunia.com/advisories/19005
来源: SECUNIA

名称: 18894

链接：http://secunia.com/advisories/18894
来源: SECUNIA

名称: 18806

链接：http://secunia.com/advisories/18806
来源: SECUNIA

名称: 18733

链接：http://secunia.com/advisories/18733
来源: UBUNTU

名称: USN-247-1

链接：http://www.ubuntulinux.org/support/documentation/usn/usn-247-1
来源: UBUNTU

名称: USN-253-1

链接：http://www.ubuntu.com/usn/usn-253-1
来源: MLIST

名称: [heimdal-discuss] 20060206 Heimdal 0.7.2 and 0.6.6

链接：http://www.stacken.kth.se/lists/heimdal-discuss/2006-02/msg00028.html
来源: OSVDB

名称: 22986

链接：http://www.osvdb.org/22986
来源: VUPEN

名称: ADV-2006-0628

链接：http://www.frsirt.com/english/advisories/2006/0628

受影响实体

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-075