Multiple Vendor nvi Root Directory File Removal Vulnerability
BID:1439
Info
Multiple Vendor nvi Root Directory File Removal Vulnerability
| Bugtraq ID: | 1439 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Dec 30 1999 12:00AM |
| Updated: | Dec 30 1999 12:00AM |
| Credit: | Posted to BugTraq on December 30, 1999 by Loneguard <[email protected]> |
| Vulnerable: |
BSD nvi 1.7 x |
| Not Vulnerable: | |
Discussion
Multiple Vendor nvi Root Directory File Removal Vulnerability
From the Debian advisory: The version of nvi that was distributed with Debian GNU/Linux 2.1 has an error in the default /etc/init.d/nviboot script: it did not handle filenames with embedded spaces correctly. This made it possible to remove files in the root directory by creating entries in /var/tmp/vi.recover. This has been fixed in version 1.79-9.1 . We recommend you upgrade your nvi package immediately. If you use a customized version of nviboot please make sure your version does not suffer from this problem. If you upgrade dpkg will offer to replace it with the new safe version if needed.
Other distributions and / or operating systems may be vulnerable to this.
From the Debian advisory: The version of nvi that was distributed with Debian GNU/Linux 2.1 has an error in the default /etc/init.d/nviboot script: it did not handle filenames with embedded spaces correctly. This made it possible to remove files in the root directory by creating entries in /var/tmp/vi.recover. This has been fixed in version 1.79-9.1 . We recommend you upgrade your nvi package immediately. If you use a customized version of nviboot please make sure your version does not suffer from this problem. If you upgrade dpkg will offer to replace it with the new safe version if needed.
Other distributions and / or operating systems may be vulnerable to this.
Exploit / POC
Multiple Vendor nvi Root Directory File Removal Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Multiple Vendor nvi Root Directory File Removal Vulnerability
Solution:
Debian - Fixed in:
Source:
http://security.debian.org/dists/slink/updates/source/nvi_1.79-9.1.diff.gz
http://security.debian.org/dists/slink/updates/source/nvi_1.79-9.1.dsc
http://security.debian.org/dists/slink/updates/source/nvi_1.79.orig.tar.gz
alpha:
http://security.debian.org/dists/slink/updates/binary-alpha/nvi_1.79-9.1_alpha.deb
i386:
http://security.debian.org/dists/slink/updates/binary-i386/nvi_1.79-9.1_i386.deb
m68k:
http://security.debian.org/dists/slink/updates/binary-m68k/nvi_1.79-9.1_m68k.deb
sparc:
http://security.debian.org/dists/slink/updates/binary-sparc/nvi_1.79-9.1_sparc.deb
This has been fixed in FreeBSD 2.2-STABLE, 3.4-STABLE and 4.0-CURRENT (and later versions).
Solution:
Debian - Fixed in:
Source:
http://security.debian.org/dists/slink/updates/source/nvi_1.79-9.1.diff.gz
http://security.debian.org/dists/slink/updates/source/nvi_1.79-9.1.dsc
http://security.debian.org/dists/slink/updates/source/nvi_1.79.orig.tar.gz
alpha:
http://security.debian.org/dists/slink/updates/binary-alpha/nvi_1.79-9.1_alpha.deb
i386:
http://security.debian.org/dists/slink/updates/binary-i386/nvi_1.79-9.1_i386.deb
m68k:
http://security.debian.org/dists/slink/updates/binary-m68k/nvi_1.79-9.1_m68k.deb
sparc:
http://security.debian.org/dists/slink/updates/binary-sparc/nvi_1.79-9.1_sparc.deb
This has been fixed in FreeBSD 2.2-STABLE, 3.4-STABLE and 4.0-CURRENT (and later versions).
References
Multiple Vendor nvi Root Directory File Removal Vulnerability
References:
References: