发布日期:2008-03-17
更新日期:2008-03-19
受影响系统:
Apple MacOS X Server 10.5.2
描述:
BUGTRAQ ID: 28278
CVE(CAN) ID: CVE-2008-1000
Mac OS X Server也被称为Leopard Server,是苹果发布的集成了多种功能的服务器。
MacOS X Server中默认启用的python Web服务器Wiki Server受目录遍历攻击的影响,远程攻击者可能利用此漏洞控制服务器。
可以编辑wiki内容的用户可以上传文件替换wiki服务器可写入的内容,导致以wiki服务器的权限执行任意代码。以下是/usr/share/wikid/lib/python/apple_wlt/ContentServer.py文件中有漏洞的代码段:
/-----------
def uploadFileCallback(self, result):
filename, filetype, aFile = result[1][self.type][0]
filename = filename.decode('utf-8')
filename = filename.split('\\')[-1] # IE sends the whole path,
including your local username.
extension = filename.split('.')[-1]
oldFilename = filename
uploadType = os.path.split(self.fullpath)[-1]
if uploadType == "images":
filename = SettingsManager.findGoodName() + '.' + extension
logging.debug("beginning file upload: %s" % filename)
isImage = filenameIsImage(filename)
newPath = ImageUtilities.findUniqueFileName(os.path.join(self.fullpath,
filename), isImage = (not uploadType == 'attachments'))
newFilename = os.path.basename(newPath)
if uploadType == "attachments":
newParentFolder = os.path.dirname(newPath)
os.mkdir(newParentFolder)
newFilename = os.path.join(os.path.basename(newParentFolder), filename)
[...]
- -----------/
Apple:目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=18157&cat=57&platform=osx&method=sa/SecUpd2008-002.dmg
(责任编辑:高爽)
