Vulnerabilities > CVE-2002-0875

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
sgi
debian
nessus
exploit available
NVD
Published: 2002-09-05
Updated: 2008-09-10

Summary

Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.

Vulnerable Configurations

Part Description Count
Application
Sgi
2
OS
Sgi
3
OS
Debian
1

Exploit-Db

descriptionSGI IRIX 6.5.x FAM Arbitrary Root Owned Directory File Listing Vulnerability. CVE-2002-0875. Local exploit for irix platform
idEDB-ID:21720
last seen2016-02-02
modified2002-08-16
published2002-08-16
reporterMichael Wardle
sourcehttps://www.exploit-db.com/download/21720/
titleSGI IRIX 6.5.x FAM Arbitrary Root Owned Directory File Listing Vulnerability

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-005.NASL
    descriptionUpdated fam packages that fix an information disclosure bug are now available. FAM, the File Alteration Monitor, provides a daemon and an API which applications can use for notification of changes in specific files or directories. A bug has been found in the way FAM handles group permissions. It is possible that a local unprivileged user can use a flaw in FAM
    last seen2020-06-01
    modified2020-06-02
    plugin id16108
    published2005-01-06
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16108
    titleRHEL 2.1 : fam (RHSA-2005:005)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2005:005. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(16108);
  script_version ("1.23");
  script_cvs_date("Date: 2019/10/25 13:36:10");

  script_cve_id("CVE-2002-0875");
  script_xref(name:"RHSA", value:"2005:005");

  script_name(english:"RHEL 2.1 : fam (RHSA-2005:005)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Updated fam packages that fix an information disclosure bug are now
available.

FAM, the File Alteration Monitor, provides a daemon and an API which
applications can use for notification of changes in specific files or
directories.

A bug has been found in the way FAM handles group permissions. It is
possible that a local unprivileged user can use a flaw in FAM's group
handling to discover the names of files which are only viewable to
users in the 'root' group. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CVE-2002-0875 to this
issue. This issue only affects the version of FAM shipped with Red Hat
Enterprise Linux 2.1.

Users of FAM should update to these updated packages which contain
backported patches and are not vulnerable to this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2002-0875"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2005:005"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected fam and / or fam-devel packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fam");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fam-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2002/09/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2005/01/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2005:005";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"fam-2.6.4-12")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"fam-devel-2.6.4-12")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_NOTE,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "fam / fam-devel");
  }
}
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-154.NASL
    descriptionA flawwas discovered in FAM
    last seen2020-06-01
    modified2020-06-02
    plugin id14991
    published2004-09-29
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14991
    titleDebian DSA-154-1 : fam - privilege escalation
    code
    #%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-154. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(14991);
  script_version("1.17");
  script_cvs_date("Date: 2019/08/02 13:32:17");

  script_cve_id("CVE-2002-0875");
  script_bugtraq_id(5487);
  script_xref(name:"DSA", value:"154");

  script_name(english:"Debian DSA-154-1 : fam - privilege escalation");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A flawwas discovered in FAM's group handling. In the effect users are
unable to read FAM directories they have group read and execute
permissions on. However, also unprivileged users can potentially learn
names of files that only users in root's group should be able to view.

This problem been fixed in version 2.6.6.1-5.2 for the current stable
stable distribution (woody) and in version 2.6.8-1 (or any later
version) for the unstable distribution (sid). The old stable
distribution (potato) is not affected, since it doesn't contain fam
packages."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://oss.sgi.com/bugzilla/show_bug.cgi?id=151"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2002/dsa-154"
  );
  script_set_attribute(attribute:"solution", value:"Upgrade the fam packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:fam");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/08/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"3.0", prefix:"fam", reference:"2.6.6.1-5.2")) flag++;
if (deb_check(release:"3.0", prefix:"libfam-dev", reference:"2.6.6.1-5.2")) flag++;
if (deb_check(release:"3.0", prefix:"libfam0", reference:"2.6.6.1-5.2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());
  else security_note(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Redhat

advisories
rhsa
idRHSA-2005:005

References