漏洞信息详情

XFree86 Xserver缓冲区溢出漏洞

• CNNVD编号：CNNVD-200004-037
• 危害等级： 高危
  
• CVE编号： CVE-2000-0285
• 漏洞类型： 缓冲区溢出
• 发布时间： 2000-04-16
• 威胁类型： 本地
• 更新时间： 2005-05-02
• 厂        商： xfree86_project
• 漏洞来源： ');">Posted to BugTraq ...

漏洞简介

XFree86 3.3.x存在缓冲区溢出漏洞，本地用户可以通过超长-xkbmap变量执行任意指令。

漏洞公告

This vulnerability has been addressed in the latest version of XFree86. XFree86 X11R6 3.3.6

• Debian 2.2 all rstart_3.3.6-11potato32_all.deb http://security.debian.org/dists/stable/updates/main/binary-all/rstart _3.3.6-11potato32_all.deb
• Debian 2.2 all xbase_3.3.6-11potato32_all.deb http://security.debian.org/dists/stable/updates/main/binary-all/xbase_ 3.3.6-11potato32_all.deb
• Debian 2.2 all xfree86-common_3.3.6-11potato32_all.deb http://security.debian.org/dists/stable/updates/main/binary-all/xfree8 6-common_3.3.6-11potato32_all.deb
• Debian 2.2 alpha rstartd_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/rsta rtd_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha twm_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/twm_ 3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xbase-clients_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xbas e-clients_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xdm_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xdm_ 3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xext_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xext _3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xf86setup_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xf86 setup_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xfs_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xfs_ 3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xlib6g-dev_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xlib 6g-dev_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xlib6g-static_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xlib 6g-static_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xlib6g_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xlib 6g_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xmh_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xmh_ 3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xnest_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xnes t_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xproxy_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xpro xy_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xprt_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xprt _3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-3dlabs_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-3dlabs_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-common_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-common_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-fbdev_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-fbdev_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-i128_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-i128_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-mach64_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-mach64_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-mono_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-mono_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-p9000_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-p9000_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-s3v_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-s3v_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-svga_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/xser ver-svga_3.3.6-11potato32_alpha.deb
• Debian 2.2 alpha xserver-tga_3.3.6-11potato32_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alp

参考网址

来源: BUGTRAQ 名称: 20000416 XFree86 server overflow 链接:http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.HTML 来源: BID 名称: 1306 链接:http://www.securityfocus.com/bid/1306

受影响实体

• Xfree86_project X11r6:3.3.6  
• Xfree86_project X11r6:4.0  

补丁

暂无