漏洞信息详情
Net-SNMP snmpnetstat远程基于堆溢出漏洞
- CNNVD编号:CNNVD-200311-020
- 危害等级: 高危
- CVE编号: CVE-2002-1570
- 漏洞类型: 缓冲区溢出
- 发布时间: 2003-11-03
- 威胁类型: 远程
- 更新时间: 2006-09-22
- 厂 商: ucd-snmp
- 漏洞来源: and published in an Axioma advisory on December 3, 2001.');">Discovered by Juan...
漏洞简介
ucd-snmp 4.2.3及其早期版本中的snmpnetstat和net-snmp存在基于堆的缓冲区溢出漏洞。远程攻击者可以通过多个具有和ifindex变量冲突的getnextrequest PDU信息执行任意代码,该漏洞导致snmpnetstat写入变量数据越过数组末尾。
漏洞公告
SCO have released an advisory (CSSA-2003-029.0) and fixes to address this issue in OpenLinux server and workstation. Affected users are advised to apply upgrades as soon as possible. Further information regarding the application of these upgrades is available in the referenced advisory. Fixes are linked below. Fixes are available: SCO OpenLinux Workstation 3.1.1
- SCO ucd-snmp-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02 9.0/RPMS/ucd-snmp-4.2.1-18.i386.rpm
- SCO ucd-snmp-devel-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02 9.0/RPMS/ucd-snmp-devel-4.2.1-18.i386.rpm
- SCO ucd-snmp-tkmib-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02 9.0/RPMS/ucd-snmp-tkmib-4.2.1-18.i386.rpm
- SCO ucd-snmp-utils-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02 9.0/RPMS/ucd-snmp-utils-4.2.1-18.i386.rpm
- SCO ucd-snmp-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R PMS/ucd-snmp-4.2.1-18.i386.rpm
- SCO ucd-snmp-devel-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R PMS/ucd-snmp-devel-4.2.1-18.i386.rpm
- SCO ucd-snmp-tkmib-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R PMS/ucd-snmp-tkmib-4.2.1-18.i386.rpm
- SCO ucd-snmp-utils-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R PMS/ucd-snmp-utils-4.2.1-18.i386.rpm
- Conectiva ucd-snmp-4.2.3-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-4.2.3-1U70_2cl.i 386.rpm
- Conectiva ucd-snmp-4.2.3-4U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-4.2.3-4U80_1cl.i38 6.rpm
- Conectiva ucd-snmp-devel-4.2.3-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-devel-4.2.3-1U70 _2cl.i386.rpm
- Conectiva ucd-snmp-devel-4.2.3-4U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-devel-4.2.3-4U80_1 cl.i386.rpm
- Conectiva ucd-snmp-devel-static-4.2.3-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-devel-static-4.2 .3-1U70_2cl.i386.rpm
- Conectiva ucd-snmp-devel-static-4.2.3-4U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-devel-static-4.2.3 -4U80_1cl.i386.rpm
- Conectiva ucd-snmp-utils-4.2.3-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-utils-4.2.3-1U70 _2cl.i386.rpm
- Conectiva ucd-snmp-utils-4.2.3-4U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-utils-4.2.3-4U80_1 cl.i386.rpm
参考网址
来源: XF 名称: netsnmp-snmpnetstat-heap-overflow(7776) 链接:http://xforce.iss.net/xforce/xfdb/7776 来源: BID 名称: 3780 链接:http://www.securityfocus.com/bid/3780 来源: BUGTRAQ 名称: 20020103 Heap overflow in snmpnetstat 链接:http://www.securityfocus.com/archive/1/248141 来源: CONECTIVA 名称: CLA-2003:696 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000696
受影响实体
- Ucd-Snmp Ucd-Snmp:4.2.3
补丁
暂无
评论