Net-SNMP snmpnetstat远程基于堆溢出漏洞

admin
admin
admin
0
文章
0
评论
2022-07-18 15:33:51 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Net-SNMP snmpnetstat远程基于堆溢出漏洞

  • CNNVD编号:CNNVD-200311-020
  • 危害等级: 高危
  • CVE编号: CVE-2002-1570
  • 漏洞类型: 缓冲区溢出
  • 发布时间: 2003-11-03
  • 威胁类型: 远程
  • 更新时间: 2006-09-22
  • 厂        商: ucd-snmp
  • 漏洞来源: and published in an Axioma advisory on December 3, 2001.');">Discovered by Juan...

漏洞简介

ucd-snmp 4.2.3及其早期版本中的snmpnetstat和net-snmp存在基于堆的缓冲区溢出漏洞。远程攻击者可以通过多个具有和ifindex变量冲突的getnextrequest PDU信息执行任意代码,该漏洞导致snmpnetstat写入变量数据越过数组末尾。

漏洞公告

SCO have released an advisory (CSSA-2003-029.0) and fixes to address this issue in OpenLinux server and workstation. Affected users are advised to apply upgrades as soon as possible. Further information regarding the application of these upgrades is available in the referenced advisory. Fixes are linked below. Fixes are available: SCO OpenLinux Workstation 3.1.1

  • SCO ucd-snmp-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02 9.0/RPMS/ucd-snmp-4.2.1-18.i386.rpm
  • SCO ucd-snmp-devel-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02 9.0/RPMS/ucd-snmp-devel-4.2.1-18.i386.rpm
  • SCO ucd-snmp-tkmib-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02 9.0/RPMS/ucd-snmp-tkmib-4.2.1-18.i386.rpm
  • SCO ucd-snmp-utils-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02 9.0/RPMS/ucd-snmp-utils-4.2.1-18.i386.rpm
SCO OpenLinux Server 3.1.1
  • SCO ucd-snmp-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R PMS/ucd-snmp-4.2.1-18.i386.rpm
  • SCO ucd-snmp-devel-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R PMS/ucd-snmp-devel-4.2.1-18.i386.rpm
  • SCO ucd-snmp-tkmib-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R PMS/ucd-snmp-tkmib-4.2.1-18.i386.rpm
  • SCO ucd-snmp-utils-4.2.1-18.i386.rpm ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R PMS/ucd-snmp-utils-4.2.1-18.i386.rpm
Net-SNMP ucd-snmp 4.2.3
  • Conectiva ucd-snmp-4.2.3-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-4.2.3-1U70_2cl.i 386.rpm
  • Conectiva ucd-snmp-4.2.3-4U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-4.2.3-4U80_1cl.i38 6.rpm
  • Conectiva ucd-snmp-devel-4.2.3-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-devel-4.2.3-1U70 _2cl.i386.rpm
  • Conectiva ucd-snmp-devel-4.2.3-4U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-devel-4.2.3-4U80_1 cl.i386.rpm
  • Conectiva ucd-snmp-devel-static-4.2.3-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-devel-static-4.2 .3-1U70_2cl.i386.rpm
  • Conectiva ucd-snmp-devel-static-4.2.3-4U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-devel-static-4.2.3 -4U80_1cl.i386.rpm
  • Conectiva ucd-snmp-utils-4.2.3-1U70_2cl.i386.rpm ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-utils-4.2.3-1U70 _2cl.i386.rpm
  • Conectiva ucd-snmp-utils-4.2.3-4U80_1cl.i386.rpm ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-utils-4.2.3-4U80_1 cl.i386.rpm

参考网址

来源: XF 名称: netsnmp-snmpnetstat-heap-overflow(7776) 链接:http://xforce.iss.net/xforce/xfdb/7776 来源: BID 名称: 3780 链接:http://www.securityfocus.com/bid/3780 来源: BUGTRAQ 名称: 20020103 Heap overflow in snmpnetstat 链接:http://www.securityfocus.com/archive/1/248141 来源: CONECTIVA 名称: CLA-2003:696 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000696

受影响实体

  • Ucd-Snmp Ucd-Snmp:4.2.3  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
Mac OS X漏洞 CNNVD漏洞

Mac OS X漏洞

漏洞信息详情Mac OS X漏洞CNNVD编号:CNNVD-200311-022危害等级: 中危CVE编号:CVE-2003-0880漏洞类型:未知发布时间:2003-11-0
07-180 评论
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0