漏洞信息详情

EZ-IPupdate远程格式化字符串漏洞

• CNNVD编号：CNNVD-200502-033
• 危害等级： 超危
  
• CVE编号： CVE-2004-0980
• 漏洞类型： 格式化字符串
• 发布时间： 2005-02-09
• 威胁类型： 远程
• 更新时间： 2005-10-20
• 厂        商： gentoo
• 漏洞来源： Discovery credited...

漏洞简介

ez-ipupdate是一款提供动态DNS服务的客户端软件。 ez-ipupdate 3.0.10至3.0.11b8的ez-ipupdate.c中的格式化字符串漏洞，在以守护程序模式运行并使用特定的服务类型时，可让远程服务器执行任意代码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接： Angus Mackay ez-ipupdate 3.0.11 b5 Debian ez-ipupdate_3.0.11b5-1woody2_alpha.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_alpha.deb Debian ez-ipupdate_3.0.11b5-1woody2_arm.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_arm.deb Debian ez-ipupdate_3.0.11b5-1woody2_hppa.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_hppa.deb Debian ez-ipupdate_3.0.11b5-1woody2_i386.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_i386.deb Debian ez-ipupdate_3.0.11b5-1woody2_ia64.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_ia64.deb Debian ez-ipupdate_3.0.11b5-1woody2_m68k.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_m68k.deb Debian ez-ipupdate_3.0.11b5-1woody2_mips.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_mips.deb Debian ez-ipupdate_3.0.11b5-1woody2_mipsel.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_mipsel.deb Debian ez-ipupdate_3.0.11b5-1woody2_powerpc.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_powerpc.deb Debian ez-ipupdate_3.0.11b5-1woody2_s390.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_s390.deb Debian ez-ipupdate_3.0.11b5-1woody2_sparc.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_sparc.deb Angus Mackay ez-ipupdate 3.0.11 b8 Mandrake ez-ipupdate-3.0.11b8-2.1.100mdk.amd64.rpm Mandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.100mdk.i586.rpm Mandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.101mdk.i586.rpm Mandrake Linux 10.1 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.101mdk.x86_64.rpm Mandrake Linux 10.1/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.92mdk.amd64.rpm Mandrake Linux 9.2/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.92mdk.i586.rpm Mandrake Linux 9.2 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.C21mdk.i586.rpm Mandrake Corporate Server 2.1 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.C21mdk.x86_64.rpm Mandrake Corporate Server 2.1/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.M82mdk.i586.rpm Mandrake Multi Network Firewall 8.2 http://www.mandrakesecure.net/en/ftp.php

参考网址

来源: BID 名称: 11657 链接:http://www.securityfocus.com/bid/11657 来源: GENTOO 名称: GLSA-200411-20 链接:http://www.gentoo.org/security/en/glsa/glsa-200411-20.xml 来源: XF 名称: eziupdate-showmessage-format-string(18032) 链接:http://xforce.iss.net/xforce/xfdb/18032 来源: DEBIAN 名称: DSA-592 链接:http://www.debian.org/security/2004/dsa-592 来源: SECUNIA 名称: 13167 链接:http://secunia.com/advisories/13167/ 来源: FULLDISC 名称: 20041111 ez-ipupdate format string bug 链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028590.HTML 来源: MANDRAKE 名称: MDKSA-2004:129 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:129

受影响实体

• Gentoo Linux  

补丁

暂无