XLoadImage压缩图像命令执行漏洞

admin
admin
admin
0
文章
0
评论
2022-07-18 18:24:05 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

XLoadImage压缩图像命令执行漏洞

  • CNNVD编号:CNNVD-200503-042
  • 危害等级: 高危
  • CVE编号: CVE-2005-0638
  • 漏洞类型: 输入验证
  • 发布时间: 2005-03-02
  • 威胁类型: 远程
  • 更新时间: 2005-10-20
  • 厂        商: suse
  • 漏洞来源: Tavis Ormandy is c...

漏洞简介

远程攻击者可以借助xloadimage 4.1-r2之前版本和xli 1.17之前版本,通过压缩图像文件名中的shell元字符执行任意命令,而这些元字符在调用gunzip指令时没有正确引用。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: xli xli 1.17 Debian xli_1.17.0-11woody1_alpha.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1 _alpha.deb Debian xli_1.17.0-11woody1_arm.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1 _arm.deb Debian xli_1.17.0-11woody1_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1 _hppa.deb Debian xli_1.17.0-11woody1_i386.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1 _i386.deb Debian xli_1.17.0-11woody1_ia64.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1 _ia64.deb Debian xli_1.17.0-11woody1_m68k.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1 _m68k.deb Debian xli_1.17.0-11woody1_mips.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1 _mips.deb Debian xli_1.17.0-11woody1_mipsel.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1 _mipsel.deb Debian xli_1.17.0-11woody1_powerpc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1 _powerpc.deb Debian xli_1.17.0-11woody1_s390.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1 _s390.deb Debian xli_1.17.0-11woody1_sparc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody1 _sparc.deb Mandriva xli-1.17.0-4.1.C21mdk.i586.rpm Mandrake Corporate Server 2.1 http://www1.mandrivalinux.com/en/ftp.php3 Mandriva xli-1.17.0-4.1.C21mdk.x86_64.rpm Mandrake Corporate Server 2.1/x86_64 http://www1.mandrivalinux.com/en/ftp.php3 Mandriva xli-1.17.0-8.1.101mdk.i586.rpm Mandrake Linux 10.1 http://www1.mandrivalinux.com/en/ftp.php3 Mandriva xli-1.17.0-8.1.101mdk.x86_64.rpm Mandrake Linux 10.1/x86_64 http://www1.mandrivalinux.com/en/ftp.php3 Mandriva xli-1.17.0-8.1.102mdk.i586.rpm Mandrake Linux 10.2 http://www1.mandrivalinux.com/en/ftp.php3 Mandriva xli-1.17.0-8.1.102mdk.x86_64.rpm Mandrake Linux 10.2/x86_64 http://www1.mandrivalinux.com/en/ftp.php3 Mandriva xli-1.17.0-8.2.C30mdk.i586.rpm Mandrake Corporate Server 3.0 http://www1.mandrivalinux.com/en/ftp.php3 Mandriva xli-1.17.0-8.2.C30mdk.x86_64.rpm Mandrake Corporate Server 3.0/x86_64 http://www1.mandrivalinux.com/en/ftp.php3 xloadimage xloadimage 4.1 Fedora xloadimage-4.1-34.FC2.i386.rpm RedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ Fedora xloadimage-4.1-34.FC2.x86_64.rpm RedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ Fedora xloadimage-4.1-34.FC3.i386.rpm RedHat Fedora Core 3 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ Fedora xloadimage-4.1-34.FC3.x86_64.rpm RedHat Fedora Core 3 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ Fedora xloadimage-debuginfo-4.1-34.FC2.i386.rpm RedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ Fedora xloadimage-debuginfo-4.1-34.FC2.x86_64.rpm RedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ Fedora xloadimage-debuginfo-4.1-34.FC3.i386.rpm RedHat Fedora Core 3 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ Fedora xloadimage-debuginfo-4.1-34.FC3.x86_64.rpm RedHat Fedora Core 3 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/ RedHat xloadimage-4.1-21.2.legacy.i386.rpm Red Hat Linux 7.3: http://download.fedoralegacy.org/redhat/7.3/updates/i386/xloadimage-4. 1-21.2.legacy.i386.rpm RedHat xloadimage-4.1-27.2.legacy.i386.rpm Red Hat Linux 9: http://download.fedoralegacy.org/redhat/9/updates/i386/xloadimage-4.1- 27.2.legacy.i386.rpm RedHat xloadimage-4.1-29.2.legacy.i386.rpm Fedora Core 1: http://download.fedoralegacy.org/fedora/1/updates/i386/xloadimage-4.1- 29.2.legacy.i386.rpm RedHat xloadimage-4.1-34.FC2.2.legacy.i386.rpm Fedora Core 2: http://download.fedoralegacy.org/fedora/2/updates/i386/xloadimage-4.1- 34.FC2.2.legacy.i386.rpm TurboLinux xloadimage-4.1-22.i586.rpm ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/xloadimage-4.1-22.i586.rpm TurboLinux xloadimage-4.1-22.i586.rpm ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/xloadimage-4.1-22.i586.rpm TurboLinux xloadimage-4.1-22.i586.rpm ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/xloadimage-4.1-22.i586.rpm TurboLinux xloadimage-4.1-22.i586.rpm ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/xloadimage-4.1-22.i586.rpm TurboLinux xloadimage-4.1-22.i586.rpm ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/xloadimage-4.1-22.i586.rpm TurboLinux xloadimage-4.1-22.i586.rpm ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/xloadimage-4.1-22.i586.rpm

参考网址

来源: SECUNIA 名称: 14459 链接:http://secunia.com/advisories/14459 来源: DEBIAN 名称: DSA-695 链接:http://www.debian.org/security/2005/dsa-695 来源: GENTOO 名称: GLSA-200503-05 链接:http://security.gentoo.org/glsa/glsa-200503-05.xml 来源: SECUNIA 名称: 14462 链接:http://secunia.com/advisories/14462 来源: bugs.gentoo.org 链接:http://bugs.gentoo.org/show_bug.cgi?id=79762 来源: BID 名称: 12712 链接:http://www.securityfocus.com/bid/12712 来源: FEDORA 名称: FLSA-2006:152923 链接:http://www.securityfocus.com/archive/1/archive/1/433935/30/5010/threaded 来源: REDHAT 名称: RHSA-2005:332 链接:http://www.redhat.com/support/errata/RHSA-2005-332.HTML 来源: OSVDB 名称: 14365 链接:http://www.osvdb.org/14365 来源: support.avaya.com 链接:http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf

受影响实体

  • Suse Suse_linux:6.1:Alpha  
  • Suse Suse_linux:6.2  
  • Suse Suse_linux:6.3  
  • Suse Suse_linux:6.3:Ppc  
  • Suse Suse_linux:6.3:Alpha  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0