漏洞信息详情
MiMMS 媒体流处理 远程栈溢出漏洞
- CNNVD编号:CNNVD-200606-511
- 危害等级: 中危
- CVE编号: CVE-2006-2200
- 漏洞类型: 缓冲区溢出
- 发布时间: 2006-06-27
- 威胁类型: 远程
- 更新时间: 2006-07-25
- 厂 商: mimms
- 漏洞来源: Anon Sricharoencha...
漏洞简介
MiMMS是一款使用MMS协议下载并保存流媒体的程序。
MiMMS在处理畸形的数据时,远程攻击者可能利用此漏洞在用用户机器上执行任意指令。
MiMMS的get_header()和get_media_packet函数在从服务器读取数据时存在栈溢出漏洞。如果用户受骗连接到了恶意的服务器的话,就会触发这个漏洞,导致执行任意代码。
漏洞公告
目前厂商已经发布了相关补丁,请到厂商的主页下载:
Slackware Linux 11.0
Slackware xine-lib-1.1.3-i686-1_slack11.0.tgz
11.0:
ftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/ xine-lib-1.1.3-i686-1_slack11.0.tgz
MiMMS mimms 0.0.9
Ubuntu libmms-dev_0.1-0ubuntu1.1_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1 -0ubuntu1.1_amd64.deb
Ubuntu libmms-dev_0.1-0ubuntu1.1_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1 -0ubuntu1.1_i386.deb
Ubuntu libmms-dev_0.1-0ubuntu1.1_sparc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms-dev_0.1 -0ubuntu1.1_sparc.deb
Ubuntu libmms0_0.1-0ubuntu1.1_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0u buntu1.1_amd64.deb
Ubuntu libmms0_0.1-0ubuntu1.1_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0u buntu1.1_powerpc.deb
Ubuntu libmms0_0.1-0ubuntu1.1_sparc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/libm/libmms/libmms0_0.1-0u buntu1.1_sparc.deb
Slackware Linux 10.0
Slackware xine-lib-1.1.3-i686-1_slack10.0.tgz
Slackware 10.0:
ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ xine-lib-1.1.3-i686-1_slack10.0.tgz
Slackware Linux 10.1
Slackware xine-lib-1.1.3-i686-1_slack10.1.tgz
Slackware 10.1:
ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/ xine-lib-1.1.3-i686-1_slack10.1.tgz
Slackware Linux 10.2
Slackware xine-lib-1.1.3-i686-1_slack10.2.tgz
Slackware 10.2:
ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ xine-lib-1.1.3-i686-1_slack10.2.tgz
Slackware Linux 9.1
Slackware xine-lib-1.1.3-i686-1_slack9.1.tgz
Slackware 9.1:
ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/x ine-lib-1.1.3-i686-1_slack9.1.tgz
参考网址
来源: UBUNTU
名称: USN-315-1
链接:http://www.ubuntu.com/usn/usn-315-1
来源: UBUNTU
名称: USN-309-1
链接:http://www.ubuntu.com/usn/usn-309-1
来源: BID
名称: 18608
链接:http://www.securityfocus.com/bid/18608
来源: VUPEN
名称: ADV-2006-2487
链接:http://www.frsirt.com/english/advisories/2006/2487
来源: SECUNIA
名称: 21036
链接:http://secunia.com/advisories/21036
来源: SECUNIA
名称: 21023
链接:http://secunia.com/advisories/21023
来源: SECUNIA
名称: 20964
链接:http://secunia.com/advisories/20964
来源: SECUNIA
名称: 20948
链接:http://secunia.com/advisories/20948
来源: SECUNIA
名称: 20749
链接:http://secunia.com/advisories/20749
来源: MANDRIVA
名称: MDKSA-2006:121
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:121
来源: MANDRIVA
名称: MDKSA-2006:117
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:117
来源: bugs.debian.org
链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=374577
来源: MANDRIVA
名称: MDKSA-2006:121
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:121
来源: MANDRIVA
名称: MDKSA-2006:117
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:117
来源: sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=468432
来源: SLACKWARE
名称: SSA:2006-357-05
链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842
来源: GENTOO
名称: GLSA-200607-07
链接:http://security.gentoo.org/glsa/glsa-200607-07.xml
来源: SECUNIA
名称: 23512
链接:http://secunia.com/advisories/23512
来源: SECUNIA
名称: 23218
链接:http://secunia.com/advisories/23218
来源: SECUNIA
名称: 21139
链接:http://secunia.com/advisories/21139
受影响实体
- Mimms Mimms:0.0.9
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论