漏洞信息详情

GTetrinet tetrinet.c程序数组索引错误漏洞

• CNNVD编号：CNNVD-200608-505
• 危害等级： 中危
  
• CVE编号： CVE-2006-3125
• 漏洞类型： 资料不足
• 发布时间： 2006-08-31
• 威胁类型： 远程
• 更新时间： 2006-09-15
• 厂        商： gtetrinet
• 漏洞来源： Michael Gehring is...

漏洞简介

gtetrinet 0.7.8及早期版本的tetrinet.c程序存在数组索引错误，远程攻击者可借助将玩家数指定为负数的数据包来执行任意代码。而玩家数会被用于数组索引。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

GTetrinet GTetrinet 0.7.8

Debian gtetrinet_0.7.8-1sarge2_alpha.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_alpha.deb

Debian gtetrinet_0.7.8-1sarge2_amd64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_amd64.deb

Debian gtetrinet_0.7.8-1sarge2_arm.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_arm.deb

Debian gtetrinet_0.7.8-1sarge2_hppa.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_hppa.deb

Debian gtetrinet_0.7.8-1sarge2_i386.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_i386.deb

Debian gtetrinet_0.7.8-1sarge2_ia64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_ia64.deb

Debian gtetrinet_0.7.8-1sarge2_m68k.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_m68k.deb

Debian gtetrinet_0.7.8-1sarge2_mips.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_mips.deb

Debian gtetrinet_0.7.8-1sarge2_mipsel.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_mipsel.deb

Debian gtetrinet_0.7.8-1sarge2_powerpc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_powerpc.deb

Debian gtetrinet_0.7.8-1sarge2_s390.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_s390.deb

Debian gtetrinet_0.7.8-1sarge2_sparc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_sparc.deb

参考网址

来源: DEBIAN

名称: DSA-1163

链接:http://www.debian.org/security/2006/dsa-1163

来源: GENTOO

名称: GLSA-200609-02

链接:http://security.gentoo.org/glsa/glsa-200609-02.xml

来源: SECUNIA

名称: 21800

链接:http://secunia.com/advisories/21800

来源: SECUNIA

名称: 21704

链接:http://secunia.com/advisories/21704

来源: XF

名称: gtetrinet-array-indexing-code-execution(28683)

链接:http://xforce.iss.net/xforce/xfdb/28683

来源: BID

名称: 19766

链接:http://www.securityfocus.com/bid/19766

来源: SUSE

名称: SUSE-SR:2006:021

链接:http://www.novell.com/linux/security/advisories/2006_21_sr.HTML

来源: SECUNIA

名称: 21691

链接:http://secunia.com/advisories/21691

来源: OSVDB

名称: 28269

链接:http://www.osvdb.org/28269

来源: SECUNIA

名称: 21749

链接:http://secunia.com/advisories/21749

受影响实体

• Gtetrinet Gtetrinet:0.7.8  

补丁

暂无