漏洞信息详情
ISC DHCPD NSUPDATE MiniRes库远程缓冲区溢出漏洞
- CNNVD编号:CNNVD-200301-034
- 危害等级: 高危
- CVE编号: CVE-2003-0026
- 漏洞类型: 边界条件错误
- 发布时间: 2003-01-17
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: isc
- 漏洞来源: ISC Developers
漏洞简介
DHCPD是动态主机配置协议,提供通过TCP/IP网络对主机传递配置信息。 DHCPD包含的minires库在处理主机名时没有进行正确缓冲区边界检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以root用户权限在系统上执行任意指令。 DHCPD也提供给主机一些网络配置数据,ISC DHCPD允许DHCP服务程序动态更新DNS服务器,支持动态DNS更新是通过NSUPDATE功能实现。 在内部源代码审核中,ISC开发人员发现由NSUPDATE所调用的minires库在解析主机名时存在多个漏洞。这些漏洞是由于对主机名长度缺少正确检查。攻击者可以通过发送包含超长主机名值的DHCP消息来出发基于栈的缓冲区溢出,精心提供DHCP消息数据可能以root用户权限在系统上执行任意指令。 虽然minires库由BIND 8解析库改变而来,但这些漏洞在当前任何BIND版本中不存在。
漏洞公告
临时解决方法: 如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 建议关闭ISC DHCP服务器的NSUPDATE功能。
* 限制外部不可信资源访问DHCP服务器的TCP/UDP 67,68端口。 厂商补丁: Conectiva --------- http://www.debian.org/security/2003/dsa-231 Debian ------ Debian已经为此发布了一个安全公告(DSA-231-1)以及相应补丁:
DSA-231-1:New dhcp3 packages fix arbitrary code execution
链接: http://www.debian.org/security/2002/dsa-231
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.1.dsc
Size/MD5 checksum: 730 37209f2e8ff29f9d38e4f812183a8321
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9-2.1.diff.gz
Size/MD5 checksum: 23781 d6b2e0bcf1b32d52423202ae5f988cf6
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3_3.0+3.0.1rc9.orig.tar.gz
Size/MD5 checksum: 809803 3cc4758e5a59362315393a1874dfcb21
Alpha architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_alpha.deb
Size/MD5 checksum: 416508 773f104e93a351675621d4b812dedb0d
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_alpha.deb
Size/MD5 checksum: 216042 2a7c64e688ca68bf0b227334ba2d7833
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_alpha.deb
Size/MD5 checksum: 106842 9020774e6cdc310a3a3cf2a42ba58d63
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_alpha.deb
Size/MD5 checksum: 287082 189f63d99acb438981c10800d7783d44
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_alpha.deb
Size/MD5 checksum: 526816 08d076cefd29fa5e0055fda006cac383
ARM architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_arm.deb
Size/MD5 checksum: 386804 842b5eb5de805516022bada7f0094822
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_arm.deb
Size/MD5 checksum: 188558 5dbbd9b9ab025f52024b19627bfbdc72
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_arm.deb
Size/MD5 checksum: 93316 57bfc9321b7d10ae70ec6214d59bcb2f
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_arm.deb
Size/MD5 checksum: 273220 6a99a3da6a633477ae430d92f68f2184
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_arm.deb
Size/MD5 checksum: 484438 677cd67a76fc9814fe2a7c3ca4a1a492
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_i386.deb
Size/MD5 checksum: 375234 eadc1375ff236a3f6fd831340fa23bb2
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_i386.deb
Size/MD5 checksum: 178496 afd9dda61da369a5ff76b15803fd4136
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_i386.deb
Size/MD5 checksum: 82020 6137706b46e9b5d0f8d85bf0188f2050
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_i386.deb
Size/MD5 checksum: 269162 289c850ffa01157b09537ec57bf25d0c
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_i386.deb
Size/MD5 checksum: 465074 fae064fc37dede8a61bf836248e97e34
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_ia64.deb
Size/MD5 checksum: 549968 cf516c3021a7a9467d0bd5e8bc5467c4
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_ia64.deb
Size/MD5 checksum: 339122 abfcc44debcca325e01b76031536bacd
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_ia64.deb
Size/MD5 checksum: 134170 d2683f5f882b01422dab6ee93983c0a5
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-relay_3.0+3.0.1rc9-2.1_ia64.deb
Size/MD5 checksum: 348612 97101d3f841d5509f61664e27158cf23
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-server_3.0+3.0.1rc9-2.1_ia64.deb
Size/MD5 checksum: 701398 5bc9980f56c7830a04f21bfedb228959
HP Precision architecture:
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-client_3.0+3.0.1rc9-2.1_hppa.deb
Size/MD5 checksum: 384788 f733a3a7db9c641cff4594212f275984
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-common_3.0+3.0.1rc9-2.1_hppa.deb
Size/MD5 checksum: 188118 5928747afeb44dfd8cfd8e02c332068f
http://security.debian.org/pool/updates/main/d/dhcp3/dhcp3-dev_3.0+3.0.1rc9-2.1_hppa.deb
Size/MD5 checksum: 92962 2044c3e40799aeb2d328b6084d611016
参考网址
来源:US-CERT Vulnerability Note: VU#284857 名称: VU#284857 链接:http://www.kb.cert.org/vuls/id/284857 来源:CERT/CC Advisory: CA-2003-01 名称: CA-2003-01 链接:http://www.cert.org/advisories/CA-2003-01.HTML 来源: REDHAT 名称: RHSA-2003:011 链接:http://www.redhat.com/support/errata/RHSA-2003-011.HTML 来源: DEBIAN 名称: DSA-231 链接:http://www.debian.org/security/2003/dsa-231 来源: XF 名称: dhcpd-minires-multiple-bo(11073) 链接:http://xforce.iss.net/xforce/xfdb/11073 来源: SUSE 名称: SuSE-SA:2003:006 链接:http://www.suse.com/de/security/2003_006_dhcp.HTML 来源: SECTRACK 名称: 1005924 链接:http://www.securitytracker.com/id?1005924 来源: BID 名称: 6627 链接:http://www.securityfocus.com/bid/6627 来源: OPENPKG 名称: OpenPKG-SA-2003.002 链接:http://www.openpkg.com/security/advisories/OpenPKG-SA-2003.002.HTML 来源: MANDRAKE 名称: MDKSA-2003:007 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2003:007 来源: CIAC 名称: N-031 链接:http://www.ciac.org/ciac/bulletins/n-031.sHTML 来源: CONECTIVA 名称: CLA-2003:562 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000562 来源: BUGTRAQ 名称: 20030122 [securityslackware.com: [slackware-security] New DHCP packages available] 链接:http://archives.neohapsis.com/archives/bugtraq/2003-01/0250.HTML
受影响实体
- Isc Dhcpd:3.0
- Isc Dhcpd:3.0.1:Rc1
- Isc Dhcpd:3.0.1:Rc2
- Isc Dhcpd:3.0.1:Rc3
- Isc Dhcpd:3.0.1:Rc4
补丁
暂无
评论