Linux nfs-utils xlog()远程缓冲区单字节溢出漏洞

admin
admin
admin
0
文章
0
评论
2022-07-22 11:10:22 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

Linux nfs-utils xlog()远程缓冲区单字节溢出漏洞

  • CNNVD编号:CNNVD-200308-096
  • 危害等级: 超危
  • CVE编号: CVE-2003-0252
  • 漏洞类型: 边界条件错误
  • 发布时间: 2003-07-14
  • 威胁类型: 远程
  • 更新时间: 2005-10-20
  • 厂        商: nfs
  • 漏洞来源: Janusz Niewiadomsk...

漏洞简介

Linux NFS utils是网络文件系统实现。 nfs-utils存在单字节溢出漏洞,远程攻击者可以利用这个漏洞构造伪造的请求给rpc.mountd守护程序,可能以root用户权限在系统上执行任意指令。 问题存在于xlog()函数,处理请求的日志记录,当函数尝试增加新行字符到要记录的字符串时会触发溢出。由于错误的计算,如果传递给函数的字符串等于或超过1023字节,会由于写\'\'\0\'\'字节超过缓冲区边界: - ------8<------cut-here------8<------ char buff[1024]; ... va_start(args, fmt); vsnprintf(buff, sizeof (buff), fmt, args); va_end(args); buff[sizeof (buff) - 1] = 0; if ((n = strlen(buff)) > 0 && buff[n-1] != \'\'\n\'\') { buff[n++] = \'\'\n\'\'; buff[n++] = \'\'\0\'\'; } - ------8<------cut-here------8<------ 本地或远程攻击者可以发送精心构建的RPC请求,发送到rpc.mountd守护进程中,可导致拒绝服务攻击,或者以root用户权限在系统上执行任意指令。

漏洞公告

厂商补丁: Debian ------ Debian已经为此发布了一个安全公告(DSA-349-1)以及相应补丁:

DSA-349-1:New nfs-utils package fixes buffer overflow

链接: http://www.debian.org/security/2002/dsa-349

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-utils_1.0-2woody1.dsc

Size/MD5 checksum: 547 a4c33f7a535608512f31b7ee34d4272e

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-utils_1.0-2woody1.tar.gz

Size/MD5 checksum: 240859 5c573fee27a1e10ff7f664b4bdf732a2

Alpha architecture:

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_alpha.deb

Size/MD5 checksum: 52698 29882fb7f6fd28f81f815ed562ac68a7

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_alpha.deb

Size/MD5 checksum: 79386 49ff8885c51710a768cd93f6dd649d71

http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_alpha.deb

Size/MD5 checksum: 36662 0dc3e1ba2c91f2232e3fcb20918057e4

ARM architecture:

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_arm.deb

Size/MD5 checksum: 44804 296f0f554fd1cf4b59d9ea1cdab9321d

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_arm.deb

Size/MD5 checksum: 67516 f3bea88a8d1ba73a2534b8c0bd7c423c

http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_arm.deb

Size/MD5 checksum: 34344 3c266dc34f4ac4be196b499c5eef3975

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_i386.deb

Size/MD5 checksum: 44400 233409f10f8767e36f6ad10072ede8ab

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_i386.deb

Size/MD5 checksum: 66596 07ea3180828ef48a92c58855d9b5b54a

http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_i386.deb

Size/MD5 checksum: 33482 11d03d87740fb81054b46a859741d77c

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_ia64.deb

Size/MD5 checksum: 58974 33483f9fe4df2b84cb26d4e1cd76fc91

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_ia64.deb

Size/MD5 checksum: 93340 eb51718186119e3b73d193c4eb7f5707

http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_ia64.deb

Size/MD5 checksum: 41470 3ad514dec2b983446a2fb704e56be337

HP Precision architecture:

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_hppa.deb

Size/MD5 checksum: 49896 9444fd4edfbb2abbcf83e838fda6d214

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_hppa.deb

Size/MD5 checksum: 74924 2270c3317f7453cec6966e2e16147d42

http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_hppa.deb

Size/MD5 checksum: 36746 3f10fa97c70fa41776f874e670e57642

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_m68k.deb

Size/MD5 checksum: 43548 1896cab837cdfaabdcb728668e6f0273

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_m68k.deb

Size/MD5 checksum: 64216 822c887cd14d049528029f36cc1a2240

http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_m68k.deb

Size/MD5 checksum: 33168 11468a2b2cc746b6ed363fa481575124

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_mips.deb

Size/MD5 checksum: 47534 2dc98eeed2317d0dfc7a564b4148491f

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_mips.deb

Size/MD5 checksum: 74732 eff1441d229295fecc3e46113763b242

http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_mips.deb

Size/MD5 checksum: 35674 e58f28fd4ed296573efda02226f68f78

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_mipsel.deb

Size/MD5 checksum: 47672 4b4f9619231ee353a4a9585c5d25d97f

http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_mipsel.deb

Size/MD5 checksum: 74758 5cb3ed2cc13787e8e4cec25bae4888fd

http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_mipsel.deb

Size/MD5 checksum: 35592 c0f83d36cbf8ce91068aab57b67e27e3

PowerPC architect

参考网址

来源:US-CERT Vulnerability Note: VU#258564 名称: VU#258564 链接:http://www.kb.cert.org/vuls/id/258564 来源: BUGTRAQ 名称: 20030715 [slackware-security] nfs-utils packages replaced (SSA:2003-195-01b) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105830921519513&w=2 来源: XF 名称: nfs-utils-offbyone-bo(12600) 链接:http://xforce.iss.net/xforce/xfdb/12600 来源: TURBO 名称: TLSA-2003-44 链接:http://www.turbolinux.com/security/TLSA-2003-44.txt 来源: BID 名称: 8179 链接:http://www.securityfocus.com/bid/8179 来源: REDHAT 名称: RHSA-2003:207 链接:http://www.redhat.com/support/errata/RHSA-2003-207.HTML 来源: REDHAT 名称: RHSA-2003:206 链接:http://www.redhat.com/support/errata/RHSA-2003-206.HTML 来源: SUSE 名称: SuSE-SA:2003:031 链接:http://www.novell.com/linux/security/advisories/2003_031_nfs_utils.HTML 来源: DEBIAN 名称: DSA-349 链接:http://www.debian.org/security/2003/dsa-349 来源: SUNALERT 名称: 1001262 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1001262.1-1 来源: SECTRACK 名称: 1007187 链接:http://securitytracker.com/id?1007187 来源: SECUNIA 名称: 9259 链接:http://secunia.com/advisories/9259 来源: BUGTRAQ 名称: 20030716 Immunix Secured OS 7+ nfs-utils update -- bugtraq 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105839032403325&w=2 来源: BUGTRAQ 名称: 20030714 Linux nfs-utils xlog() off-by-one bug 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105820223707191&w=2 来源: isec.pl 链接:http://isec.pl/vulnerabilities/isec-0010-linux-nfs-utils.txt 来源: VULNWATCH 名称: 20030714 Reality of the rpc.mountd bug 链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0024.HTML 来源: VULNWATCH 名称: 20030714 Linux nfs-utils xlog() off-by-one bug 链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0023.HTML 来源: MANDRAKE 名称: MDKSA-2003:076 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2003:076 来源: US Government Resource: oval:org.mitre.oval:def:443 名称: oval:org.mitre.oval:def:443 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:443

受影响实体

  • Nfs Nfs-Utils:1.0.3  
  • Nfs Nfs-Utils:1.0.1  
  • Nfs Nfs-Utils:1.0  
  • Nfs Nfs-Utils:0.3.3  
  • Nfs Nfs-Utils:0.3.1  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0