漏洞信息详情
LCDproc LCDd多个远程漏洞
- CNNVD编号:CNNVD-200404-005
- 危害等级: 高危
- CVE编号: CVE-2004-1916
- 漏洞类型: 缓冲区溢出
- 发布时间: 2004-04-08
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: lcdproc
- 漏洞来源: .');">Discovery of these...
漏洞简介
LCDProc 0.4.1和可能其它0.4.x到0.4.4版本存在多个缓冲区溢出漏洞。远程攻击者借助(1)parse_all_client_messages函数的超长无效命令,或(2) test_func_func函数的超长argv的命令执行任意代码。
漏洞公告
NOTE: It has been reported that the previously referenced fix was insufficient to resolve this issue. Gentoo has released updates to address this issue. These updates may be applied with the following commands: # emerge sync # emerge -pv ">=app-misc/lcdproc-0.4.5" # emerge ">=app-misc/lcdproc-0.4.5" The vendor has released an upgraded version of the software which is reported to deal with this issue completely: LCDProc LCDProc 4.4
- LCDProc lcdproc-0.4.5.tar.gz http://lcdproc.omnipotent.net/download/lcdproc-0.4.5.tar.gz
参考网址
来源: BID 名称: 10085 链接:http://www.securityfocus.com/bid/10085 来源: SECUNIA 名称: 11333 链接:http://secunia.com/advisories/11333 来源: XF 名称: lcdproc-testfuncfunc-bo(15814) 链接:http://xforce.iss.net/xforce/xfdb/15814 来源: GENTOO 名称: GLSA-200404-19 链接:http://security.gentoo.org/glsa/glsa-200404-19.xml 来源: BUGTRAQ 名称: 20040408 PSR - #2004-002 Remote - LCDProc 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108146376315229&w=2 来源: lists.omnipotent.net 链接:http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.HTML
受影响实体
- Lcdproc Lcdproc:4.3
- Lcdproc Lcdproc:4.4
- Lcdproc Lcdproc:4.2
- Lcdproc Lcdproc:4.0
- Lcdproc Lcdproc:4.1
补丁
暂无
评论