漏洞信息详情
Ncompress长文件名缓冲区溢出漏洞
- CNNVD编号:CNNVD-200412-095
- 危害等级: 高危
- CVE编号: CVE-2001-1413
- 漏洞类型: 缓冲区溢出
- 发布时间: 2004-12-23
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: ncompress
- 漏洞来源: Pavel Kankovsky di...
漏洞简介
ncompress 4.2.4及其以前的版本的comprexx函数存在基于堆栈的缓冲区溢出漏洞。使用于跨安全边界的情况下时(比如FTP服务器),远程攻击者借助超长文件名参数执行任意代码。
漏洞公告
Gentoo Linux has released advisory GLSA 200410-08 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges: emerge sync emerge -pv ">=app-arch/ncompress-4.2.4-r1" emerge ">=app-arch/ncompress-4.2.4-r1" Please see the referenced advisory for further information. RedHat has released advisory RHSA-2004:536-05 to address this issue in RedHat Enterprise Linux operating systems. Please see the referenced advisory for further information. Avaya has made an advisory available (ASA-2005-015) dealing with this issue for various products. In all cases Avaya recommends that ncompress be removed from their affected software, as it is not required for execution. All Avaya hardware affected by this issue will have the vulnerable packages removed from future versions. For more information, please see the referenced security advisory.
参考网址
来源:US-CERT Vulnerability Note: VU#176363 名称: VU#176363 链接:http://www.kb.cert.org/vuls/id/176363 来源: REDHAT 名称: RHSA-2004:536 链接:http://www.redhat.com/support/errata/RHSA-2004-536.HTML 来源: GENTOO 名称: GLSA-200410-08 链接:http://security.gentoo.org/glsa/glsa-200410-08.xml 来源: XF 名称: ncompress-filename-bo(10619) 链接:http://xforce.iss.net/xforce/xfdb/10619 来源: VULN-DEV 名称: 20010621 New bugs, old bugs 链接:http://seclists.org/lists/vuln-dev/2001/Nov/0202.HTML
受影响实体
- Ncompress Ncompress:4.2.4
补丁
暂无
评论