漏洞信息详情
EZ-IPupdate远程格式化字符串漏洞
- CNNVD编号:CNNVD-200502-033
- 危害等级: 超危
- CVE编号: CVE-2004-0980
- 漏洞类型: 格式化字符串
- 发布时间: 2005-02-09
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: gentoo
- 漏洞来源: Discovery credited...
漏洞简介
ez-ipupdate是一款提供动态DNS服务的客户端软件。 ez-ipupdate 3.0.10至3.0.11b8的ez-ipupdate.c中的格式化字符串漏洞,在以守护程序模式运行并使用特定的服务类型时,可让远程服务器执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Angus Mackay ez-ipupdate 3.0.11 b5 Debian ez-ipupdate_3.0.11b5-1woody2_alpha.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_alpha.deb Debian ez-ipupdate_3.0.11b5-1woody2_arm.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_arm.deb Debian ez-ipupdate_3.0.11b5-1woody2_hppa.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_hppa.deb Debian ez-ipupdate_3.0.11b5-1woody2_i386.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_i386.deb Debian ez-ipupdate_3.0.11b5-1woody2_ia64.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_ia64.deb Debian ez-ipupdate_3.0.11b5-1woody2_m68k.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_m68k.deb Debian ez-ipupdate_3.0.11b5-1woody2_mips.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_mips.deb Debian ez-ipupdate_3.0.11b5-1woody2_mipsel.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_mipsel.deb Debian ez-ipupdate_3.0.11b5-1woody2_powerpc.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_powerpc.deb Debian ez-ipupdate_3.0.11b5-1woody2_s390.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_s390.deb Debian ez-ipupdate_3.0.11b5-1woody2_sparc.deb Debian GNU/Linux 3.0 (woody) http://security.debian.org/pool/updates/main/e/ez-ipupdate/ez-ipupdate _3.0.11b5-1woody2_sparc.deb Angus Mackay ez-ipupdate 3.0.11 b8 Mandrake ez-ipupdate-3.0.11b8-2.1.100mdk.amd64.rpm Mandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.100mdk.i586.rpm Mandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.101mdk.i586.rpm Mandrake Linux 10.1 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.101mdk.x86_64.rpm Mandrake Linux 10.1/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.92mdk.amd64.rpm Mandrake Linux 9.2/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.92mdk.i586.rpm Mandrake Linux 9.2 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.C21mdk.i586.rpm Mandrake Corporate Server 2.1 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.C21mdk.x86_64.rpm Mandrake Corporate Server 2.1/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake ez-ipupdate-3.0.11b8-2.1.M82mdk.i586.rpm Mandrake Multi Network Firewall 8.2 http://www.mandrakesecure.net/en/ftp.php
参考网址
来源: BID 名称: 11657 链接:http://www.securityfocus.com/bid/11657 来源: GENTOO 名称: GLSA-200411-20 链接:http://www.gentoo.org/security/en/glsa/glsa-200411-20.xml 来源: XF 名称: eziupdate-showmessage-format-string(18032) 链接:http://xforce.iss.net/xforce/xfdb/18032 来源: DEBIAN 名称: DSA-592 链接:http://www.debian.org/security/2004/dsa-592 来源: SECUNIA 名称: 13167 链接:http://secunia.com/advisories/13167/ 来源: FULLDISC 名称: 20041111 ez-ipupdate format string bug 链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028590.HTML 来源: MANDRAKE 名称: MDKSA-2004:129 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:129
受影响实体
- Gentoo Linux
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论