漏洞信息详情
DIA XFIG文件输入多个远程缓冲区溢出漏洞
- CNNVD编号:CNNVD-200603-504
- 危害等级: 高危
- CVE编号: CVE-2006-1550
- 漏洞类型: 缓冲区溢出
- 发布时间: 2006-03-30
- 威胁类型: 远程
- 更新时间: 2006-08-28
- 厂 商: dia
- 漏洞来源: Discovery is credi...
漏洞简介
在Dia 0.87和后续0.95-pre6之前版本的xfig输入代码(xfig-import.c)中存在多个缓冲区溢出,用户协助式攻击者可通过以下途径施加一个不明影响:一个伪xfig文件,可能与一个无效的(1) color索引,(2)points数量,或(3) depth有关。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
DIA DIA 0.94
Mandriva dia-0.94-6.2.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads/
Mandriva dia-0.94-6.2.20060mdk.x86_64.rpm
Mandriva Linux 2006.0/X86_64:
http://wwwnew.mandriva.com/en/downloads/
RedHat Fedora dia-0.94-13.fc4.i386.rpm
Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
RedHat Fedora dia-0.94-13.fc4.ppc.rpm
Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
RedHat Fedora dia-0.94-13.fc4.x86_64.rpm
Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
RedHat Fedora dia-debuginfo-0.94-13.fc4.i386.rpm
Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
RedHat Fedora dia-debuginfo-0.94-13.fc4.ppc.rpm
Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
RedHat Fedora dia-debuginfo-0.94-13.fc4.x86_64.rpm
Fedora Core 4
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
Ubuntu dia-common_0.94.0-11ubuntu1.1_all.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-11 ubuntu1.1_all.deb
Ubuntu dia-common_0.94.0-5ubuntu1.2_all.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-5u buntu1.2_all.deb
Ubuntu dia-gnome_0.94.0-11ubuntu1.1_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11u buntu1.1_amd64.deb
Ubuntu dia-gnome_0.94.0-11ubuntu1.1_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11u buntu1.1_i386.deb
Ubuntu dia-gnome_0.94.0-11ubuntu1.1_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11u buntu1.1_powerpc.deb
Ubuntu dia-gnome_0.94.0-5ubuntu1.2_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ub untu1.2_amd64.deb
Ubuntu dia-gnome_0.94.0-5ubuntu1.2_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ub untu1.2_i386.deb
Ubuntu dia-gnome_0.94.0-5ubuntu1.2_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ub untu1.2_powerpc.deb
Ubuntu dia-libs_0.94.0-11ubuntu1.1_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ub untu1.1_amd64.deb
Ubuntu dia-libs_0.94.0-11ubuntu1.1_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ub untu1.1_i386.deb
Ubuntu dia-libs_0.94.0-11ubuntu1.1_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ub untu1.1_powerpc.deb
Ubuntu dia-libs_0.94.0-5ubuntu1.2_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubu ntu1.2_amd64.deb
Ubuntu dia-libs_0.94.0-5ubuntu1.2_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubu ntu1.2_i386.deb
Ubuntu dia-libs_0.94.0-5ubuntu1.2_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubu ntu1.2_powerpc.deb
Ubuntu dia_0.94.0-11ubuntu1.1_amd64.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubu ntu1.1_amd64.deb
Ubuntu dia_0.94.0-11ubuntu1.1_i386.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubu ntu1.1_i386.deb
Ubuntu dia_0.94.0-11ubuntu1.1_powerpc.deb
Ubuntu 5.10:
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubu ntu1.1_powerpc.deb
Ubuntu dia_0.94.0-5ubuntu1.2_amd64.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubun tu1.2_amd64.deb
Ubuntu dia_0.94.0-5ubuntu1.2_i386.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubun tu1.2_i386.deb
Ubuntu dia_0.94.0-5ubuntu1.2_powerpc.deb
Ubuntu 5.04:
http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubun tu1.2_powerpc.deb
DIA DIA 0.93
Ubuntu dia-common_0.93-4ubuntu2.1_all.deb
Ubuntu 4.10:
http://security.
参考网址
来源: BID
名称: 17310
链接:http://www.securityfocus.com/bid/17310
来源: UBUNTU
名称: USN-266-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-266-1
来源: BUGTRAQ
名称: 20060329 Buffer overflows in Dia XFig import
链接:http://www.securityfocus.com/archive/1/archive/1/429357/100/0/threaded
来源: REDHAT
名称: RHSA-2006:0280
链接:http://www.redhat.com/support/errata/RHSA-2006-0280.HTML
来源: FEDORA
名称: FEDORA-2006-261
链接:http://www.redhat.com/archives/fedora-announce-list/2006-April/msg00021.HTML
来源: SUSE
名称: SUSE-SR:2006:009
链接:http://www.novell.com/linux/security/advisories/2006_04_28.HTML
来源: GENTOO
名称: GLSA-200604-14
链接:http://www.gentoo.org/security/en/glsa/glsa-200604-14.xml
来源: DEBIAN
名称: DSA-1025
链接:http://www.debian.org/security/2006/dsa-1025
来源: SECTRACK
名称: 1015853
链接:http://securitytracker.com/id?1015853
来源: SECUNIA
名称: 19959
链接:http://secunia.com/advisories/19959
来源: SECUNIA
名称: 19897
链接:http://secunia.com/advisories/19897
来源: SECUNIA
名称: 19765
链接:http://secunia.com/advisories/19765
来源: SECUNIA
名称: 19546
链接:http://secunia.com/advisories/19546
来源: SECUNIA
名称: 19543
链接:http://secunia.com/advisories/19543
来源: SECUNIA
名称: 19507
链接:http://secunia.com/advisories/19507
来源: SECUNIA
名称: 19505
链接:http://secunia.com/advisories/19505
来源: SECUNIA
名称: 19469
链接:http://secunia.com/advisories/19469
来源: MLIST
名称: [dia-list] 20060329 Vulnerability in xfig import code
链接:http://mail.gnome.org/archives/dia-list/2006-March/msg00149.HTML
来源: MANDRIVA
名称: MDKSA-2006:062
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:062
来源: XF
名称: diaxfig-xfig-import-bo(25566)
链接:http://xforce.iss.net/xforce/xfdb/25566
来源: MANDRIVA
名称: MDKSA-2006:062
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:062
受影响实体
- Dia Dia:0.87
- Dia Dia:0.88.1
- Dia Dia:0.91
- Dia Dia:0.92.2
- Dia Dia:0.93
补丁
暂无
评论