漏洞信息详情
GNU Free Software Foundation GNU Binutils libbfd tekhex.c 缓冲区溢出漏洞
- CNNVD编号:CNNVD-200605-287
- 危害等级: 高危
- CVE编号: CVE-2006-2362
- 漏洞类型: 缓冲区溢出
- 发布时间: 2006-05-15
- 威胁类型: 远程
- 更新时间: 2006-05-16
- 厂 商: gnu
- 漏洞来源: Jesus Olmos Gonzal...
漏洞简介
用于GNU字符串的Free Software Foundation GNU Binutils 20060423之前版本的libbfd中的tekhex.c当中的getsym存在缓冲区溢出。依赖于上下文的攻击者可以借助一个含有特制的Tektronix Hex Format (TekHex)记录的文件,引起拒绝服务(应用程序崩溃)。该记录中的长度字符并非有效的十六进制字符。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: GNU Binutils 2.14.90.0.7 Mandriva binutils-2.14.90.0.7-2.3.C30mdk.i586.rpm Corporate 3.0: http://wwwnew.mandriva.com/en/downloads Mandriva binutils-2.14.90.0.7-2.3.C30mdk.x86_64.rpm Corporate 3.0: http://wwwnew.mandriva.com/en/downloads Mandriva lib64binutils2-2.14.90.0.7-2.3.C30mdk.x86_64.rpm Corporate 3.0: http://wwwnew.mandriva.com/en/downloads Mandriva lib64binutils2-devel-2.14.90.0.7-2.3.C30mdk.x86_64.rpm Corporate 3.0: http://wwwnew.mandriva.com/en/downloads Mandriva libbinutils2-2.14.90.0.7-2.3.C30mdk.i586.rpm Corporate 3.0: http://wwwnew.mandriva.com/en/downloads Mandriva libbinutils2-devel-2.14.90.0.7-2.3.C30mdk.i586.rpm Corporate 3.0: http://wwwnew.mandriva.com/en/downloads GNU Binutils 2.15 Ubuntu binutils-dev_2.15-5ubuntu2.3_amd64.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2. 15-5ubuntu2.3_amd64.deb Ubuntu binutils-dev_2.15-5ubuntu2.3_i386.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2. 15-5ubuntu2.3_i386.deb Ubuntu binutils-dev_2.15-5ubuntu2.3_powerpc.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2. 15-5ubuntu2.3_powerpc.deb Ubuntu binutils-doc_2.15-5ubuntu2.3_all.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2. 15-5ubuntu2.3_all.deb Ubuntu binutils-multiarch_2.15-5ubuntu2.3_amd64.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mu ltiarch_2.15-5ubuntu2.3_amd64.deb Ubuntu binutils-multiarch_2.15-5ubuntu2.3_i386.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mu ltiarch_2.15-5ubuntu2.3_i386.deb Ubuntu binutils-multiarch_2.15-5ubuntu2.3_powerpc.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mu ltiarch_2.15-5ubuntu2.3_powerpc.deb Ubuntu binutils_2.15-5ubuntu2.3_amd64.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5 ubuntu2.3_amd64.deb Ubuntu binutils_2.15-5ubuntu2.3_i386.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5 ubuntu2.3_i386.deb Ubuntu binutils_2.15-5ubuntu2.3_powerpc.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5 ubuntu2.3_powerpc.deb GNU Binutils 2.16.1 Ubuntu binutils-dev_2.16.1-2ubuntu6.1_amd64.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2. 16.1-2ubuntu6.1_amd64.deb Ubuntu binutils-dev_2.16.1-2ubuntu6.1_i386.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2. 16.1-2ubuntu6.1_i386.deb Ubuntu binutils-dev_2.16.1-2ubuntu6.1_powerpc.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2. 16.1-2ubuntu6.1_powerpc.deb Ubuntu binutils-dev_2.16.1cvs20060117-1ubuntu2.1_amd64.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2. 16.1cvs20060117-1ubuntu2.1_amd64.deb Ubuntu binutils-dev_2.16.1cvs20060117-1ubuntu2.1_i386.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2. 16.1cvs20060117-1ubuntu2.1_i386.deb Ubuntu binutils-dev_2.16.1cvs20060117-1ubuntu2.1_powerpc.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2. 16.1cvs20060117-1ubuntu2.1_powerpc.deb Ubuntu binutils-doc_2.16.1-2ubuntu6.1_all.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2. 16.1-2ubuntu6.1_all.deb Ubuntu binutils-doc_2.16.1cvs20060117-1ubuntu2.1_all.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2. 16.1cvs20060117-1ubuntu2.1_all.deb Ubuntu binutils-multiarch_2.16.1-2ubuntu6.1_amd64.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mu ltiarch_2.16.1-2ubuntu6.1_amd64.deb Ubuntu binutils-multiarch_2.16.1-2ubuntu6.1_i386.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mu ltiarch_2.16.1-2ubuntu6.1_i386.deb Ubuntu binutils-multiarch_2.16.1-2ubuntu6.1_powerpc.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mu ltiarch_2.16.1-2ubuntu6.1_powerpc.deb Ubuntu binutils-multiarch_2.16.1cvs20060117-1ubuntu2.1_amd64.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mu ltiarch_2.16.1cvs20060117-1ubuntu2.1_amd64.deb Ubuntu binutils-multiarch_2.16.1cvs20060117-1ubuntu2.1_i386.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mu ltiarch_2.16.1cvs20060117-1ubuntu2.1_i386.deb Ubuntu binutils-multiarch_2.16.1cvs20060117-1ubuntu2.1_powerpc.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-mu ltiarch_2.16.1cvs20060117-1ubuntu2.1_powerpc.deb Ubuntu binutils-static-udeb_2.16.1-2ubuntu6.1_amd64.udeb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static -udeb_2.16.1-2ubuntu6.1_amd64.udeb Ubuntu binutils-static-udeb_2.16.1-2ubuntu6.1_i386.udeb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static -udeb_2.16.1-2ubuntu6.1_i386.udeb Ubuntu binutils-static-udeb_2.16.1-2ubuntu6.1_powerpc.udeb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static -udeb_2.16.1-2ubuntu6.1_powerpc.udeb Ubuntu binutils-static-udeb_2.16.1cvs20060117-1ubuntu2.1_amd64.udeb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static -udeb_2.16.1cvs20060117-1ubuntu2.1_amd64.udeb Ubuntu binutils-static-udeb_2.16.1cvs20060117-1ubuntu2.1_i386.udeb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static -udeb_2.16.1cvs20060117-1ubuntu2.1_i386.udeb Ubuntu binutils-static-udeb_2.16.1cvs20060117-1ubuntu2.1_powerpc.udeb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static -udeb_2.16.1cvs20060117-1ubuntu2.1_powerpc.udeb Ubuntu binutils-static_2.16.1-2ubuntu6.1_amd64.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static _2.16.1-2ubuntu6.1_amd64.deb Ubuntu binutils-static_2.16.1-2ubuntu6.1_i386.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static _2.16.1-2ubuntu6.1_i386.deb Ubuntu binutils-static_2.16.1-2ubuntu6.1_powerpc.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static _2.16.1-2ubuntu6.1_powerpc.deb Ubuntu binutils-static_2.16.1cvs20060117-1ubuntu2.1_amd64.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static _2.16.1cvs20060117-1ubuntu2.1_amd64.deb Ubuntu binutils-static_2.16.1cvs20060117-1ubuntu2.1_i386.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static _2.16.1cvs20060117-1ubuntu2.1_i386.deb Ubuntu binutils-static_2.16.1cvs20060117-1ubuntu2.1_powerpc.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-static _2.16.1cvs20060117-1ubuntu2.1_powerpc.deb Ubuntu binutils_2.16.1-2ubuntu6.1_amd64.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1 -2ubuntu6.1_amd64.deb Ubuntu binutils_2.16.1-2ubuntu6.1_i386.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1 -2ubuntu6.1_i386.deb Ubuntu binutils_2.16.1-2ubuntu6.1_powerpc.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1 -2ubuntu6.1_powerpc.deb Ubuntu binutils_2.16.1cvs20060117-1ubuntu2.1_amd64.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1 cvs20060117-1ubuntu2.1_amd64.deb Ubuntu binutils_2.16.1cvs20060117-1ubuntu2.1_i386.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1 cvs20060117-1ubuntu2.1_i386.deb Ubuntu binutils_2.16.1cvs20060117-1ubuntu2.1_powerpc.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.16.1 cvs20060117-1ubuntu2.1_powerpc.deb
参考网址
来源: BID
名称: 17950
链接:http://www.securityfocus.com/bid/17950
来源: MLIST
名称: [bug-binutils] 20060418 [Bug binutils/2584] New: SIGSEGV in strings tool when the file is crafted.
链接:http://www.mail-archive.com/[email protected]/msg01516.HTML
来源: sourceware.org
链接:http://sourceware.org/bugzilla/show_bug.cgi?id=2584
来源: XF
名称: binutils-libbfd-bo(26644)
链接:http://xforce.iss.net/xforce/xfdb/26644
来源: UBUNTU
名称: USN-292-1
链接:http://www.ubuntu.com/usn/usn-292-1
来源: TRUSTIX
名称: 2006-0034
链接:http://www.trustix.org/errata/2006/0034/
来源: SECTRACK
名称: 1018872
链接:http://www.securitytracker.com/id?1018872
来源: SUSE
名称: SUSE-SR:2006:026
链接:http://www.novell.com/linux/security/advisories/2006_26_sr.HTML
来源: VUPEN
名称: ADV-2007-3665
链接:http://www.frsirt.com/english/advisories/2007/3665
来源: VUPEN
名称: ADV-2006-1924
链接:http://www.frsirt.com/english/advisories/2006/1924
来源: SECUNIA
名称: 27441
链接:http://secunia.com/advisories/27441
来源: SECUNIA
名称: 22932
链接:http://secunia.com/advisories/22932
来源: SECUNIA
名称: 20550
链接:http://secunia.com/advisories/20550
来源: SECUNIA
名称: 20531
链接:http://secunia.com/advisories/20531
来源: SECUNIA
名称: 20188
链接:http://secunia.com/advisories/20188
来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple
名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2007-10-30
链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2007/Oct/msg00001.HTML
受影响实体
- Gnu Binutils
补丁
暂无
评论