漏洞信息详情
HP DTMail附件-a选项参数缓冲区溢出漏洞
- CNNVD编号:CNNVD-200610-382
- 危害等级: 高危
- CVE编号: CVE-2006-5452
- 漏洞类型: 缓冲区溢出
- 发布时间: 2006-10-23
- 威胁类型: 本地
- 更新时间: 2009-03-04
- 厂 商: hp
- 漏洞来源: Adriel T. Desautels
漏洞简介
HP DTMail是在桌面上使用的邮件客户端。
DTMail在处理-a选项参数时存在缓冲区溢出漏洞,本地攻击者可以利用此漏洞获得root用户权限。
以下gdb输出显示了这个漏洞:
gdb) r -a -a `perl -e \'\'print \"A\" x 9000\'\'`
Starting program: /cluster/members/member0/tmp/dtmail -a `perl -e
\'\'print \"A\"x 9000\'\'`
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
warning: Hit heuristic-fence-post without finding
warning: enclosing function for address 0x4141414141414140
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
HPSBUX02162:SSRT061223 rev.1 - HP-UX Running dtmail, Local Execution of Arbitrary Code
链接:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793091
HPSBTU02163:SSRT061223 rev.1 - HP Tru64 UNIX Running dtmail, Local Execution of Arbitrary Code
链接:
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793805
参考网址
来源: XF
名称: dtmail-tru64-bo(29644)
链接:http://xforce.iss.net/xforce/xfdb/29644
来源: SECTRACK
名称: 1017099
链接:http://securitytracker.com/id?1017099
来源: SECTRACK
名称: 1017098
链接:http://securitytracker.com/id?1017098
来源: HP
名称: HPSBUX02162
链接:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793091
来源: MISC
链接:http://www.netragard.com/pdfs/research/HP-TRU64-DTMAIL-20060810.txt
来源: SECTRACK
名称: 1017083
链接:http://securitytracker.com/id?1017083
来源: OVAL
名称: oval:org.mitre.oval:def:5175
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5175
来源: BID
名称: 20580
链接:http://www.securityfocus.com/bid/20580
来源: HP
名称: HPSBTU02163
链接:http://www.securityfocus.com/archive/1/archive/1/449321/100/0/threaded
来源: VUPEN
名称: ADV-2006-4140
链接:http://www.frsirt.com/english/advisories/2006/4140
来源: VUPEN
名称: ADV-2006-4139
链接:http://www.frsirt.com/english/advisories/2006/4139
来源: SECUNIA
名称: 22528
链接:http://secunia.com/advisories/22528
来源: SECUNIA
名称: 22451
链接:http://secunia.com/advisories/22451
受影响实体
- Hp Hp-Ux:11.00
- Hp Hp-Ux:11.4
- Hp Hp-Ux:11.11
- Hp Hp-Ux:11.22
- Hp Hp-Ux:11.23:Ia64_64-Bit
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论