漏洞信息详情
WindowMaker图象处理缓冲区溢出漏洞
- CNNVD编号:CNNVD-200211-017
- 危害等级: 高危
- CVE编号: CVE-2002-1277
- 漏洞类型: 边界条件错误
- 发布时间: 2002-11-12
- 威胁类型: 远程
- 更新时间: 2005-05-13
- 厂 商: windowmaker
- 漏洞来源: Al Viro
漏洞简介
Window Maker是一款流行的桌面管理程序。 Window Maker在装载图象时使用的一个函数存在问题,远程攻击者可以利用这个漏洞构建恶意图象并诱使用户设置为背景图象而触发缓冲区溢出。 Window Maker当建立图象时会对图象长和宽相乘操作来分配缓冲区,但没有对其进行边界缓冲区检查,提供超大的图象长宽值可导致缓冲区溢出,可能以Window Maker进程权限在系统上执行任意指令。
漏洞公告
厂商补丁: Conectiva --------- Conectiva已经为此发布了一个安全公告(CLA-2002:548)以及相应补丁:
CLA-2002:548:windowmaker
链接: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548
补丁下载:
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/WindowMaker-0.62.1-13U60_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/WindowMaker-0.62.1-13U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/WindowMaker-devel-0.62.1-13U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/WindowMaker-0.65.1-2U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-0.65.1-2U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-devel-0.65.1-2U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-devel-static-0.65.1-2U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-doc-0.65.1-2U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/WindowMaker-0.80.0-3U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-0.80.0-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-devel-0.80.0-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-devel-static-0.80.0-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-doc-0.80.0-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-2.2.0-13U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-devel-2.2.0-13U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-devel-static-2.2.0-13U80_1cl.i386.rpm
Conectiva Linux version 6.0及以上版本的用户可以使用apt进行RPM包的更新:
- 把以下的文本行加入到/etc/apt/sources.list文件中:
rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
(如果你不是使用6.0版本,用合适的版本号代替上面的6.0)
- 执行: apt-get update
- 更新以后,再执行: apt-get upgrade Debian ------ Debian已经为此发布了一个安全公告(DSA-190-1)以及相应补丁:
DSA-190-1:buffer overflow in Window Maker
链接: http://www.debian.org/security/2002/dsa-190
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0.orig.tar.gz
Size/MD5 checksum: 2452207 0768a12edff35cba82e769fcbc8de430
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.diff.gz
Size/MD5 checksum: 323198 c1a49502d07e18044d2e1b579c7144fb
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.dsc
Size/MD5 checksum: 1463 81ac44a6b0ea1dedc49834f35e5bfb51
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_alpha.deb
Size/MD5 checksum: 2292278 015fa329febee7722ace1d233989c5b0
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_alpha.deb
Size/MD5 checksum: 448638 642310838f93352e6461ba73d28ad178
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_alpha.deb
Size/MD5 checksum: 124220 7614f26566c44ce413e5ca05e8f3e146
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_alpha.deb
Size/MD5 checksum: 60026 e74d2e084ac969d1ea7d349140d2721e
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_alpha.deb
Size/MD5 checksum: 108778 400114e0b4d35b37d573efee840e6e73
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_arm.deb
Size/MD5 checksum: 340944 9d611e16b7b35ed5985f037a4f8f5635
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_arm.deb
Size/MD5 checksum: 107852 23a35885f237a23b733ef105438761aa
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_arm.deb
Size/MD5 checksum: 2068456 aa0f4630de38323faf835cf4f965b7fe
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_arm.deb
Size/MD5 checksum: 59220 e334af4dad5edcc5cd1c1ac4e8cbefeb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_arm.deb
Size/MD5 checksum: 95684 3a468466a4223b14b8f3b43acab410de
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_hppa.deb
Size/MD5 checksum: 2189302 ef8befcc5bba64f0599f082569d56958
参考网址
来源: BID 名称: 6119 链接:http://www.securityfocus.com/bid/6119 来源: REDHAT 名称: RHSA-2003:009 链接:http://www.redhat.com/support/errata/RHSA-2003-009.HTML 来源: DEBIAN 名称: DSA-190 链接:http://www.debian.org/security/2002/dsa-190 来源: XF 名称: window-maker-image-bo(10560) 链接:http://www.iss.net/security_center/static/10560.php 来源: REDHAT 名称: RHSA-2003:043 链接:http://www.redhat.com/support/errata/RHSA-2003-043.HTML 来源: MANDRAKE 名称: MDKSA-2002:085 链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-085.php 来源: CONECTIVA 名称: CLA-2002:548 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548
受影响实体
- Windowmaker Windowmaker:0.20.1.3
- Windowmaker Windowmaker:0.52.2
- Windowmaker Windowmaker:0.53
- Windowmaker Windowmaker:0.61
- Windowmaker Windowmaker:0.61.1
补丁
暂无
评论