LibXpm图象解码多个缓冲区溢出漏洞

admin
admin
admin
0
文章
0
评论
2022-07-12 05:07:45 CNNVD漏洞 来源:ZONE.CI 全球网 0 阅读模式

漏洞信息详情

LibXpm图象解码多个缓冲区溢出漏洞

  • CNNVD编号:CNNVD-200410-062
  • 危害等级: 高危
  • CVE编号: CVE-2004-0688
  • 漏洞类型: 边界条件错误
  • 发布时间: 2004-09-17
  • 威胁类型: 远程
  • 更新时间: 2005-10-20
  • 厂        商: suse
  • 漏洞来源: chris chris@cr-sec...

漏洞简介

libXpm是一款对XPM进行解码的库系统。 libXpm多处不正确检查边界缓冲区长度,远程攻击者可以利用这个漏洞可能以用户进程权限执行任意指令。 问题一是xpmParseColors (parse.c)中的堆栈缓冲区溢出: XPMv1和XPMv2/3解析代码中不安全使用strcat(),可导致缓冲区溢出。 第二个问题是xpmParseColors (parse.c)中分配colorTable存在整数溢出问题,问题存在于如下: colorTable = (XpmColor *) XpmCalloc(ncolors, sizeof(XpmColor)); ncolors可来自不可信的XPM文件。 第三个问题是ParseAndPutPixels (create.c)读取象素时存在堆栈缓冲区溢出。 构建恶意的XPM文件,诱使用户访问可导致以用户进程权限执行任意指令。

漏洞公告

厂商补丁: Debian ------ http://www.debian.org/security/2004/dsa-548 MandrakeSoft ------------ MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:099)以及相应补丁:

MDKSA-2004:099:Updated XFree86 packages fix libXpm overflow vulnerabilities

链接: http://www.linux-mandrake.com/en/security/2004/2004-099.php

补丁下载:

Updated Packages:

Mandrakelinux 10.0:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/libxfree86-4.3-32.2.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/libxfree86-devel-4.3-32.2.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/libxfree86-static-devel-4.3-32.2.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/XFree86-100dpi-fonts-4.3-32.2.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/XFree86-4.3-32.2.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/XFree86-75dpi-fonts-4.3-32.2.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.2.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/XFree86-doc-4.3-32.2.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/XFree86-glide-module-4.3-32.2.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/XFree86-server-4.3-32.2.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/XFree86-xfs-4.3-32.2.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/XFree86-Xnest-4.3-32.2.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/XFree86-Xvfb-4.3-32.2.100mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/XFree86-4.3-32.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/SRPMS/XFree86-4.3-32.2.100mdk.src.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/XFree86-4.3-32.2.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/lib64xfree86-4.3-32.2.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/lib64xfree86-devel-4.3-32.2.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/lib64xfree86-static-devel-4.3-32.2.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/XFree86-100dpi-fonts-4.3-32.2.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/XFree86-75dpi-fonts-4.3-32.2.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/XFree86-cyrillic-fonts-4.3-32.2.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/XFree86-doc-4.3-32.2.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/XFree86-server-4.3-32.2.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/XFree86-xfs-4.3-32.2.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/XFree86-Xnest-4.3-32.2.100mdk.amd64.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/XFree86-Xvfb-4.3-32.2.100mdk.amd64.rpm

Corporate Server 2.1:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/XFree86-100dpi-fonts-4.2.1-6.10.C21mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/XFree86-4.2.1-6.10.C21mdk.i586.rpm

参考网址

来源:US-CERT Vulnerability Note: VU#537878 名称: VU#537878 链接:http://www.kb.cert.org/vuls/id/537878 来源:US-CERT Technical Alert: TA05-136A 名称: TA05-136A 链接:http://www.us-cert.gov/cas/techalerts/TA05-136A.HTML 来源: BID 名称: 11196 链接:http://www.securityfocus.com/bid/11196 来源: XF 名称: libxpm-xpmfile-integer-overflow(17416) 链接:http://xforce.iss.net/xforce/xfdb/17416 来源: REDHAT 名称: RHSA-2005:004 链接:http://www.redhat.com/support/errata/RHSA-2005-004.HTML 来源: REDHAT 名称: RHSA-2004:537 链接:http://www.redhat.com/support/errata/RHSA-2004-537.HTML 来源: SUSE 名称: SUSE-SA:2004:034 链接:http://www.novell.com/linux/security/advisories/2004_34_xfree86_libs_xshared.HTML 来源: GENTOO 名称: GLSA-200502-07 链接:http://www.gentoo.org/security/en/glsa/glsa-200502-07.xml 来源: GENTOO 名称: GLSA-200409-34 链接:http://www.gentoo.org/security/en/glsa/glsa-200409-34.xml 来源: DEBIAN 名称: DSA-560 链接:http://www.debian.org/security/2004/dsa-560 来源: scary.beasts.org 链接:http://scary.beasts.org/security/CESA-2004-003.txt 来源: OVAL 名称: oval:org.mitre.oval:def:11796 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11796 来源: BUGTRAQ 名称: 20040915 CESA-2004-004: libXpm 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=109530851323415&w=2 来源: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple 名称: CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-2005-05-03 链接:http://lists.CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple.com/archives/security-announce/2005/May/msg00001.HTML 来源: ftp.x.org 链接:http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch 来源: UBUNTU 名称: USN-27-1 链接:http://www.ubuntulinux.org/support/documentation/usn/usn-27-1 来源: HP 名称: SSRT4848 链接:http://www.securityfocus.com/archive/1/archive/1/434715/100/0/threaded 来源: FEDORA 名称: FLSA-2006:152803 链接:http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00001.HTML 来源: MANDRAKE 名称: MDKSA-2004:098 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:098 来源: VUPEN 名称: ADV-2006-1914 链接:http://www.frsirt.com/english/advisories/2006/1914 来源: SUNALERT 名称: 57653 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57653-1 来源: SECUNIA 名称: 20235 链接:http://secunia.com/advisories/20235 来源: CONECTIVA 名称: CLA-2005:924 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924

受影响实体

  • Suse Suse_linux:9.1  
  • Suse Suse_linux:9.0:X86_64  
  • Suse Suse_linux:9.0:Enterprise_server  
  • Suse Suse_linux:9.0  
  • Suse Suse_linux:8.2  

补丁

    暂无

weinxin
特别声明
本站(ZONE.CI)所有文章仅供技术研究,若将其信息做其他用途,由用户承担全部法律及连带责任,本站不承担任何法律及连带责任,请遵守中华人民共和国安全法.
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
咨询加Q:999999999
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 安全领域涉猎者-乌云独行地带
Winamp漏洞 CNNVD漏洞

Winamp漏洞

漏洞信息详情Winamp漏洞CNNVD编号:CNNVD-200408-224危害等级: 中危CVE编号:CVE-2004-0820漏洞类型:未知发布时间:2004-08-28威
07-120 评论
获取本源码
售前咨询加Q:120433200
站媒体网仿《知更鸟》模板
获取本源码 zmt6.com
评论:0   参与:  0