漏洞信息详情
aria2 'DHTRoutingTableDeserializer.cc'缓冲区溢出漏洞
- CNNVD编号:CNNVD-200910-150
- 危害等级: 中危
- CVE编号: CVE-2009-3575
- 漏洞类型: 资料不足
- 发布时间: 2009-02-12
- 威胁类型: 远程
- 更新时间: 2009-10-08
- 厂 商: tatsuhiro_tsujikawa
- 漏洞来源: Tatsuhiro Tsujikawa
漏洞简介
aria2 0.15.3, 1.2.0及其他版本的DHTRoutingTableDeserializer.cc中存在缓冲区溢出漏洞。远程攻击者可以借助未知向量,引起拒绝服务攻击(崩溃)以及可能执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
MandrakeSoft Linux Mandrake 2009.1 x86_64
Mandriva aria2-1.2.0-0.20090201.3.1mdv2009.1.x86_64.rpm
http://www.mandriva.com/en/download/
MandrakeSoft Linux Mandrake 2009.0
Mandriva aria2-0.15.3-0.20080918.3.1mdv2009.0.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 armel
Debian aria2_0.14.0-1+lenny1_armel.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny1_armel.deb
MandrakeSoft Enterprise Server 5 x86_64
Mandriva aria2-0.15.3-0.20080918.3.1mdvmes5.x86_64.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 alpha
Debian aria2_0.14.0-1+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny1_alpha.deb
Debian Linux 5.0 amd64
Debian aria2_0.14.0-1+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny1_amd64.deb
MandrakeSoft Linux Mandrake 2009.0 x86_64
Mandriva aria2-0.15.3-0.20080918.3.1mdv2009.0.x86_64.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 ia-32
Debian aria2_0.14.0-1+lenny1_i386.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny1_i386.deb
Debian Linux 5.0 mips
Debian aria2_0.14.0-1+lenny1_mips.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny1_mips.deb
MandrakeSoft Enterprise Server 5
Mandriva aria2-0.15.3-0.20080918.3.1mdvmes5.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 s/390
Debian aria2_0.14.0-1+lenny1_s390.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny1_s390.deb
Debian Linux 5.0 mipsel
Debian aria2_0.14.0-1+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny1_mipsel.deb
MandrakeSoft Linux Mandrake 2009.1
Mandriva aria2-1.2.0-0.20090201.3.1mdv2009.1.i586.rpm
http://www.mandriva.com/en/download/
Debian Linux 5.0 sparc
Debian aria2_0.14.0-1+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/a/aria2/aria2_0.14.0-1+le nny1_sparc.deb
Tatsuhiro Tsujikawa aria2 1.1.2
Tatsuhiro Tsujikawa aria2-1.2.0.tar.bz2
http://sourceforge.net/projects/aria2/files/stable/archives/aria2-1.2. 0/aria2-1.2.0.tar.bz2/download
参考网址
来源: qa.mandriva.com
链接:https://qa.mandriva.com/show_bug.cgi?id=52840
来源: BID
名称: 36332
链接:http://www.securityfocus.com/bid/36332
来源: MANDRIVA
名称: MDVSA-2009:226
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2009:226
受影响实体
- Tatsuhiro_tsujikawa Aria2:1.2.0
- Tatsuhiro_tsujikawa Aria2:0.15.3
补丁
暂无
评论