漏洞信息详情
JOAL OpenAL32.dll文件安全漏洞
- CNNVD编号:CNNVD-201406-300
- 危害等级: 中危
- CVE编号: CVE-2013-4099
- 漏洞类型: 资料不足
- 发布时间: 2014-06-16
- 威胁类型: 远程
- 更新时间: 2014-06-16
- 厂 商: jogamp
- 漏洞来源:
漏洞简介
JOGAMP是JogAmp社区的一个Java 3D图形、多媒体和处理库,它包含了JOAL、JOGL和JOCL等模块。JOAL是其中的一个通过Java语言绑定OpenAL API(开源的跨平台音效API)的参考实现,并为游戏提供基于Java编写的硬件支持的3D专业音效。
JOGAMP使用的JOAL 2.0-rc11版本中的OpenAL32.dll文件存在安全漏洞,该漏洞源于jogamp.openal.ALImpl.dispatch文件中的多个方法没有正确过滤参数。攻击者可借助特制的参数利用该漏洞执行任意代码。方法包括:(1) alAuxiliaryEffectSlotf1, (2) alBuffer3f1, (3) alBufferfv1, (4) alDeleteEffects1, (5) alEffectf1, (6) alEffectfv1, (7) alEffectiv1, (8) alEnable1, (9) alFilterfv1, (10) alFilteriv1, (11) alGenAuxiliaryEffectSlots1, (12) alGenEffects1, (13) alGenFilters1, (14) alGenSources1, (15) alGetAuxiliaryEffectSlotiv1, (16) alGetBuffer3f1, (17) alGetBuffer3i1, (18) alGetBufferf1, (19) alGetBufferiv1, (20) alGetDoublev1, (21) alGetEffectf1, (22) alGetEffectfv1, (23) alGetEffectiv1, (24) alGetEnumValue1, (25) alGetFilteri1, (26) alGetFilteriv1, (27) alGetFloat1, (28) alGetFloatv1, (29) alGetListener3f1, (30) alGetListener3i1, (31) alGetListenerf1, (32) alGetListeneri1, (33) alGetListeneriv1, (34) alGetProcAddress1, (35) alGetProcAddressStatic, (36) alGetSource3f1, (37) alGetSource3i1, (38) alGetSourcef! 1, (39) alGetSourcefv1, (40) alGetSourcei1, (41) alGetSourceiv1, (42) alGetString1java/lang/String;, (43) alIsAuxiliaryEffectSlot1, (44) alIsBuffer1, (45) alIsEffect1, (46) alIsExtensionPresent1, (47) alIsFilter1, (48) alListener3f1, (49) alListener3i1, (50) alListenerf1, (51) alListenerfv1, (52) alListeneri1, (53) alListeneriv1, (54) alSource3f1, (55) alSource3i1, (56) alSourcef1, (57) alSourcefv1, (58) alSourcei1, (59) alSourceiv1, (60) alSourcePause1, (61) alSourcePausev1, (62) alSourcePlay1, (63) alSourcePlayv1, (64) alSourceQueueBuffers1, (65) alSourceRewindv1, (66) alSourceStop1, (67) alSourceStopv1, (68) alSourceUnqueueBuffers1,(69) alSpeedOfSound1。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,详情请关注厂商主页:
http://jogamp.org/
参考网址
来源:labb.zafena.se
链接:http://labb.zafena.se/?p=799
来源:OSVDB
链接:http://osvdb.org/96582
来源:www.fuzzmyapp.com
链接:http://www.fuzzmyapp.com/advisories/FMA-2012-038/FMA-2012-038-EN.xml
来源:BID
链接:http://www.securityfocus.com/bid/61950
受影响实体
- Jogamp Jogamp:-
- Jogamp Joal:2.0:Rc11
补丁
- joal-v2.0-rc12
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论