漏洞信息详情
TNFTPD多个信号处理器远程超级用户妥协漏洞
- CNNVD编号:CNNVD-200410-061
- 危害等级: 中危
- CVE编号: CVE-2004-0794
- 漏洞类型: 竞争条件
- 发布时间: 2004-10-20
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: luke_mewburn
- 漏洞来源: Przemyslaw Frasune...
漏洞简介
lukemftpd(也称为20040810之前的tnftpd)中的许多信号处理器竞争条件存在漏洞。远程已认证的攻击者可以导致服务拒绝或者执行任意代码。
漏洞公告
The vendor has released patches resolving these issues. NetBSD has released advisory 2004-009 addressing this issue. Please see the referenced advisory for further information. Fixes are available from CVS for the NetBSD-current and NetBSD-2.0 branches. CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple has released an advisory (CMS.zone.ci/e/tags/htag.php?tag=Apple target=_blank class=infotextkey>Apple-SA-0024-09-07) along with fixes to address this, and many other issues. Please see the referenced advisory for further information. Heimdal has released an advisory (2004-09-13) along with version 0.6.3 to address this issue. Please see the referenced advisory for further information. Gentoo Linux has released an advisory (GLSA 200409-19) to address this issue. Please see the referenced advisory for further information. Users of affected packages are urged to execute the following with superuser privileges: emerge sync emerge -pv ">=app-crypt/heimdal-0.6.3" emerge ">=app-crypt/heimdal-0.6.3" Debian Linux has released an advisory (DSA 551-1) along with fixes dealing with this issue. Please the referenced advisory for more information. Sun has released an advisory (Sun Alert ID: 57655) with fixes to address these issues in Sun Java Desktop System (JDS) 2003 and Release 2 for the Linux platform. Please see the advisory in Web references for more information. Users may carry out the following actions from the launch bar to download the patch: Launch >> Applications >> System Tools >> Online Update Luke Mewburn TNFTPD 20031217
- Luke Mewburn tnftpd-20040810.tar.gz ftp://ftp.netbsd.org/pub/NetBSD/misc/tnftp/tnftpd-20040810.tar.gz
- Sun patch-9369
- Heimdal heimdal-0.6.3.tar.gz ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz
- Heimdal heimdal-0.6.3.tar.gz ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz
- Heimdal heimdal-0.6.3.tar.gz ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz
- Heimdal heimdal-0.6.3.tar.gz ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz
- Heimdal heimdal-0.6.3.tar.gz ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz
- Heimdal heimdal-0.6.3.tar.gz ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz
- Heimdal heimdal-0.6.3.tar.gz ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz
- Heimdal heimdal-0.6.3.tar.gz ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz
- Heimdal heimdal-0.6.3.tar.gz ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz
- Heimdal heimdal-0.6.3.tar.gz ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz
- Heimdal heimdal-0.6.3.tar.gz ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz
- Heimdal heimdal-0.6.3.tar.gz ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz
- Heimdal heimdal-0.6.3.tar.gz ftp://ftp.pdc.kth.se/pub/heimdal/src/heimdal-0.6.3.tar.gz
- Debian lukemftpd_1.1-1woody2_alpha.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_alpha.deb
- Debian lukemftpd_1.1-1woody2_arm.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_arm.deb
- Debian lukemftpd_1.1-1woody2_hppa.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_hppa.deb
- Debian lukemftpd_1.1-1woody2_i386.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_i386.deb
- Debian lukemftpd_1.1-1woody2_ia64.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_ia64.deb
- Debian lukemftpd_1.1-1woody2_m68k.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_m68k.deb
- Debian lukemftpd_1.1-1woody2_mips.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_mips.deb
- Debian lukemftpd_1.1-1woody2_mipsel.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_mipsel.deb
- Debian lukemftpd_1.1-1woody2_powerpc.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_powerpc.deb
- Debian lukemftpd_1.1-1woody2_s390.debDebian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/l/lukemftpd/lukemftpd_1.1 -1woody2_s390.deb
-
Debian lukemftpd_1.1-1woody2_sparc.debDebian GNU/Linux 3.0 alias woody
参考网址
来源: NETBSD 名称: NetBSD-SA2004-009 链接:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc 来源: XF 名称: tnftpd-gain-access(17020) 链接:http://xforce.iss.net/xforce/xfdb/17020 来源: www.vuxml.org 链接:http://www.vuxml.org/freebsd/c4b025bb-f05d-11d8-9837-000c41e2cdad.HTML 来源: DEBIAN 名称: DSA-551 链接:http://www.debian.org/security/2004/dsa-551 来源: FULLDISC 名称: 20040817 Multiple remote vulnerabilities in lukemftpd aka. tnftpd 链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025418.HTML
受影响实体
- Luke_mewburn Tnftpd:2003-12-17
- Luke_mewburn Lukemftp:1.5
- Luke_mewburn Lukemftp:1.1
补丁
暂无
评论