[原文]Format string vulnerability in ssldump possibly allows remote attackers to cause a denial of service and possibly gain root privileges via malicious format string specifiers in a URL.
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
-
漏洞信息 (20492)
ssldump 0.9 b1 Format String Vulnerability (EDBID:20492)
source: http://www.securityfocus.com/bid/2096/info
ssldump is a traffic analyzer for monitoring network traffic in real time. It is written and maintained by Eric Rescorla. A problem exists which could allow the arbitrary execution of code.
The problem exists in the ssldump handling of format strings. ssldump requires elevated privileges to listen to traffic crossing the network interface. While monitoring traffic, the encounter of format strings in a URL will cause the program to segmentation fault. Potentially, this could lead to the overwriting of stack variables and arbitrary execution of code with administrative access, if exploited by a malicious user.
1) Run SSLDUMP (needs you to be root unless setuid)
2)Open Up Netscape Navigator it)
3) Type the following in Netscape Navigator: fixme:%s%s%s%s%s%s
4) watch as ssldump with gather the traffic then segfault..
This vulnerability was first announced on Bugtraq by c0ncept <c0ncept@hushmail.com> on December 8, 2000.
-
受影响的程序版本
Eric Rescorla ssldump 0.9 b1
-
Debian Linux 2.2
-
FreeBSD FreeBSD 4.2
-
HP HP-UX 11.11
-
NetBSD NetBSD 1.4.2
-
OpenBSD OpenBSD 2.8
-
RedHat Linux 7.0
-
RedHat Linux 6.2 i386
-
S.u.S.E. Linux 7.0
-
Sun Solaris 8_sparc
-
Sun Solaris 7.0
-
漏洞讨论
ssldump is a traffic analyzer for monitoring network traffic in real time. It is written and maintained by Eric Rescorla. A problem exists which could allow the arbitrary execution of code.
The problem exists in the ssldump handling of format strings. ssldump requires elevated privileges to listen to traffic crossing the network interface. While monitoring traffic, the encounter of format strings in a URL will cause the program to segmentation fault. Potentially, this could lead to the overwriting of stack variables and arbitrary execution of code with administrative access, if exploited by a malicious user.
-
漏洞利用
From the original advisory sent by c0ncept <c0ncept@hushmail.com> :
1) Run SSLDUMP (needs you to be root unless setuid)
2)Open Up Netscape Navigator it)
3) Type the following in Netscape Navigator: fixme:%s%s%s%s%s%s
4) watch as ssldump with gather the traffic then segfault..
-
解决方案
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.
We can let circumstances rule us, or we can take charge and rule our lives from within.