CVE-2001-0928
CVSS7.5
发布时间 :2001-11-28 00:00:00
修订时间 :2016-10-17 22:13:28
NMCOS    

[原文]Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data.


[CNNVD]libgtop_daemon远程格式化字符串漏洞(CNNVD-200111-043)

        
        libgtop_daemon是GNOME的一个守护程序,用来监视服务器上运行的进程。
        该守护程序存在一个格式串漏洞,可能导致远程攻击者以普通用户的权限在主机上执行任意指令。
        该守护程序的两个函数syslog_message()和syslog_io_message()调用了格式化字符串,而这些格式化字符串是由客户端初始化的。因此,通过精心构造一个特殊的格式化字符串,可能允许远程攻击者执行任意代码。由于该守护程序以nobody身份运行,因此攻击者将获得nobody权限。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:gnome:libgtop_daemon:1.0.6
cpe:/a:gnome:libgtop_daemon:1.0.12
cpe:/a:gnome:libgtop_daemon:1.0.13
cpe:/a:gnome:libgtop_daemon:1.0.9
cpe:/a:gnome:libgtop_daemon:1.0.7

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0928
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0928
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200111-043
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=100699007010203&w=2
(UNKNOWN)  BUGTRAQ  20011128 Re: [CERT-intexxia] libgtop_daemon Remote Format String Vulnerability
http://www.debian.org/security/2002/dsa-098
(VENDOR_ADVISORY)  DEBIAN  DSA-098
http://www.debian.org/security/2003/dsa-301
(VENDOR_ADVISORY)  DEBIAN  DSA-301
http://www.kb.cert.org/vuls/id/705771
(VENDOR_ADVISORY)  CERT-VN  VU#705771
http://www.securityfocus.com/bid/3594
(UNKNOWN)  BID  3594

- 漏洞信息

libgtop_daemon远程格式化字符串漏洞
高危 边界条件错误
2001-11-28 00:00:00 2005-10-20 00:00:00
远程  
        
        libgtop_daemon是GNOME的一个守护程序,用来监视服务器上运行的进程。
        该守护程序存在一个格式串漏洞,可能导致远程攻击者以普通用户的权限在主机上执行任意指令。
        该守护程序的两个函数syslog_message()和syslog_io_message()调用了格式化字符串,而这些格式化字符串是由客户端初始化的。因此,通过精心构造一个特殊的格式化字符串,可能允许远程攻击者执行任意代码。由于该守护程序以nobody身份运行,因此攻击者将获得nobody权限。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 暂时停止运行该守护程序。
        * 手工修改"src/daemon/gnuserv.c"如下:
         在函数syslog_message()中,将
         syslog (priority, buffer);
         换为:
         syslog (priority, "", buffer);
         在函数syslog_io_message(),将
         syslog (priority, buffer2);
         换为:
         syslog (priority, "", buffer2);
         重新编译程序。
        厂商补丁:
        Conectiva
        ---------
        Conectiva已经为此发布了一个安全公告(CLA-2002:448)以及相应补丁:
        CLA-2002:448:libgtop vulnerabilities
        链接:
        补丁下载:
        ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/libgtop-1.0.13-U50_2cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/libgtop-1.0.13-U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/libgtop-devel-1.0.13-U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/libgtop-devel-static-1.0.13-U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.0/i386/libgtop-examples-1.0.13-U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/libgtop-1.0.13-U51_2cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/libgtop-1.0.13-U51_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/libgtop-devel-1.0.13-U51_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/libgtop-devel-static-1.0.13-U51_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/5.1/i386/libgtop-examples-1.0.13-U51_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/libgtop-1.0.13-U60_2cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libgtop-1.0.13-U60_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libgtop-devel-1.0.13-U60_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libgtop-devel-static-1.0.13-U60_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libgtop-examples-1.0.13-U60_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/libgtop-1.0.13-U70_2cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgtop-1.0.13-U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgtop-devel-1.0.13-U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgtop-devel-static-1.0.13-U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgtop-examples-1.0.13-U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/libgtop-1.0.13-U50_2cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/libgtop-1.0.13-U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/libgtop-devel-1.0.13-U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/libgtop-devel-static-1.0.13-U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/libgtop-examples-1.0.13-U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/libgtop-1.0.13-U50_2cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/libgtop-1.0.13-U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/libgtop-devel-1.0.13-U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/libgtop-devel-static-1.0.13-U50_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/libgtop-examples-1.0.13-U50_2cl.i386.rpm
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-098-1)以及相应补丁:
        DSA-098-1:libgtop: format string vulnerability and buffer overflow
        链接:
        http://www.debian.org/security/2002/dsa-098

        补丁下载:
        Debian GNU/Linux 2.2 alias potato
        - ---------------------------------
         Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
         Source archives:
        
        http://security.debian.org/dists/stable/updates/main/source/libgtop_1.0.6-1.1.diff.gz

        
        http://security.debian.org/dists/stable/updates/main/source/libgtop_1.0.6-1.1.dsc

        
        http://security.debian.org/dists/stable/updates/main/source/libgtop_1.0.6.orig.tar.gz

         Alpha architecture:
        
        http://security.debian.org/dists/stable/updates/main/binary-alpha

- 漏洞信息

13994
GNOME libgtop permitted Function Authentication Data Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2001-11-28 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

GNOME libgtop_daemon Remote Buffer Overflow Vulnerability
Boundary Condition Error 3594
Yes No
2001-11-28 12:00:00 2009-07-11 09:06:00
Discovered by Flavio Veloso <flaviovs@magnux.com> and posted to the BugTraq mailing list on November 28, 2001.

- 受影响的程序版本

GNOME libgtop_daemon 1.0.13
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
GNOME libgtop_daemon 1.0.12
+ Conectiva Linux 7.0
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
GNOME libgtop_daemon 1.0.9
+ Conectiva Linux 6.0
+ Mandriva Linux Mandrake 7.2
GNOME libgtop_daemon 1.0.7
+ Conectiva Linux 5.1
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 7.1
GNOME libgtop_daemon 1.0.6
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce

- 漏洞讨论

The GNOME libgtop_daemon is used to monitor processes running on a remote system.

Under some conditions, when a remote connection fails, user supplied input is used as within a log message. As part of this operation, the input is copied from a buffer in an unsafe manner. This will overwrite part of the stack, possibly leading to remote code execution as the libgtop_daemon user.

Older versions of libgtop_daemon may share this vulnerability.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Debian has released an advisory (DSA 301-1) which addresses this issue. Please see the attached advisory for details on obtaining and applying fixes.

Fixes are available:


GNOME libgtop_daemon 1.0.12

GNOME libgtop_daemon 1.0.13

GNOME libgtop_daemon 1.0.6

GNOME libgtop_daemon 1.0.7

GNOME libgtop_daemon 1.0.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站