CVE-2002-0370
CVSS7.5
发布时间 :2002-10-10 00:00:00
修订时间 :2016-10-17 22:19:50
NMCOS    

[原文]Buffer overflow in the ZIP capability for multiple products allows remote attackers to cause a denial of service or execute arbitrary code via ZIP files containing entries with long filenames, including (1) Microsoft Windows 98 with Plus! Pack, (2) Windows XP, (3) Windows ME, (4) Lotus Notes R4 through R6 (pre-gold), (5) Verity KeyView, and (6) Stuffit Expander before 7.0.


[CNNVD]Microsoft Windows ZIP文件超长文件名缓冲区溢出漏洞(MS02-054)(CNNVD-200210-238)

        
        Microsoft Windows是微软发布的非常流行的操作系统。
        Microsoft Windows的压缩文件夹功能允许用户以压缩格式存储数据文件和文件夹,以节省存储空间。由于用于从压缩文件进行解压的程序中存在未经检查的缓冲区,因此攻击者可以创建包含有畸形文件名的压缩文件,如果用户打开了该文件就会导致Windows资源管理器失效,或执行任意代码。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:ibm:lotus_notes:5.0.9aIBM Lotus Notes 5.0.9a
cpe:/o:microsoft:windows_xp::sp1:home
cpe:/a:verity:keyview_viewing_sdk:gold
cpe:/o:microsoft:windows_xp::gold:professionalMicrosoft Windows XP Professional Gold
cpe:/a:allume_systems_division:stuffit_expander:6.5.2
cpe:/o:microsoft:windows_meMicrosoft Windows ME
cpe:/a:winzip:winzip:7.0WinZip 7.0
cpe:/a:ibm:lotus_notes:5.0IBM Lotus Notes 5.0
cpe:/a:ibm:lotus_notes:5.0.2IBM Lotus Notes 5.0.2
cpe:/a:ibm:lotus_notes:4.5IBM Lotus Notes 4.5
cpe:/a:ibm:lotus_notes:5.0.1IBM Lotus Notes 5.0.1
cpe:/a:ibm:lotus_notes:5.0.3IBM Lotus Notes 5.0.3
cpe:/a:ibm:lotus_notes:5.0.5IBM Lotus Notes 5.0.5
cpe:/a:ibm:lotus_notes:r5IBM Lotus Notes R5
cpe:/a:ibm:lotus_notes:5.0.11IBM Lotus Notes 5.0.11
cpe:/a:ibm:lotus_notes:5.0.10IBM Lotus Notes 5.0.10
cpe:/a:ibm:lotus_notes:5.0.4IBM Lotus Notes 5.0.4
cpe:/o:microsoft:windows_xp:::home
cpe:/a:ibm:lotus_notes:r6IBM Lotus Notes R6
cpe:/a:microsoft:windows_98_plus_packMicrosoft Windows 98 Plus Pack

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0370
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0370
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-238
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0009.html
(UNKNOWN)  VULNWATCH  20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues
http://marc.info/?l=bugtraq&m=103428193409223&w=2
(UNKNOWN)  BUGTRAQ  20021002 R7-0004: Multiple Vendor Long ZIP Entry Filename Processing Issues
http://securityreason.com/securityalert/587
(UNKNOWN)  SREASON  587
http://www.info-zip.org/FAQ.html
(UNKNOWN)  CONFIRM  http://www.info-zip.org/FAQ.html
http://www.info.apple.com/usen/security/security_updates.html
(UNKNOWN)  CONFIRM  http://www.info.apple.com/usen/security/security_updates.html
http://www.iss.net/security_center/static/10251.php
(VENDOR_ADVISORY)  XF  win-zip-decompression-bo(10251)
http://www.kb.cert.org/vuls/id/383779
(VENDOR_ADVISORY)  CERT-VN  VU#383779
http://www.microsoft.com/technet/security/bulletin/ms02-054.asp
(VENDOR_ADVISORY)  MS  MS02-054
http://www.securityfocus.com/bid/5873
(VENDOR_ADVISORY)  BID  5873

- 漏洞信息

Microsoft Windows ZIP文件超长文件名缓冲区溢出漏洞(MS02-054)
高危 边界条件错误
2002-10-10 00:00:00 2006-09-22 00:00:00
本地  
        
        Microsoft Windows是微软发布的非常流行的操作系统。
        Microsoft Windows的压缩文件夹功能允许用户以压缩格式存储数据文件和文件夹,以节省存储空间。由于用于从压缩文件进行解压的程序中存在未经检查的缓冲区,因此攻击者可以创建包含有畸形文件名的压缩文件,如果用户打开了该文件就会导致Windows资源管理器失效,或执行任意代码。
        

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS02-054)以及相应补丁:
        MS02-054:Unchecked Buffer in File Decompression Functions Could Lead to Code Execution (Q329048)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS02-054.asp

        补丁下载:
        * Windows 98 with Plus! Pack:
        
        http://www.microsoft.com/windows98/downloads/contents/WUCritical/q329048/default.asp

        * Windows XP:
        
        http://www.microsoft.com/Downloads/Release.asp?ReleaseID=43419

- 漏洞信息

59738
Microsoft Windows ZIP Filename Handling Overflow DoS
Local / Remote, Context Dependent Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability

- 漏洞描述

- 时间线

2002-10-02 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Vendor ZIP Files Long Filename Buffer Overflow Vulnerability
Boundary Condition Error 5873
No Yes
2002-10-03 12:00:00 2009-07-11 05:06:00
Discovery of this vulnerability is credited to Joe Testa of Rapid7, Inc.

- 受影响的程序版本

WinZip WinZip 7.0
Verity Inc. KeyView Viewing SDK
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows ME
Microsoft Windows 98 With Plus! Pack
Lotus Notes Client 5.0.11
Lotus Notes Client 5.0.10
Lotus Notes Client 5.0.9 a
Lotus Notes Client 5.0.5
Lotus Notes Client 5.0.4
Lotus Notes Client 5.0.3
Lotus Notes Client 5.0.2
Lotus Notes Client 5.0.1
Lotus Notes Client 5.0
Lotus Notes Client 4.5
- Apple Mac OS 7 7.6
- Apple Mac OS 8 8.5
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Lotus Notes Client R6
Lotus Notes Client R5
Aladdin Systems Inc. Stuffit Expander 7.5
Aladdin Systems Inc. Stuffit Expander 7.0
Aladdin Systems Inc. Stuffit Expander 6.5.2
zlib zlib 1.1.4
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ GLT GLT 0.6
+ NetBSD NetBSD 1.6
+ NetBSD NetBSD 1.5.3
+ NetBSD NetBSD 1.5.2
+ NetBSD NetBSD 1.5.1
+ NetBSD NetBSD 1.5
- NullSoft Winamp 2.79
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ Sun Cobalt Qube 3
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt Qube3 Japanese 4000WGJ
+ Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ
+ Sun Cobalt Qube3 Japanese w/Caching 4010WGJ
+ Sun Cobalt Qube3 w/ Caching and RAID 4100WG
+ Sun Cobalt Qube3 w/Caching 4010WG
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ XTR
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ XTR Japanese 3500R-ja
+ Sun Cobalt RaQ4 3001R
+ Sun Cobalt RaQ4 Japanese RAID 3100R-ja
+ Sun Cobalt RaQ4 RAID 3100R
+ Sun Linux 5.0
zlib zlib 1.1.3
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ EnGarde Secure Linux 1.0.1
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1
- FreeBSD FreeBSD 4.0
- FreeS/WAN FreeS/WAN 1.9.6
- FreeS/WAN FreeS/WAN 1.9.5
- FreeS/WAN FreeS/WAN 1.9.4
- FreeS/WAN FreeS/WAN 1.9.3
- FreeS/WAN FreeS/WAN 1.9.2
- FreeS/WAN FreeS/WAN 1.9.1
- FreeS/WAN FreeS/WAN 1.9
+ GLT GLT 0.5
+ IBM AIX 5.1
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
- NullSoft Winamp 2.78
- NullSoft Winamp 2.77
- NullSoft Winamp 2.76
- NullSoft Winamp 2.75
- NullSoft Winamp 2.74
- NullSoft Winamp 2.73
- NullSoft Winamp 2.72
- NullSoft Winamp 2.71
- NullSoft Winamp 2.70
+ OpenPKG OpenPKG 1.0
+ Openwall Openwall GNU/*/Linux 0.1 -stable
+ Red Hat Linux 6.2
+ RedHat Linux 7.2
+ RedHat Linux 7.1
+ RedHat Linux 7.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
+ Sun Solaris 8_x86
+ Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
- Sun Solaris 2.5
- TightVNC TightVNC 1.2 .0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
- VNCThing VNCThing 2.2
zlib zlib 1.1.2
zlib zlib 1.1.1
zlib zlib 1.1
WinZip WinZip 8.0
RARLAB WinRar 3.0 .0
Microsoft Windows XP Professional SP1
Microsoft Windows XP Home SP1
Aladdin Systems Inc. Stuffit Expander 7.5
Aladdin Systems Inc. Stuffit Expander 7.0

- 不受影响的程序版本

zlib zlib 1.1.4
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ GLT GLT 0.6
+ NetBSD NetBSD 1.6
+ NetBSD NetBSD 1.5.3
+ NetBSD NetBSD 1.5.2
+ NetBSD NetBSD 1.5.1
+ NetBSD NetBSD 1.5
- NullSoft Winamp 2.79
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux Advanced Work Station 2.1
+ Sun Cobalt Qube 3
+ Sun Cobalt Qube3 4000WG
+ Sun Cobalt Qube3 Japanese 4000WGJ
+ Sun Cobalt Qube3 Japanese w/ Caching and RAID 4100WGJ
+ Sun Cobalt Qube3 Japanese w/Caching 4010WGJ
+ Sun Cobalt Qube3 w/ Caching and RAID 4100WG
+ Sun Cobalt Qube3 w/Caching 4010WG
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ XTR
+ Sun Cobalt RaQ XTR 3500R
+ Sun Cobalt RaQ XTR Japanese 3500R-ja
+ Sun Cobalt RaQ4 3001R
+ Sun Cobalt RaQ4 Japanese RAID 3100R-ja
+ Sun Cobalt RaQ4 RAID 3100R
+ Sun Linux 5.0
zlib zlib 1.1.3
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Workstation 3.1.1
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ EnGarde Secure Linux 1.0.1
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1
- FreeBSD FreeBSD 4.0
- FreeS/WAN FreeS/WAN 1.9.6
- FreeS/WAN FreeS/WAN 1.9.5
- FreeS/WAN FreeS/WAN 1.9.4
- FreeS/WAN FreeS/WAN 1.9.3
- FreeS/WAN FreeS/WAN 1.9.2
- FreeS/WAN FreeS/WAN 1.9.1
- FreeS/WAN FreeS/WAN 1.9
+ GLT GLT 0.5
+ IBM AIX 5.1
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
- NullSoft Winamp 2.78
- NullSoft Winamp 2.77
- NullSoft Winamp 2.76
- NullSoft Winamp 2.75
- NullSoft Winamp 2.74
- NullSoft Winamp 2.73
- NullSoft Winamp 2.72
- NullSoft Winamp 2.71
- NullSoft Winamp 2.70
+ OpenPKG OpenPKG 1.0
+ Openwall Openwall GNU/*/Linux 0.1 -stable
+ Red Hat Linux 6.2
+ RedHat Linux 7.2
+ RedHat Linux 7.1
+ RedHat Linux 7.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
+ Sun Solaris 8_x86
+ Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
- Sun Solaris 2.5
- TightVNC TightVNC 1.2 .0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
- VNCThing VNCThing 2.2
zlib zlib 1.1.2
zlib zlib 1.1.1
zlib zlib 1.1
WinZip WinZip 8.0
RARLAB WinRar 3.0 .0
Microsoft Windows XP Professional SP1
Microsoft Windows XP Home SP1
Aladdin Systems Inc. Stuffit Expander 7.5
Aladdin Systems Inc. Stuffit Expander 7.0

- 漏洞讨论

A vulnerability has been reported that affects many libraries and applications that decompress ZIP files.

Reportedly, some clients behave unpredictably upon processing ZIP files that contain files with overly long names. The vulnerability has different effects depending on the decompression utility.

The effects of this vulnerability typically result in the client crashing and, in some situations, there exists a possibility for code execution.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Microsoft has incorporated the fix for the malformed filename buffer overflow into Windows XP Professional SP1 and Windows XP Home SP1. Users are able to download individual fixes for Windows XP. Updates for Microsoft Windows Me are available through the Windows Update site.

Apple has released Security Advisory APPLE-SA-2002-10-02 and APPLE-SA-2002-10-15. Users of Stuffit Expander 6.5.2 and earlier are advised to upgrade to Stuffit Expander 7.0 which is not vulnerable to this issue. Further details can be found in the Security Advisories.


Microsoft Windows XP Home

Microsoft Windows XP Home SP1

Microsoft Windows XP Professional

Microsoft Windows XP Professional SP1

Microsoft Windows 98 With Plus! Pack

Aladdin Systems Inc. Stuffit Expander 6.5.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站