CVE-2002-0586
CVSS7.5
发布时间 :2002-06-18 00:00:00
修订时间 :2008-09-05 16:28:24
NMCOS    

[原文]Format string vulnerability in Ns_PdLog function for the external database driver proxy daemon library (libnspd.a) of AOLServer 3.0 through 3.4.2 allows remote attackers to execute arbitrary code via the Error or Notice parameters.


[CNNVD]AOLServer Developer API Ns_PdLog()远程格式化串漏洞(CNNVD-200206-037)

        
        AOLServer是一款免费开放源代码的HTTP服务程序,由AOL公司和开放源代码开发团体合作开发。提供如TCL解析,动态内容处理等功能。
        AOLServer提供的外部数据库驱动Proxy守护程序API存在格式化串漏洞,可能导致远程攻击者以AOLServer的进程权限执行在系统上执行任意指令。
        其中API中的Ns_PdLog()传递外部数据到syslog()函数,攻击者可以使用一个包含格式串的恶意字符串作为参数提供给Ns_PdLog()函数,这个字符串将被作为格式串传递给syslog()函数,可能导致攻击者任意修改任意内存的内容,以AOLServer的进程权限执行在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:aol:aol_server:3.0
cpe:/a:aol:aol_server:3.1
cpe:/a:aol:aol_server:3.4.1
cpe:/a:aol:aol_server:3.3
cpe:/a:aol:aol_server:3.4
cpe:/a:aol:aol_server:3.2
cpe:/a:aol:aol_server:3.4.2
cpe:/a:aol:aol_server:3.2.1
cpe:/a:aol:aol_server:3.3.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0586
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0586
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200206-037
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/4535
(VENDOR_ADVISORY)  BID  4535
http://www.iss.net/security_center/static/8860.php
(VENDOR_ADVISORY)  XF  aolserver-dbproxy-format-string(8860)
http://archives.neohapsis.com/archives/bugtraq/2002-04/0195.html
(VENDOR_ADVISORY)  BUGTRAQ  20020416 [CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability
http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152
(UNKNOWN)  CONFIRM  http://sourceforge.net/tracker/index.php?func=detail&aid=533141&group_id=3152&atid=303152

- 漏洞信息

AOLServer Developer API Ns_PdLog()远程格式化串漏洞
高危 输入验证
2002-06-18 00:00:00 2005-10-20 00:00:00
远程※本地  
        
        AOLServer是一款免费开放源代码的HTTP服务程序,由AOL公司和开放源代码开发团体合作开发。提供如TCL解析,动态内容处理等功能。
        AOLServer提供的外部数据库驱动Proxy守护程序API存在格式化串漏洞,可能导致远程攻击者以AOLServer的进程权限执行在系统上执行任意指令。
        其中API中的Ns_PdLog()传递外部数据到syslog()函数,攻击者可以使用一个包含格式串的恶意字符串作为参数提供给Ns_PdLog()函数,这个字符串将被作为格式串传递给syslog()函数,可能导致攻击者任意修改任意内存的内容,以AOLServer的进程权限执行在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        AOL
        ---
        此漏洞在CVS branch nsd_v3_r3_p0 (post-AOLserver 3.4.2)已经得到修补,请到厂商的主页下载:
        
        http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1

- 漏洞信息

11909
AOLServer libnspd.a Library Ns_PdLog Function Format String
Local / Remote, Context Dependent Input Manipulation
Loss of Integrity Patch / RCS
Vendor Verified

- 漏洞描述

- 时间线

2002-04-16 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, AOL has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

AOLServer Developer API Ns_PdLog() Format String Vulnerability
Input Validation Error 4535
Yes Yes
2002-04-17 12:00:00 2009-07-11 12:46:00
Discovered by Guillaume Pelat.

- 受影响的程序版本

AOL AOLserver 4.0 .beta1
AOL AOLserver 3.4.2 Win32
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
AOL AOLserver 3.4.2
- Apple Mac OS X 10.0.3
- Caldera OpenLinux 2.4
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1
- Caldera OpenUnix 8.0
- Caldera UnixWare 7.1.1
- Caldera UnixWare 7.1 .0
- Caldera UnixWare 7
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- HP HP-UX 11.11
- HP HP-UX 11.0
- HP HP-UX 10.20
- Mandriva Linux Mandrake 8.1
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.6
- OpenBSD OpenBSD 3.0
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 alpha
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 alpha
- S.u.S.E. Linux 7.3 sparc
- S.u.S.E. Linux 7.3 ppc
- S.u.S.E. Linux 7.3 i386
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 i386
- S.u.S.E. Linux 7.0 alpha
- SCO eServer 2.3.1
- SGI IRIX 6.5.14
- SGI IRIX 6.5.13 m
- SGI IRIX 6.5.13 f
- SGI IRIX 6.5.13
- SGI IRIX 6.5.12 m
- SGI IRIX 6.5.12 f
- SGI IRIX 6.5.12
- SGI IRIX 6.5.11 m
- SGI IRIX 6.5.11 f
- SGI IRIX 6.5.11
- SGI IRIX 6.5.10 m
- SGI IRIX 6.5.10 f
- SGI IRIX 6.5.10
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.5.1
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
- Sun Solaris 7.0_x86
- Sun Solaris 7.0
- Sun Solaris 2.6_x86
- Sun Solaris 2.6
AOL AOLserver 3.4 Win32
AOL AOLserver 3.4
AOL AOLserver 3.3.1
AOL AOLserver 3.3 Win32
AOL AOLserver 3.2 Win32
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
AOL AOLserver 3.2 UNIX
- HP HP-UX 11.0
- Linux kernel 2.2.14
- Red Hat Linux 6.2
- SGI IRIX 6.4
- Sun Solaris 7.0
- Sun Solaris 2.6
AOL AOLserver 3.0
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X Server 10.0
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1
- Caldera UnixWare 7
- Debian Linux 2.2
- Digital OSF/1 4.0
- FreeBSD FreeBSD 3.3
- HP HP-UX 11.0
- HP HP-UX 10.20

- 漏洞讨论

AOLServer is the open source, freely available HTTP server maintained in cooperation between AOL and the open source developer community. It offers features such as TCL interpretation, and dynamic content handling.

A format string vulnerability has been reported in the external database driver proxy daemon API provided with AOLServer. The function Ns_PdLog() included as part of this package passes external data to the syslog() function as a format string.

- 漏洞利用

Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

AOLServer has been patched in CVS as of March 19, 2002.

More information can be found at the following URL :
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站