CVE-2002-1146
CVSS5.0
发布时间 :2002-10-11 00:00:00
修订时间 :2008-09-10 15:13:57
NMCOS    

[原文]The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).


[CNNVD]多个供应商libc DNS分解器信息泄露漏洞(CNNVD-200210-277)

        The BIND 4版本和BIND 8.2.x版本的存根分解器函数库,以及例如glibc 2.2.5版本和之前版本、libc和libresolv的其他函数库在处理DNS回复时使用最大值缓冲区容量而不是实际容量,导致存根分解器越过实际边界读取("read buffer overflow"),远程攻击者可以导致服务拒绝(崩溃)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1146
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1146
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-277
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/738331
(VENDOR_ADVISORY)  CERT-VN  VU#738331
http://www.iss.net/security_center/static/10295.php
(VENDOR_ADVISORY)  XF  dns-resolver-lib-read-bo(10295)
http://www.redhat.com/support/errata/RHSA-2003-212.html
(UNKNOWN)  REDHAT  RHSA-2003:212
http://www.redhat.com/support/errata/RHSA-2003-022.html
(UNKNOWN)  REDHAT  RHSA-2003:022
http://www.redhat.com/support/errata/RHSA-2002-258.html
(UNKNOWN)  REDHAT  RHSA-2002:258
http://www.redhat.com/support/errata/RHSA-2002-197.html
(UNKNOWN)  REDHAT  RHSA-2002:197
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:009
(UNKNOWN)  MANDRAKE  MDKSA-2004:009
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535
(UNKNOWN)  CONECTIVA  CLA-2002:535
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-015.txt.asc
(UNKNOWN)  NETBSD  NetBSD-SA2002-015

- 漏洞信息

多个供应商libc DNS分解器信息泄露漏洞
中危 缓冲区溢出
2002-10-11 00:00:00 2005-10-12 00:00:00
远程  
        The BIND 4版本和BIND 8.2.x版本的存根分解器函数库,以及例如glibc 2.2.5版本和之前版本、libc和libresolv的其他函数库在处理DNS回复时使用最大值缓冲区容量而不是实际容量,导致存根分解器越过实际边界读取("read buffer overflow"),远程攻击者可以导致服务拒绝(崩溃)。

- 公告与补丁

        Sun have released a security update to address this issue in the RAQ XTR. Please see references section for further details. A fix is linked below.
        HP has released a revised advisory (HPSBUX0208-209(rev.15)) to address this issue in affected HP-UX systems. Customers who are affected by this issue are advised to apply appropriate patches. Further information regarding obtaining and applying patches is available in the referenced advisory.
        HP has released an updated advisory HPSBUX0208-209(rev.14) for HP-UX systems. Preliminary updates for HP-UX 11 and 11.11 are available. Further information on obtaining and applying fixes is available in the referenced HP advisory (HPSBUX0208-209).
        A security fix was provided on October 1st, 2002 for Openwall GNU/*/Linux. Users should contact the vendor to obtain fixed glibc packages.
        Conectiva has released an advisory (CLA-2002:535) which contains upgrades. See the referenced advisory for further details on obtaining fixes.
        NetBSD 1.6 is not affected by this issue. Users are strongly urged to upgrade their systems to NetBSD 1.6 or to update to the most recent sources of the appropriate branches. Further details are available in the referenced NetBSD advisory.
        Red Hat has released an advisory (RHSA-2002:197-09). Updated glibc and nscd RPMs are available. See the attached advisory for details on obtaining fixes.
        FreeBSD has released an advisory. Users are advised to upgrade vulnerable systems to the 4.7-STABLE branch, or to the appropriate RELENG_4_x branch after the correction date. A patch is also available. Further details may be found in the referenced advisory.
        HP has released advisory HPSBUX0208-209 (rev.13) to address this issue.
        Mandrake has released an advisory MDKSA-2004:009 to address this issue. Please see the referenced advisory for more information.
        HP has released advisory HPSBTL0211-075 for HP Secure OS advising users to apply the fixes listed in Red Hat advisory RHSA-2002:197-09.
        Fixes are available:
        Sun Cobalt RaQ XTR
        
        HP HP-UX 10.10
        
        HP HP-UX 10.20
        
        HP HP-UX 11.0
        
        HP HP-UX 11.0 4
        
        HP HP-UX 11.11
        
        HP HP-UX 11.22
        
        GNU glibc 2.1.3
        

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Vendor libc DNS Resolver Information Leakage Vulnerability
Design Error 6116
Yes No
2002-10-01 12:00:00 2009-07-11 06:06:00
Discovery of this issue is credited to Dmitry V. Levin of ALT Linux, KOZUKA Masahiro <kozuka@masahiro.mbox.media.kyoto-u.ac.jp>, and Mark Andrews <mark.andrews@isc.org>.

- 受影响的程序版本

Sun Cobalt RaQ XTR
HP HP-UX 11.22
HP HP-UX 11.11
HP HP-UX 11.0 4
HP HP-UX 11.0
HP HP-UX 10.24
HP HP-UX 10.20
HP HP-UX 10.10
GNU glibc 2.2.5
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Gentoo Linux 0.7
+ Gentoo Linux 0.5
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ Slackware Linux 8.1
GNU glibc 2.2.4
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ Conectiva Linux 8.0
+ HP Secure OS software for Linux 1.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alphaev6
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 alphaev6
+ RedHat Linux 7.0 i686
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux Advanced Work Station 2.1
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ S.u.S.E. Linux Database Server 0
+ S.u.S.E. Linux Enterprise Server for S/390
+ S.u.S.E. Linux Firewall on CD
+ S.u.S.E. SuSE eMail Server III
+ Sun Linux 5.0.7
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
+ SuSE SUSE Linux Enterprise Server 7
GNU glibc 2.2.3
+ Conectiva Linux 7.0
GNU glibc 2.2.2
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
GNU glibc 2.2.1
GNU glibc 2.2
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ Wirex Immunix OS 7+
GNU glibc 2.1.3
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
+ EnGarde Secure Linux 1.0.1
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Openwall Openwall GNU/*/Linux 0.1 -stable
+ Red Hat Linux 6.2
+ RedHat Linux 6.2 sparcv9
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
+ S.u.S.E. Linux 6.4
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
+ Trustix Secure Linux 1.0 1
GNU glibc 2.1.2
GNU glibc 2.1.1
GNU glibc 2.1
GNU glibc 2.0.6
GNU glibc 2.0.5
GNU glibc 2.0.4
GNU glibc 2.0.3
GNU glibc 2.0.2
GNU glibc 2.0.1
GNU glibc 2.0
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.5

- 漏洞讨论

It has been reported that under some circumstances libc DNS resolver implementations may read beyond the end of undersized DNS responses. This issue may potentially cause memory contents to be leaked remotely.

Reportedly, this vulnerability is due to undersized buffers being passed to res_search() and res_query() functions. This may result in the contents of some memory being revealed to an attacker.

Any information obtained in this manner may aid an attacker in exploiting other existing vulnerabilities such as those that allow or rely on memory corruption.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Sun have released a security update to address this issue in the RAQ XTR. Please see references section for further details. A fix is linked below.

HP has released a revised advisory (HPSBUX0208-209(rev.15)) to address this issue in affected HP-UX systems. Customers who are affected by this issue are advised to apply appropriate patches. Further information regarding obtaining and applying patches is available in the referenced advisory.

HP has released an updated advisory HPSBUX0208-209(rev.14) for HP-UX systems. Preliminary updates for HP-UX 11 and 11.11 are available. Further information on obtaining and applying fixes is available in the referenced HP advisory (HPSBUX0208-209).

A security fix was provided on October 1st, 2002 for Openwall GNU/*/Linux. Users should contact the vendor to obtain fixed glibc packages.

Conectiva has released an advisory (CLA-2002:535) which contains upgrades. See the referenced advisory for further details on obtaining fixes.

NetBSD 1.6 is not affected by this issue. Users are strongly urged to upgrade their systems to NetBSD 1.6 or to update to the most recent sources of the appropriate branches. Further details are available in the referenced NetBSD advisory.

Red Hat has released an advisory (RHSA-2002:197-09). Updated glibc and nscd RPMs are available. See the attached advisory for details on obtaining fixes.

FreeBSD has released an advisory. Users are advised to upgrade vulnerable systems to the 4.7-STABLE branch, or to the appropriate RELENG_4_x branch after the correction date. A patch is also available. Further details may be found in the referenced advisory.

HP has released advisory HPSBUX0208-209 (rev.13) to address this issue.

Mandrake has released an advisory MDKSA-2004:009 to address this issue. Please see the referenced advisory for more information.

HP has released advisory HPSBTL0211-075 for HP Secure OS advising users to apply the fixes listed in Red Hat advisory RHSA-2002:197-09.

Fixes are available:


Sun Cobalt RaQ XTR

HP HP-UX 10.10

HP HP-UX 10.20

HP HP-UX 11.0

HP HP-UX 11.0 4

HP HP-UX 11.11

HP HP-UX 11.22

GNU glibc 2.1.3

GNU glibc 2.2.3

GNU glibc 2.2.4

GNU glibc 2.2.5

FreeBSD FreeBSD 4.5

FreeBSD FreeBSD 4.6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站