CVE-2002-1194
CVSS7.5
发布时间 :2002-10-28 00:00:00
修订时间 :2008-09-10 15:14:02
NMCOS    

[原文]Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other operating systems, may allow remote attackers to execute arbitrary code via a long inbound message.


[CNNVD]NetBSD talkd远程缓冲区溢出漏洞(CNNVD-200210-298)

        
        NetBSD是一款免费开放源代码的UNIX操作系统。
        NetBSD的talkd没有正确检查进入系统的消息,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击。
        NetBSD的talkd服务没有对进入的信息进行正确的缓冲区边界检查,盲目把数据拷贝到固定的缓冲区中,可导致产生缓冲区溢出,精心构建提交数据可能以root用户的权限在系统上执行任意指令,不过没有得到证实。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:netbsd:netbsd:1.5.2NetBSD 1.5.2
cpe:/o:netbsd:netbsd:1.5.3NetBSD 1.5.3
cpe:/o:netbsd:netbsd:1.5.1NetBSD 1.5.1
cpe:/o:netbsd:netbsd:1.5NetBSD 1.5
cpe:/o:netbsd:netbsd:1.6NetBSD 1.6

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1194
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1194
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200210-298
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/5910
(UNKNOWN)  BID  5910
http://www.iss.net/security_center/static/10303.php
(VENDOR_ADVISORY)  XF  netbsd-talkd-bo(10303)
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-019.txt.asc
(UNKNOWN)  NETBSD  NetBSD-SA2002-019

- 漏洞信息

NetBSD talkd远程缓冲区溢出漏洞
高危 未知
2002-10-28 00:00:00 2005-10-20 00:00:00
本地  
        
        NetBSD是一款免费开放源代码的UNIX操作系统。
        NetBSD的talkd没有正确检查进入系统的消息,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击。
        NetBSD的talkd服务没有对进入的信息进行正确的缓冲区边界检查,盲目把数据拷贝到固定的缓冲区中,可导致产生缓冲区溢出,精心构建提交数据可能以root用户的权限在系统上执行任意指令,不过没有得到证实。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 暂时关闭NetBSD的talkd服务。
        厂商补丁:
        NetBSD
        ------
        NetBSD已经为此发布了一个安全公告(NetBSD-SA2002-019)以及相应补丁:
        NetBSD-SA2002-019:Buffer overrun in talkd
        链接:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-019.txt.asc
        * NetBSD-current:
         系统运行在2002-09-20之前的NetBSD-current版本必须升级到2002-09-20 NetBSD-current版本或者之后的版本。
        
         下面的目录必须从netbsd-current CVS branch (aka HEAD)升级:
        
         libexec/talkd
        
         要升级CVS,重建和重安装talkd:
        
         # cd src
         # cvs update -d -P libexec/talkd
         # cd libexec/talkd
         # make cleandir dependall
         # make install
        
        * NetBSD 1.6:
        
         系统运行2002-10-03之前的NetBSD 1.6 branch必须升级到2002-10-03 NetBSD 1.6 branch版本或者之后的版本。
        
         下面的目录必须从netbsd-1-6 CVS branch上升级:
         libexec/talkd
        
         要升级CVS,重建和重安装talkd:
        
         # cd src
         # cvs update -d -P -r netbsd-1-6 libexec/talkd
         # cd libexec/talkd
         # make cleandir dependall
         # make install
        
        * NetBSD 1.5, 1.5.1, 1.5.2, 1.5.3:
         系统运行2002-09-20之前的NetBSD 1.5 branch必须升级到2002-10-03 NetBSD 1.5 branch版本或者之后的版本。
        
         下面的目录必须从netbsd-1-5 CVS branch上升级:
         libexec/talkd
        
         要升级CVS,重建和重安装talkd:
        
         # cd src
         # cvs update -d -P -r netbsd-1-5 libexec/talkd
         # cd libexec/talkd
         # make cleandir dependall
         # make install

- 漏洞信息

7564
NetBSD talkd Inbound Message Overflow
Local Access Required, Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity, Loss of Availability

- 漏洞描述

A remote overflow exists in the talk daemon on NetBSD. The talk daemon fails to check the length of incoming messages, resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.

- 时间线

2002-10-08 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.6.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the vendor-supplied patch.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

NetBSD talkd Buffer Overflow Vulnerability
Unknown 5910
No Yes
2002-10-08 12:00:00 2009-07-11 06:06:00
Discovery of this vulnerability credited to xs@kittenz.org.

- 受影响的程序版本

NetBSD NetBSD 1.6
NetBSD NetBSD 1.5.3
NetBSD NetBSD 1.5.2
NetBSD NetBSD 1.5.1
NetBSD NetBSD 1.5

- 漏洞讨论

A buffer overflow vulnerability has been reported for the talkd service shipped with NetBSD. Reportedly, the talkd service does not perform proper bounds checking on inbound messages before copying data to a destination buffer.

An attacker can exploit this vulnerability to obtain elevated privileges on a vulnerable system.

As this vulnerability is due to a buffer overflow condition, it is possible for a malicious attacker to cause talkd to execute code. This, however, has not been confirmed.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

NetBSD has released an advisory. Users are advised to upgrade the talkd binary.

Users of NetBSD-current are advised to upgrade to NetBSD-current dated 2002-09-20 or later. Users of NetBSD 1.6 are advised to upgrade from NetBSD 1.6 sources dated 2002-10-03 or later. Users of NetBSD 1.5 through 1.5.3 from NetBSD 1.5.* sources dated 2002-09-20 or later. Further details are available in the referenced advisory.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站