CVE-2002-1232
CVSS5.0
发布时间 :2002-11-04 00:00:00
修订时间 :2016-10-17 22:25:01
NMCOS    

[原文]Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.


[CNNVD]YPServ远程网络信息泄露漏洞(CNNVD-200211-011)

        
        ypserv是标准NIS/YP网络协议的一个实现。允许主机名,用户名和其他信息分布于网络各端。
        ypserv 2.5之前的版本对恶意NIS请求处理不正确,远程攻击者可以利用这个漏洞获得网络敏感信息。
        Thorsten Kukuck发现ypserv程序存在一个内存泄露问题。当恶意用户提交不存在的映射请求,服务程序会泄露部分旧的域名和映射名信息。
        <*链接:http://www.debian.org/security/2002/dsa-180
        *>

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:redhat:linux:7.0Red Hat Linux 7.0
cpe:/o:redhat:linux:6.2Red Hat Linux 6.2
cpe:/o:redhat:linux:7.1Red Hat Linux 7.1
cpe:/o:redhat:linux:7.2Red Hat Linux 7.2
cpe:/o:debian:debian_linux:2.2::ia-32
cpe:/o:redhat:linux:7.1::ia64
cpe:/o:debian:debian_linux:3.0::ppc
cpe:/o:redhat:linux:7.2::ia64
cpe:/o:debian:debian_linux:3.0::hppa
cpe:/o:redhat:linux:7.3Red Hat Linux 7.3
cpe:/o:debian:debian_linux:2.2::sparc
cpe:/o:debian:debian_linux:3.0::m68k
cpe:/o:redhat:linux:7.0::i386
cpe:/o:debian:debian_linux:2.2::68k
cpe:/o:redhat:linux:7.3::i386
cpe:/o:debian:debian_linux:3.0::sparc
cpe:/o:debian:debian_linux:3.0::s-390
cpe:/o:redhat:linux:6.2::i386
cpe:/o:redhat:linux:7.1::i386
cpe:/o:debian:debian_linux:2.2::arm
cpe:/o:debian:debian_linux:2.2::powerpc
cpe:/o:debian:debian_linux:3.0::arm
cpe:/o:debian:debian_linux:3.0::mipsel
cpe:/o:debian:debian_linux:3.0::ia-64
cpe:/o:debian:debian_linux:3.0::mips
cpe:/o:debian:debian_linux:3.0::alpha
cpe:/o:hp:secure_os:1.0::linux
cpe:/o:debian:debian_linux:2.2::alpha
cpe:/o:redhat:linux:6.2::alpha
cpe:/o:debian:debian_linux:3.0Debian Debian Linux 3.0
cpe:/o:redhat:linux:7.0::alpha
cpe:/o:debian:debian_linux:2.2Debian Debian Linux 2.2
cpe:/o:redhat:linux:6.2::sparc

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1232
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1232
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200211-011
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt
(UNKNOWN)  CALDERA  CSSA-2002-054.0
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539
(UNKNOWN)  CONECTIVA  CLA-2002:539
http://marc.info/?l=bugtraq&m=103582692228894&w=2
(UNKNOWN)  BUGTRAQ  20021028 GLSA: ypserv
http://online.securityfocus.com/advisories/4605
(UNKNOWN)  HP  HPSBTL0210-074
http://www.debian.org/security/2002/dsa-180
(VENDOR_ADVISORY)  DEBIAN  DSA-180
http://www.iss.net/security_center/static/10423.php
(VENDOR_ADVISORY)  XF  ypserv-map-memory-leak(10423)
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php
(UNKNOWN)  MANDRAKE  MDKSA-2002:078
http://www.redhat.com/support/errata/RHSA-2002-223.html
(PATCH)  REDHAT  RHSA-2002:223
http://www.redhat.com/support/errata/RHSA-2002-224.html
(UNKNOWN)  REDHAT  RHSA-2002:224
http://www.redhat.com/support/errata/RHSA-2003-229.html
(UNKNOWN)  REDHAT  RHSA-2003:229
http://www.securityfocus.com/bid/6016
(VENDOR_ADVISORY)  BID  6016

- 漏洞信息

YPServ远程网络信息泄露漏洞
中危 设计错误
2002-11-04 00:00:00 2005-05-13 00:00:00
远程  
        
        ypserv是标准NIS/YP网络协议的一个实现。允许主机名,用户名和其他信息分布于网络各端。
        ypserv 2.5之前的版本对恶意NIS请求处理不正确,远程攻击者可以利用这个漏洞获得网络敏感信息。
        Thorsten Kukuck发现ypserv程序存在一个内存泄露问题。当恶意用户提交不存在的映射请求,服务程序会泄露部分旧的域名和映射名信息。
        <*链接:http://www.debian.org/security/2002/dsa-180
        *>

- 公告与补丁

        厂商补丁:
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-180-1)以及相应补丁:
        DSA-180-1:New NIS packages fix information leak
        链接:
        http://www.debian.org/security/2002/dsa-180

        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1.dsc

        Size/MD5 checksum: 549 0648773dc9405dfc7db374119fdfff29
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1.diff.gz

        Size/MD5 checksum: 20525 0a95b9ded7ff489c1286063d6072d457
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.8.orig.tar.gz

        Size/MD5 checksum: 497044 69bd8aa6b24cb22266cdc04354d3e287
        Alpha architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_alpha.deb

        Size/MD5 checksum: 243476 2e4e1daacb4d89b0447eaacd2ba524eb
        ARM architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_arm.deb

        Size/MD5 checksum: 179622 68949d909772b5dd84a8b81090bd51bd
        Intel IA-32 architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_i386.deb

        Size/MD5 checksum: 165064 bae6f9b96c61c2dea0f23acb96795e3a
        Motorola 680x0 architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_m68k.deb

        Size/MD5 checksum: 158486 5601d33852631af0e5d742724cdc21fe
        PowerPC architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_powerpc.deb

        Size/MD5 checksum: 169010 9ff45f7490b1832dea2a48ef4549c707
        Sun Sparc architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.8-2.1_sparc.deb

        Size/MD5 checksum: 182990 07989d24beb219f9c5dc881b2e7439e2
        Debian GNU/Linux 3.0 alias woody
        --------------------------------
        Source archives:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1.dsc

        Size/MD5 checksum: 583 39867a9d09bec5430a09c1a797af267c
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1.diff.gz

        Size/MD5 checksum: 39172 5ffbfd98d5a2b795842800723c987e67
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.9.orig.tar.gz

        Size/MD5 checksum: 495695 b4d1c45619d8e3b20ef4b6032911a78c
        Alpha architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_alpha.deb

        Size/MD5 checksum: 203838 c1d79fbf7a7bc9b95ae6ea3c0355ba0e
        ARM architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_arm.deb

        Size/MD5 checksum: 165466 c73c0ea67dcf72d802164fadb52ed1f4
        Intel IA-32 architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_i386.deb

        Size/MD5 checksum: 166214 e0b4d5496ea0063c2a2ab184d0ca8688
        Intel IA-64 architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_ia64.deb

        Size/MD5 checksum: 236278 2573ec9f729f55634392d80c7ca7fdcf
        HP Precision architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_hppa.deb

        Size/MD5 checksum: 182482 b23d0bb92aee63825c186068c6971c17
        Motorola 680x0 architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_m68k.deb

        Size/MD5 checksum: 160114 70f5226204ebc3dadf9baacc3f7ea084
        Big endian MIPS architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_mips.deb

        Size/MD5 checksum: 176766 27275782bbb48e3ea8f230d5b7a55974
        Little endian MIPS architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_mipsel.deb

        Size/MD5 checksum: 176782 d1b102f9a84b0213c89a8d0f7e63bf60
        PowerPC architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_powerpc.deb

        Size/MD5 checksum: 168290 9f615b8886db258eba3d62c2462095de
        IBM S/390 architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_s390.deb

        Size/MD5 checksum: 166598 32c8445c48db60c7e86cf102b27189f2
        Sun Sparc architecture:
        
        http://security.debian.org/pool/updates/main/n/nis/nis_3.9-6.1_sparc.deb

        Size/MD5 checksum: 179352 8b38cd4b37a31316457312c7fac6b1ce
        补丁安装方法:
        1. 手工安装补丁包:
         首先,使用下面的命令来下载补丁软件:
         # wget url (url是补丁下载链接地址)
         然后,使用下面的命令来安装补丁:
         # dpkg -i file.deb (file是相应的补丁名)
        2. 使用apt-get自动安装补丁包:
         首先,使用下面的命令更新内部数据库:
         # apt-get update
        
         然后,使用下面的命令安装更新软件包:
         # apt-get upgrade

- 漏洞信息

14513
NIS ypserv ypdb_open Function Memory Consumption Remote DoS
Remote / Network Access Denial of Service
Loss of Availability

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-08-10 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

YPServ Remote Network Information Leakage Vulnerability
Design Error 6016
Yes No
2002-10-21 12:00:00 2009-07-11 06:06:00
Discovery credited to Thorsten Kukuk.

- 受影响的程序版本

Thorsten Kukuk ypserv 2.4
Thorsten Kukuk ypserv 2.3
Thorsten Kukuk ypserv 2.2
Thorsten Kukuk ypserv 2.1
Thorsten Kukuk ypserv 2.0
Sun Solaris 2.5.1 _x86
Sun Solaris 2.5.1
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 7.0_x86
Sun Solaris 7.0
Sun Solaris 2.6_x86
Sun Solaris 2.6
RedHat ypserv-2.2-9.i386.rpm
+ RedHat Linux 7.3
RedHat ypserv-1.3.9-3.i386.rpm
+ Red Hat Linux 6.2
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Linux 7.2 ia64
RedHat Linux 7.2
RedHat Linux 7.1 ia64
RedHat Linux 7.1 i386
RedHat Linux 7.1
RedHat Linux 7.0 i386
RedHat Linux 7.0 alpha
RedHat Linux 7.0
RedHat Linux 6.2 sparc
RedHat Linux 6.2 i386
RedHat Linux 6.2 alpha
Red Hat Linux 6.2
Mandriva Linux Mandrake 9.0
Mandriva Linux Mandrake 8.2 ppc
Mandriva Linux Mandrake 8.2
Mandriva Linux Mandrake 8.1 ia64
Mandriva Linux Mandrake 8.1
Mandriva Linux Mandrake 8.0 ppc
Mandriva Linux Mandrake 8.0
Mandriva Linux Mandrake 7.2
HP Secure OS software for Linux 1.0
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Debian Linux 2.2 sparc
Debian Linux 2.2 powerpc
Debian Linux 2.2 IA-32
Debian Linux 2.2 arm
Debian Linux 2.2 alpha
Debian Linux 2.2 68k
Debian Linux 2.2
Conectiva Linux 8.0
Conectiva Linux 7.0
Conectiva Linux 6.0
Caldera OpenLinux Workstation 3.1.1
Caldera OpenLinux Workstation 3.1
Caldera OpenLinux Server 3.1.1
Caldera OpenLinux Server 3.1
Thorsten Kukuk ypserv 2.5

- 不受影响的程序版本

Thorsten Kukuk ypserv 2.5

- 漏洞讨论

A remotely exploitable information leakage vulnerability has been discovered in the ypserv daemon. Versions prior to 2.5 are affected.

It has been reported that a remote attacker may be able to access sensitive network information by issuing a malicious NIS request to the ypserv daemon.

Information obtained through exploiting this issue may aid an attacker in launching further attacks against the target network.

It should be noted that this issue may be similar to the issue described in bid 5914.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

This issue has been addressed in the latest release of ypserv. Users are advised to upgrate to ypserv v2.5.

HP has released an advisory for HP Secure OS 1.0, and has recommended users of the operating system apply the fixes described in Red Hat Security Advisory RHSA-2002:223 titled "Updated ypserv packages fixes memory leak".

SCO has made fixes available for Caldera Linux.

Debian has released an advisory. Fixes are available.

Gentoo Linux has released an advisory. Users who have installed net-nds/ypserv-1.3.12 are urged to update systems by issuing the following commands:

emerge rsync
emerge ypserv
emerge clean

Conectiva Linux has released a security advisory containing fixes. Further information can be obtained from the referenced advisory.

Mandrake has release a security advisory containing fixes. Information about obtaining and applying fixes can be found in the referenced advisory.

Sun has released an advisory containing fixes.

Fixes:


Red Hat Linux 6.2

Sun Solaris 8_sparc

Sun Solaris 2.6_x86

RedHat ypserv-1.3.9-3.i386.rpm

Sun Solaris 7.0

RedHat ypserv-2.2-9.i386.rpm

Sun Solaris 9

Sun Solaris 7.0_x86

Sun Solaris 2.6

Sun Solaris 8_x86

Debian Linux 2.2 powerpc

Debian Linux 2.2

Debian Linux 2.2 arm

Debian Linux 2.2 alpha

Debian Linux 2.2 sparc

Debian Linux 2.2 68k

Thorsten Kukuk ypserv 2.4

Debian Linux 3.0 s/390

Debian Linux 3.0 alpha

Debian Linux 3.0 mips

Debian Linux 3.0 mipsel

Debian Linux 3.0 m68k

Debian Linux 3.0 hppa

Debian Linux 3.0 arm

Debian Linux 3.0 sparc

Debian Linux 3.0 ia-64

Debian Linux 3.0 ppc

Debian Linux 3.0

Caldera OpenLinux Server 3.1

Caldera OpenLinux Workstation 3.1

Caldera OpenLinux Server 3.1.1

Caldera OpenLinux Workstation 3.1.1

Conectiva Linux 6.0

Conectiva Linux 7.0

RedHat Linux 7.0

RedHat Linux 7.1

Mandriva Linux Mandrake 7.2

RedHat Linux 7.2

RedHat Linux 7.3

Mandriva Linux Mandrake 8.0 ppc

Conectiva Linux 8.0

Mandriva Linux Mandrake 8.0

Mandriva Linux Mandrake 8.1 ia64

Mandriva Linux Mandrake 8.1

Mandriva Linux Mandrake 8.2

Mandriva Linux Mandrake 8.2 ppc

Mandriva Linux Mandrake 9.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站