CVE-2002-1277
CVSS7.5
发布时间 :2002-11-12 00:00:00
修订时间 :2008-09-05 16:30:12
NMCOS    

[原文]Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.


[CNNVD]WindowMaker图象处理缓冲区溢出漏洞(CNNVD-200211-017)

        
        Window Maker是一款流行的桌面管理程序。
        Window Maker在装载图象时使用的一个函数存在问题,远程攻击者可以利用这个漏洞构建恶意图象并诱使用户设置为背景图象而触发缓冲区溢出。
        Window Maker当建立图象时会对图象长和宽相乘操作来分配缓冲区,但没有对其进行边界缓冲区检查,提供超大的图象长宽值可导致缓冲区溢出,可能以Window Maker进程权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:windowmaker:windowmaker:0.62
cpe:/a:windowmaker:windowmaker:0.61.1
cpe:/a:windowmaker:windowmaker:0.20.1.3
cpe:/a:windowmaker:windowmaker:0.63
cpe:/a:windowmaker:windowmaker:0.61
cpe:/a:windowmaker:windowmaker:0.80
cpe:/a:windowmaker:windowmaker:0.53
cpe:/a:windowmaker:windowmaker:0.65
cpe:/a:windowmaker:windowmaker:0.64
cpe:/a:windowmaker:windowmaker:0.63.1
cpe:/a:windowmaker:windowmaker:0.62.1
cpe:/a:windowmaker:windowmaker:0.52.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1277
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1277
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200211-017
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/6119
(VENDOR_ADVISORY)  BID  6119
http://www.redhat.com/support/errata/RHSA-2003-009.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2003:009
http://www.debian.org/security/2002/dsa-190
(VENDOR_ADVISORY)  DEBIAN  DSA-190
http://www.iss.net/security_center/static/10560.php
(VENDOR_ADVISORY)  XF  window-maker-image-bo(10560)
http://www.redhat.com/support/errata/RHSA-2003-043.html
(UNKNOWN)  REDHAT  RHSA-2003:043
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-085.php
(UNKNOWN)  MANDRAKE  MDKSA-2002:085
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548
(UNKNOWN)  CONECTIVA  CLA-2002:548

- 漏洞信息

WindowMaker图象处理缓冲区溢出漏洞
高危 边界条件错误
2002-11-12 00:00:00 2005-05-13 00:00:00
远程  
        
        Window Maker是一款流行的桌面管理程序。
        Window Maker在装载图象时使用的一个函数存在问题,远程攻击者可以利用这个漏洞构建恶意图象并诱使用户设置为背景图象而触发缓冲区溢出。
        Window Maker当建立图象时会对图象长和宽相乘操作来分配缓冲区,但没有对其进行边界缓冲区检查,提供超大的图象长宽值可导致缓冲区溢出,可能以Window Maker进程权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        Conectiva
        ---------
        Conectiva已经为此发布了一个安全公告(CLA-2002:548)以及相应补丁:
        CLA-2002:548:windowmaker
        链接:
        http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548

        补丁下载:
        ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/WindowMaker-0.62.1-13U60_2cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/WindowMaker-0.62.1-13U60_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/6.0/RPMS/WindowMaker-devel-0.62.1-13U60_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/WindowMaker-0.65.1-2U70_2cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-0.65.1-2U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-devel-0.65.1-2U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-devel-static-0.65.1-2U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-doc-0.65.1-2U70_2cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/SRPMS/WindowMaker-0.80.0-3U80_1cl.src.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-0.80.0-3U80_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-devel-0.80.0-3U80_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-devel-static-0.80.0-3U80_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-doc-0.80.0-3U80_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-2.2.0-13U80_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-devel-2.2.0-13U80_1cl.i386.rpm
        ftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-devel-static-2.2.0-13U80_1cl.i386.rpm
        Conectiva Linux version 6.0及以上版本的用户可以使用apt进行RPM包的更新:
        - 把以下的文本行加入到/etc/apt/sources.list文件中:
        
        rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
        (如果你不是使用6.0版本,用合适的版本号代替上面的6.0)
        - 执行: apt-get update
        - 更新以后,再执行: apt-get upgrade
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-190-1)以及相应补丁:
        DSA-190-1:buffer overflow in Window Maker
        链接:
        http://www.debian.org/security/2002/dsa-190

        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0.orig.tar.gz

        Size/MD5 checksum: 2452207 0768a12edff35cba82e769fcbc8de430
        
        http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.diff.gz

        Size/MD5 checksum: 323198 c1a49502d07e18044d2e1b579c7144fb
        
        http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.dsc

        Size/MD5 checksum: 1463 81ac44a6b0ea1dedc49834f35e5bfb51
        alpha architecture (DEC Alpha)
        
        http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_alpha.deb

        Size/MD5 checksum: 2292278 015fa329febee7722ace1d233989c5b0
        
        http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_alpha.deb

        Size/MD5 checksum: 448638 642310838f93352e6461ba73d28ad178
        
        http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_alpha.deb

        Size/MD5 checksum: 124220 7614f26566c44ce413e5ca05e8f3e146
        
        http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_alpha.deb

        Size/MD5 checksum: 60026 e74d2e084ac969d1ea7d349140d2721e
        
        http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_alpha.deb

        Size/MD5 checksum: 108778 400114e0b4d35b37d573efee840e6e73
        arm architecture (ARM)
        
        http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_arm.deb

        Size/MD5 checksum: 340944 9d611e16b7b35ed5985f037a4f8f5635
        
        http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_arm.deb

        Size/MD5 checksum: 107852 23a35885f237a23b733ef105438761aa
        
        http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_arm.deb

        Size/MD5 checksum: 2068456 aa0f4630de38323faf835cf4f965b7fe
        
        http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_arm.deb

        Size/MD5 checksum: 59220 e334af4dad5edcc5cd1c1ac4e8cbefeb
        
        http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_arm.deb

        Size/MD5 checksum: 95684 3a468466a4223b14b8f3b43acab410de
        hppa architecture (HP PA RISC)
        
        http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_hppa.deb

        Size/MD5 checksum: 2189302 ef8befcc5bba64f0599f082569d56958
        

- 漏洞信息

8356
Window Maker Image File Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-11-07 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

WindowMaker Image Handling Buffer Overflow Vulnerability
Boundary Condition Error 6119
Yes No
2002-11-07 12:00:00 2009-07-11 06:06:00
Credited to Al Viro.

- 受影响的程序版本

Windowmaker Windowmaker 0.80
+ Conectiva Linux 8.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ Sun Linux 5.0
Windowmaker Windowmaker 0.65.1
+ Conectiva Linux 7.0
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
Windowmaker Windowmaker 0.65
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Linux Advanced Work Station 2.1
Windowmaker Windowmaker 0.64
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0
+ Sun Linux 5.0.6
Windowmaker Windowmaker 0.63.1
Windowmaker Windowmaker 0.63
Windowmaker Windowmaker 0.62.1
+ Conectiva Linux 6.0
+ Mandriva Linux Mandrake 7.2
Windowmaker Windowmaker 0.62
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
Windowmaker Windowmaker 0.61.1
+ Red Hat Linux 6.2
+ RedHat Linux 6.2 i386
Windowmaker Windowmaker 0.61
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Debian Linux 2.2
- MandrakeSoft Corporate Server 1.0.1
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
Windowmaker Windowmaker 0.53
+ FreeBSD FreeBSD 3.2
Windowmaker Windowmaker 0.52 -2
+ RedHat Linux 6.0
Windowmaker Windowmaker 0.20.1 -3
+ RedHat Linux 5.2 i386
SGI ProPack 2.3
SGI ProPack 2.2.1

- 漏洞讨论

A buffer overflow vulnerability has been reported in WindowMaker. The condition occurs when processing malformed images. It may be possible to exploit this condition on target systems through malicious image files included in the often downloaded "theme" packages.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Mandrake has released an advisory, MDKSA-2002:085, containing fixes. Information about obtaining and applying fixes can be found in the referenced advisory.

Red Hat has released advisory RHSA-2003:043-14 with fixes to address this issue.

Sun Microsystems has released a fix for Sun Linux 5.0.6.

Red Hat has released advisory RHSA-2003:009-09 to address this issue in their Linux Enterprise software. Relevant patches are available through the Red Hat Network. See the referenced advisory for additional details.

SGI has released an advisory (20031002-01-U) pertaining to their ProPack Linux distribution. The advisory has been released in response to a number of RHSA advisories, and includes a patch (Patch 10027) containing updated RPM packages relating to 22 different BIDS.

Patch 10027 can be obtained via the following link:
http://support.sgi.com/

For information regarding how to obtain individual RPM packages included in Patch 10027, please see the attached advisory.

Debian and Conectiva have released fixes:


Windowmaker Windowmaker 0.61.1

Windowmaker Windowmaker 0.62.1

Windowmaker Windowmaker 0.64

Windowmaker Windowmaker 0.65.1

Windowmaker Windowmaker 0.80

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站