CVE-2002-1308
CVSS7.5
发布时间 :2002-11-29 00:00:00
修订时间 :2016-10-17 22:25:42
NMCOS    

[原文]Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.


[CNNVD]Netscape/Mozilla JAR远程堆破坏漏洞(CNNVD-200211-070)

        
        Netscape/Mozilla是流行的WEB浏览器。
        Netscape/Mozilla使用的JAR URI处理器对包含在JAR文件中非法文件长度信息缺少检查,远程攻击者可以利用这个漏洞使浏览器产生基于堆的破坏,可能以用户进程的权限在系统上执行任意指令。
        攻击者可以构建包含恶意JAR文件,包含非法文件长度信息,当客户端浏览器尝试解压缩恶意JAR文件时,非法的值就被用于分配过多的缓冲区空间,而浏览器本身没有对此操作进行充分的缓冲区边界检查,如果过多的数据被解压缩可导致发生基于堆的破坏,精心构建提交数据可能以用户进程的权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:mozilla:mozilla:0.9.9Mozilla Mozilla 0.9.9
cpe:/a:mozilla:mozilla:0.9.7Mozilla Mozilla 0.9.7
cpe:/a:mozilla:mozilla:0.9.8Mozilla Mozilla Browser 0.9.8
cpe:/a:netscape:navigator:7.0Netscape Navigator 7.0
cpe:/a:mozilla:mozilla:1.1Mozilla Mozilla 1.1
cpe:/a:mozilla:mozilla:1.0Mozilla Mozilla 1.0
cpe:/a:netscape:navigator:6.2.3Netscape Netscape 6.2.3
cpe:/a:netscape:navigator:6.2.2Netscape Netscape 6.2.2
cpe:/a:netscape:navigator:6.2Netscape Netscape 6.2
cpe:/a:mozilla:mozilla:0.9.6Mozilla Mozilla Browser 0.9.6
cpe:/a:mozilla:mozilla:1.0.1Mozilla Mozilla Browser 1.0.1
cpe:/a:netscape:navigator:6.2.1Netscape Netscape 6.2.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1308
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1308
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200211-070
(官方数据源) CNNVD

- 其它链接及资源

http://bugzilla.mozilla.org/show_bug.cgi?id=157646
(UNKNOWN)  MISC  http://bugzilla.mozilla.org/show_bug.cgi?id=157646
http://marc.info/?l=bugtraq&m=103730181813075&w=2
(UNKNOWN)  BUGTRAQ  20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.
http://www.redhat.com/support/errata/RHSA-2003-162.html
(UNKNOWN)  REDHAT  RHSA-2003:162
http://www.redhat.com/support/errata/RHSA-2003-163.html
(UNKNOWN)  REDHAT  RHSA-2003:163
http://www.securityfocus.com/bid/6185
(UNKNOWN)  BID  6185
http://xforce.iss.net/xforce/xfdb/10636
(VENDOR_ADVISORY)  XF  mozilla-netscape-jar-bo(10636)

- 漏洞信息

Netscape/Mozilla JAR远程堆破坏漏洞
高危 边界条件错误
2002-11-29 00:00:00 2005-05-16 00:00:00
远程  
        
        Netscape/Mozilla是流行的WEB浏览器。
        Netscape/Mozilla使用的JAR URI处理器对包含在JAR文件中非法文件长度信息缺少检查,远程攻击者可以利用这个漏洞使浏览器产生基于堆的破坏,可能以用户进程的权限在系统上执行任意指令。
        攻击者可以构建包含恶意JAR文件,包含非法文件长度信息,当客户端浏览器尝试解压缩恶意JAR文件时,非法的值就被用于分配过多的缓冲区空间,而浏览器本身没有对此操作进行充分的缓冲区边界检查,如果过多的数据被解压缩可导致发生基于堆的破坏,精心构建提交数据可能以用户进程的权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        Mozilla
        -------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.mozilla.org/

        Netscape
        --------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.netscape.com

- 漏洞信息

14202
Multiple Browser Malformed .jar Decompression Overflow
Local / Remote Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-11-14 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Netscape/Mozilla JAR Remote Heap Corruption Vulnerability
Boundary Condition Error 6185
Yes No
2002-11-14 12:00:00 2009-07-11 07:16:00
Discovery of vulnerability is credited to zen-parse.

- 受影响的程序版本

SGI ProPack 2.3
SGI ProPack 2.2.1
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 2.1
Netscape Netscape 7.0
Netscape Netscape 6.2.3
Netscape Netscape 6.2.2
Netscape Netscape 6.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Netscape Netscape 6.2
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
Mozilla Browser 1.1
Mozilla Browser 1.0.2
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Enterprise Linux WS 2.1
+ Sun Linux 5.0.7
Mozilla Browser 1.0.1
Mozilla Browser 1.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
Mozilla Browser 0.9.9
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
Mozilla Browser 0.9.8
- Apple Mac OS 9 9.2.2
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows XP 0
Mozilla Browser 0.9.7
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows XP 0
Mozilla Browser 0.9.6
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Be BeOS 5.0
- Be BeOS 5.0
- BSDI BSD/OS 4.2
- BSDI BSD/OS 4.2
- Compaq OpenVMS 7.3 Alpha
- Compaq OpenVMS 7.3 Alpha
- Compaq OpenVMS 7.2 -2 Alpha
- Compaq OpenVMS 7.2 -2 Alpha
- Compaq OpenVMS 7.1 -2 Alpha
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 4.0
- IBM AIX 4.3.3
- IBM AIX 4.3.3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0
- RedHat Linux 6.0
- SGI IRIX 6.5
- SGI IRIX 6.5
- Sun Solaris 2.8
- Sun Solaris 2.8
- Sun Solaris 2.7
- Sun Solaris 2.7

- 漏洞讨论

A vulnerability has been discovered in the JAR URI handler used by Netscape and Mozilla. By constructing a malformed JAR file containing invalid file length information, it is possible to cause heap corruption in a vulnerable browser.

When a client browser attempts to decompress a malicious JAR file, invalid values will be used to allocate buffer space for the inflated data. As there are no checks to prevent this, an overrun condition in the heap may occur if excessive data is decompressed.

- 漏洞利用

CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

- 解决方案

Red Hat has released a security advisory (RHSA-2003:163-11) to address this issue in Red Hat enterprise Linux. Customers who are potentially affected by this vulnerability are advised to download and apply the appropriate fix as soon as possible. These fixes are available on the Red Hat Network, further information regarding obtaining and applying appropriate fixes is available in the referenced advisory.

Sun have made fixes available to address this issue in Sun Linux 5.0.7. Fixes are linked below.

Red Hat has released an updated advisory RHSA-2003:162-02 to address this issue. See referenced advisory for additional details regarding obtaining and applying fixes.

Red Hat has released advisory RHSA-2003:162-01 to address this issue. See referenced advisory for additional details.

Red Hat has released a security advisory (RHSA-2003-163) including fixes to address this issue in Advanced Workstation and Enterprise server releases. Fixes are available via the Red Hat Network (http://rhn.redhat.com). Further details can be found in the referenced advisory.


Mozilla Browser 0.9.9

SGI ProPack 2.2.1

SGI ProPack 2.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站