CVE-2002-1363
CVSS7.5
发布时间 :2002-12-26 00:00:00
修订时间 :2008-09-10 15:14:24
NMCOS    

[原文]Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.


[CNNVD]Portable Network Graphics 任意脚本远程执行漏洞(CNNVD-200212-069)

        Portable Network Graphics (PNG) library libpng 1.2.5和较早的版本中存在漏洞,该漏洞源于没有正确的计算偏移量。远程攻击者利用该漏洞通过行缓冲区上的缓冲区溢出攻击,导致拒绝服务(崩溃)并执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:greg_roelofs:libpng:1.0.12
cpe:/a:greg_roelofs:libpng:1.2.3
cpe:/a:greg_roelofs:libpng:1.2.2
cpe:/a:greg_roelofs:libpng:1.0.6
cpe:/a:greg_roelofs:libpng:1.2.0
cpe:/a:greg_roelofs:libpng:1.0.8
cpe:/a:greg_roelofs:libpng:1.0.11
cpe:/a:greg_roelofs:libpng:1.0.5
cpe:/a:greg_roelofs:libpng:1.2.4
cpe:/a:greg_roelofs:libpng:1.0.7
cpe:/a:greg_roelofs:libpng:1.0.14
cpe:/a:greg_roelofs:libpng:1.0.13
cpe:/a:greg_roelofs:libpng:1.2.1
cpe:/a:greg_roelofs:libpng:1.0.9

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:3657Portable Network Graphics Library Offset Calculation Vulnerability
oval:org.mitre.oval:def:10083Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to caus...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1363
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1363
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200212-069
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2002/dsa-213
(VENDOR_ADVISORY)  DEBIAN  DSA-213
http://xforce.iss.net/xforce/xfdb/10925
(VENDOR_ADVISORY)  XF  libpng-file-offset-bo(10925)
https://bugzilla.fedora.us/show_bug.cgi?id=1943
(UNKNOWN)  FEDORA  FLSA:1943
http://www.securityfocus.com/bid/6431
(UNKNOWN)  BID  6431
http://www.redhat.com/support/errata/RHSA-2004-402.html
(UNKNOWN)  REDHAT  RHSA-2004:402
http://www.redhat.com/support/errata/RHSA-2004-249.html
(UNKNOWN)  REDHAT  RHSA-2004:249
http://www.redhat.com/support/errata/RHSA-2003-157.html
(UNKNOWN)  REDHAT  RHSA-2003:157
http://www.redhat.com/support/errata/RHSA-2003-119.html
(UNKNOWN)  REDHAT  RHSA-2003:119
http://www.redhat.com/support/errata/RHSA-2003-007.html
(UNKNOWN)  REDHAT  RHSA-2003:007
http://www.redhat.com/support/errata/RHSA-2003-006.html
(UNKNOWN)  REDHAT  RHSA-2003:006
http://www.novell.com/linux/security/advisories/2003_004_libpng.html
(UNKNOWN)  SUSE  SUSE-SA:2003:0004
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063
(UNKNOWN)  MANDRAKE  MDKSA-2004:063
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:008
(UNKNOWN)  MANDRAKE  MDKSA-2003:008

- 漏洞信息

Portable Network Graphics 任意脚本远程执行漏洞
高危 边界条件错误
2002-12-26 00:00:00 2012-11-30 00:00:00
本地  
        Portable Network Graphics (PNG) library libpng 1.2.5和较早的版本中存在漏洞,该漏洞源于没有正确的计算偏移量。远程攻击者利用该漏洞通过行缓冲区上的缓冲区溢出攻击,导致拒绝服务(崩溃)并执行任意代码。

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 把如下代码:
        - ---
         $loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid
        - ---
        更改为:
        - ---
         $loginname =~ s/\-session\-0.*$//; # Grab loginname from sessionid
         $loginname =~ s/[\.\/\;\|\'\"\`\&]//g;
        - ---
        厂商补丁:
        Open Webmail
        ------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        Open Webmail Patch Open Webmail Patch
        
        http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435

- 漏洞信息

7191
Portable Network Graphics Libraries libpng Row Buffer Overflow
Context Dependent Input Manipulation
Loss of Integrity Patch / RCS
Exploit Unknown Vendor Verified

- 漏洞描述

libpng contains an overflow condition in the handling of PNG files. The issue is triggered as user-supplied input is not properly sanitized when handling row buffers. With a specially crafted PNG file, a context-dependent attacker can cause a buffer overflow to cause a denial of service or potentially execute arbitrary code.

- 时间线

2002-12-14 Unknow
Unknow Unknow

- 解决方案

The vendor has released a patch to address this vulnerability. There are no known workarounds or upgrades to correct this issue. Check the vendor advisory, changelog, or solution in the references section for details.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

LibPNG Incorrect Offset Calculation Buffer Overflow Vulnerability
Boundary Condition Error 6431
No Yes
2002-12-19 12:00:00 2007-01-11 09:50:00
Discovery of this vulnerability credited to Glenn Randers-Pehrson.

- 受影响的程序版本

RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 2007.0 x86_64
Mandriva Linux Mandrake 2007.0
MandrakeSoft Corporate Server 4.0 x86_64
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 4.0
libpng libpng3 1.2.5
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
+ Red Hat Fedora Core1
+ Slackware Linux 10.0
+ Slackware Linux 9.1
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux 9.0
+ Slackware Linux -current
+ Slackware Linux -current
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
libpng libpng3 1.2.4
+ Conectiva Linux 8.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ S.u.S.E. Linux 8.1
libpng libpng3 1.2.3
libpng libpng3 1.2.2
+ RedHat Linux 8.0 i386
libpng libpng3 1.2.1
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Slackware Linux 8.1
libpng libpng3 1.2 .0
+ Conectiva Linux 8.0
libpng libpng 1.0.14
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.0 i386
+ RedHat Linux 6.2 i386
libpng libpng 1.0.13
libpng libpng 1.0.12
- Caldera OpenLinux Server 3.1.1
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1.1
- Caldera OpenLinux Workstation 3.1
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3
libpng libpng 1.0.11
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
libpng libpng 1.0.10
+ S.u.S.E. Linux 7.2
libpng libpng 1.0.9
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
libpng libpng 1.0.8
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 7.2
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
- Ximian GNOME 1.4
libpng libpng 1.0.7
libpng libpng 1.0.6
libpng libpng 1.0.5
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 7.1
libpng libpng 1.0
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Converged Communications Server 2.0
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.2.8
Apple Mac OS X 10.3.4
Apple Mac OS X 10.2.8
Apple Mac OS X Server 10.3.5
Apple Mac OS X 10.3.5

- 不受影响的程序版本

Apple Mac OS X Server 10.3.5
Apple Mac OS X 10.3.5

- 漏洞讨论

The libpng graphics library may incorrectly calculate some offsets when creating or modifying PNG files. This vulnerability has been reported when manipulating 16-bit samples from libpng.

Update: Further analysis by various vendors has revealed other occurrences of this issue. Fixes are available from various vendors.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.

- 解决方案

Fixes are available. Please see the referenced advisories for more information.


Mandriva Linux Mandrake 2007.0

MandrakeSoft Corporate Server 4.0

libpng libpng 1.0

libpng libpng 1.0.10

libpng libpng 1.0.11

libpng libpng 1.0.12

libpng libpng 1.0.13

libpng libpng 1.0.14

libpng libpng 1.0.5

libpng libpng 1.0.8

libpng libpng 1.0.9

libpng libpng3 1.2 .0

libpng libpng3 1.2.1

libpng libpng3 1.2.2

libpng libpng3 1.2.4

libpng libpng3 1.2.5

Mandriva Linux Mandrake 2006.0

MandrakeSoft Corporate Server 3.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站