CVE-2002-1519
CVSS10.0
发布时间 :2003-04-02 00:00:00
修订时间 :2008-09-05 16:30:48
NMCOS    

[原文]Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter.


[CNNVD]WatchGuard Firebox VClass CLI远程格式串溢出漏洞(CNNVD-200304-012)

        
        WatchGuard Firebox VClass是WatchGuard Technologies公司推出Firebox Vclass防火墙,Vclass采用专为用户设计的安全ASIC以及先进的安全软件。
        Firebox VClass的CLI接口对用户提供的密码数据缺少正确检查,远程攻击者可以利用这个漏洞进行格式串溢出攻击。
        Firebox VClass的CLI(命令行借口)程序对用户提供的密码数据缺少检查,远程攻击者可以提交包含恶意格式字符串的数据作为密码发送给Vclass的CLI,可导致覆盖内存任意地址,精心构建提交数据可能以管理员权限在系统上执行任意指令。不过没有得到证实。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/h:watchguard:firebox:v80
cpe:/h:rapidstream:rapidstream:4000
cpe:/h:rapidstream:rapidstream:6000
cpe:/h:rapidstream:rapidstream:500
cpe:/h:watchguard:firebox:v10
cpe:/h:rapidstream:rapidstream:8000
cpe:/h:rapidstream:rapidstream:2000
cpe:/h:watchguard:firebox:v60
cpe:/h:watchguard:firebox:v100

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1519
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1519
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200304-012
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/5814
(VENDOR_ADVISORY)  BID  5814
http://www.iss.net/security_center/static/10217.php
(VENDOR_ADVISORY)  XF  firebox-vclass-cli-format-string(10217)
http://www.osvdb.org/4924
(UNKNOWN)  OSVDB  4924
http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html
(UNKNOWN)  BUGTRAQ  20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances
http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html
(UNKNOWN)  BUGTRAQ  20020926 Watchguard firewall appliances security issues

- 漏洞信息

WatchGuard Firebox VClass CLI远程格式串溢出漏洞
危急 输入验证
2003-04-02 00:00:00 2005-05-13 00:00:00
远程  
        
        WatchGuard Firebox VClass是WatchGuard Technologies公司推出Firebox Vclass防火墙,Vclass采用专为用户设计的安全ASIC以及先进的安全软件。
        Firebox VClass的CLI接口对用户提供的密码数据缺少正确检查,远程攻击者可以利用这个漏洞进行格式串溢出攻击。
        Firebox VClass的CLI(命令行借口)程序对用户提供的密码数据缺少检查,远程攻击者可以提交包含恶意格式字符串的数据作为密码发送给Vclass的CLI,可导致覆盖内存任意地址,精心构建提交数据可能以管理员权限在系统上执行任意指令。不过没有得到证实。
        

- 公告与补丁

        厂商补丁:
        WatchGuard
        ----------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        RapidStream RapidStream 8000:
        WatchGuard Hotfix RS-32-hotfix-2.rsu
        RS_s0ftware@ftp.watchguard.com/RSSA_302/Vcontroller_32/32_HF2_6000_8000/RS-32-hotfix-2.rsu" target="_blank">ftp://RSSA:RS_s0ftware@ftp.watchguard.com/RSSA_302/Vcontroller_32/32_HF2_6000_8000/RS-32-hotfix-2.rsu
        WatchGuard Hotfix RS-302-HotFix-31.rsu
        RS_s0ftware@ftp.watchguard.com/RSSA_302/RSSA-302-HotFix-31/RS-302-HotFix-31.rsu" target="_blank">ftp://RSSA:RS_s0ftware@ftp.watchguard.com/RSSA_302/RSSA-302-HotFix-31/RS-302-HotFix-31.rsu
        RapidStream RapidStream 6000:
        WatchGuard Hotfix RS-32-hotfix-2.rsu
        RS_s0ftware@ftp.watchguard.com/RSSA_302/Vcontroller_32/32_HF2_6000_8000/RS-32-hotfix-2.rsu" target="_blank">ftp://RSSA:RS_s0ftware@ftp.watchguard.com/RSSA_302/Vcontroller_32/32_HF2_6000_8000/RS-32-hotfix-2.rsu
        WatchGuard Hotfix RS-302-HotFix-31.rsu
        RS_s0ftware@ftp.watchguard.com/RSSA_302/RSSA-302-HotFix-31/RS-302-HotFix-31.rsu" target="_blank">ftp://RSSA:RS_s0ftware@ftp.watchguard.com/RSSA_302/RSSA-302-HotFix-31/RS-302-HotFix-31.rsu
        RapidStream RapidStream 500:
        WatchGuard Hotfix RS-32-hotfix-2-500.rsu
        RS_s0ftware@ftp.watchguard.com/RSSA_500/Vclass-32_HotFix2/RS-32-hotfix-2-500.rsu" target="_blank">ftp://RSSA:RS_s0ftware@ftp.watchguard.com/RSSA_500/Vclass-32_HotFix2/RS-32-hotfix-2-500.rsu
        RapidStream RapidStream 4000:
        WatchGuard Hotfix RS-32-hotfix-2-2000.rsu
        RS_s0ftware@ftp.watchguard.com/RSSA_302/Vcontroller_32/32_HF2_2000_4000/RS-32-hotfix-2-2000.rsu" target="_blank">ftp://RSSA:RS_s0ftware@ftp.watchguard.com/RSSA_302/Vcontroller_32/32_HF2_2000_4000/RS-32-hotfix-2-2000.rsu
        WatchGuard Hotfix RS-302-HotFix-31.rsu
        RS_s0ftware@ftp.watchguard.com/RSSA_302/RSSA-302-HotFix-31/RS-302-HotFix-31.rsu" target="_blank">ftp://RSSA:RS_s0ftware@ftp.watchguard.com/RSSA_302/RSSA-302-HotFix-31/RS-302-HotFix-31.rsu
        RapidStream RapidStream 2000:
        WatchGuard Hotfix RS-32-hotfix-2-2000.rsu
        RS_s0ftware@ftp.watchguard.com/RSSA_302/Vcontroller_32/32_HF2_2000_4000/RS-32-hotfix-2-2000.rsu" target="_blank">ftp://RSSA:RS_s0ftware@ftp.watchguard.com/RSSA_302/Vcontroller_32/32_HF2_2000_4000/RS-32-hotfix-2-2000.rsu
        WatchGuard Hotfix RS-302-HotFix-31.rsu
        RS_s0ftware@ftp.watchguard.com/RSSA_302/RSSA-302-HotFix-31/RS-302-HotFix-31.rsu" target="_blank">ftp://RSSA:RS_s0ftware@ftp.watchguard.com/RSSA_302/RSSA-302-HotFix-31/RS-302-HotFix-31.rsu
        如何获得补丁:
        * 如果你是Vclass产品LiveSecurity的订阅者,通过LiveSecurity web站点<https://www3.watchguard.com/archive/softwarecenter.asp>获得补丁,其中也包含清楚完整的安装指南。
        * 如果你拥有legacy RSSA设备,已经注册你的产品信息到RASS支持联系中心,并升级了Vclass软件,请访问Legacy RSSA软件下载中心<
        http://watchguard.com/vars/rssa.asp>。

        * 如果你拥有legacy RSSA设备,但没有升级Vclass软件,你可以下载兼容你当前软件的补丁程序和从Legacy RSSA软件下载中心<
        http://watchguard.com/vars/rssa.asp>提供的发行备注拷贝。

        * 如果你拥有legacy RSSA设备,但没有标准或者金牌RSSA支持商,通过联系watchGuard支持管理部门注册或者你的RSSA产品。联系方式:
        从星期一到星期五,太平洋时间(PST/PDT, GMT -8/-7)从早上6点到晚上6点,联系电话为+1.206.521.3575。或者通过EMAIL'supportid@watchguard.com'进行联系。请注意当你联系和认证自己为"RapidStream RSSA customer."的时候提供你产品的序列号。

- 漏洞信息

4924
WatchGuard FireBox Vclass/RSSA Login Format Strings
Remote / Network Access, Local / Remote, Context Dependent Input Manipulation
Loss of Integrity

- 漏洞描述

A remote format strings vulnerability exists in Watchguard RapidStream and Firebox products. The RapidStream and Firebox appliances fail to validate user suplied input uppon the login process resulting in a format strings issue on the binary that handles authentication. With a specially crafted request, an attacker can cause the appliance to execute arbitrary code resulting in a loss of integrity, and/or availability.

- 时间线

2002-09-27 2002-08-22
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Rapid Response Team has released RS-302-HotFix-31 for 3.02 SP2 and Hotfix 2 for 3.2 SP1a to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

WatchGuard Firebox VClass CLI Interface Format String Vulnerability
Input Validation Error 5814
Yes No
2002-09-27 12:00:00 2009-07-11 05:06:00
Discovery of this vulnerability credited to Joao Gouveia <tharbad@kaotik.org>.

- 受影响的程序版本

WatchGuard Firebox V80
WatchGuard Firebox V60
WatchGuard Firebox V100
WatchGuard Firebox V10
RapidStream RapidStream 8000
RapidStream RapidStream 6000
RapidStream RapidStream 500
RapidStream RapidStream 4000
RapidStream RapidStream 2000

- 漏洞讨论

A format string vulnerability has been reported for the Firebox Vclass and legacy RSSA line of security appliances. The vulnerability is due to inadequate checking of user-supplied input for passwords in the CLI (command line interface) binary. A remote attacker is able to supply a password comprised of malicious format specifiers. This may result in memory being overwritten by remote attackers, possibly to execute arbitrary code. Any attacker-supplied code will executed with root privileges.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

The vendor has released hotfixes which resolve this issue. Further details are available in the respective release notes and referenced BugTraq message:


RapidStream RapidStream 2000

RapidStream RapidStream 6000

RapidStream RapidStream 500

RapidStream RapidStream 4000

RapidStream RapidStream 8000

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站