CVE-2002-1604
CVSS7.5
发布时间 :2002-09-02 00:00:00
修订时间 :2011-03-07 21:10:31
NMCOS    

[原文]Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to (1) csh, (2) dtsession, (3) dxsysinfo, (4) imapd, (5) inc, (6) uucp, (7) uux, (8) rdist, or (9) deliver.


[CNNVD]HP Tru64 NLSPATH环境变量本地缓冲区溢出漏洞(CNNVD-200209-002)

        HP Tru64 UNIX存在多个缓冲区溢出漏洞。本地和可能的远程攻击者借助到(1)csh,(2)dtsession,(3)dxsysinfo,(4)imapd,(5) inc,(6)uucp,(7) uux,(8)rdist, 或者(9)deliver的超长NLSPATH环境变量执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:hp:tru64:5.1HP Compaq Tru64 5.1
cpe:/o:hp:tru64:4.0gHP Tru64 4.0g
cpe:/o:hp:hp-ux:11.22HP-UX 11i v1.6
cpe:/o:hp:hp-ux:11.04HP HP-UX 11.04
cpe:/o:hp:tru64:4.0fHP Tru64 4.0f
cpe:/o:hp:hp-ux:11.00HP-UX 11.00
cpe:/o:hp:tru64:5.0aHP Tru64 5.0a
cpe:/o:hp:tru64:5.1aHP Tru64 5.1a
cpe:/o:hp:hp-ux:10.20HP HP-UX 10.20
cpe:/o:hp:hp-ux:11.11HP-UX 11.11

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1604
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-1604
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200209-002
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/846307
(VENDOR_ADVISORY)  CERT-VN  VU#846307
http://www.kb.cert.org/vuls/id/592515
(VENDOR_ADVISORY)  CERT-VN  VU#592515
http://www.kb.cert.org/vuls/id/584243
(VENDOR_ADVISORY)  CERT-VN  VU#584243
http://www.kb.cert.org/vuls/id/567963
(VENDOR_ADVISORY)  CERT-VN  VU#567963
http://www.kb.cert.org/vuls/id/531355
(VENDOR_ADVISORY)  CERT-VN  VU#531355
http://www.kb.cert.org/vuls/id/448987
(VENDOR_ADVISORY)  CERT-VN  VU#448987
http://www.kb.cert.org/vuls/id/437899
(VENDOR_ADVISORY)  CERT-VN  VU#437899
http://www.kb.cert.org/vuls/id/416427
(VENDOR_ADVISORY)  CERT-VN  VU#416427
http://www.kb.cert.org/vuls/id/158499
(VENDOR_ADVISORY)  CERT-VN  VU#158499
http://xforce.iss.net/xforce/xfdb/10016
(UNKNOWN)  XF  tru64-multiple-binaries-bo(10016)
http://www.securityfocus.com/archive/1/290115
(UNKNOWN)  BUGTRAQ  20020902 Happy Labor Day from Snosoft
http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_nlspath.txt
(UNKNOWN)  MISC  http://www.blacksheepnetworks.com/security/hack/tru64/TRU64_nlspath.txt
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
(UNKNOWN)  FULLDISC  20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
(UNKNOWN)  FULLDISC  20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
http://www.securityfocus.com/bid/5647
(UNKNOWN)  BID  5647
http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
(UNKNOWN)  HP  SSRT2275

- 漏洞信息

HP Tru64 NLSPATH环境变量本地缓冲区溢出漏洞
高危 缓冲区溢出
2002-09-02 00:00:00 2005-10-20 00:00:00
本地  
        HP Tru64 UNIX存在多个缓冲区溢出漏洞。本地和可能的远程攻击者借助到(1)csh,(2)dtsession,(3)dxsysinfo,(4)imapd,(5) inc,(6)uucp,(7) uux,(8)rdist, 或者(9)deliver的超长NLSPATH环境变量执行任意代码。

- 公告与补丁

        HP has released fixes for Tru64 UNIX/TruCluster systems. Note that appropriate patchkits must be applied.
        Compaq Tru64 4.0 g PK3 (BL17)
        
        Compaq Tru64 4.0 f PK7 (BL18)
        
        Compaq Tru64 5.0 a PK3 (BL17)
        
        Compaq Tru64 5.1 a PK2 (BL2)
        
        Compaq Tru64 5.1 PK5 (BL19)
        

- 漏洞信息

18176
HP Tru64 UNIX csh NLSPATH Environment Variable Local Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-09-02 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

HP Tru64 NLSPATH Environment Variable Local Buffer Overflow Vulnerability
Boundary Condition Error 5647
No Yes
2002-08-30 12:00:00 2009-07-11 03:56:00
These issues were initially published in a HP Security Bulletin. Discovery is credited to Snosoft.

- 受影响的程序版本

Compaq Tru64 5.1 a PK2 (BL2)
Compaq Tru64 5.1 a PK1 (BL1)
Compaq Tru64 5.1 a
Compaq Tru64 5.1 PK5 (BL19)
Compaq Tru64 5.1 PK4 (BL18)
Compaq Tru64 5.1 PK3 (BL17)
Compaq Tru64 5.1
Compaq Tru64 5.0 a PK3 (BL17)
Compaq Tru64 5.0 a
Compaq Tru64 5.0 PK4 (BL18)
Compaq Tru64 5.0 PK4 (BL17)
Compaq Tru64 4.0 g PK3 (BL17)
Compaq Tru64 4.0 g
Compaq Tru64 4.0 f PK7 (BL18)
Compaq Tru64 4.0 f PK6 (BL17)
Compaq Tru64 4.0 f
Compaq Digital Unix 4.0 f

- 漏洞讨论

Tru64 is a commercially available UNIX operating system. Tru64 was originally developed by Digital and is now distributed and maintained by HP.

A buffer overflow has been discovered in a number of Tru64 binaries. Attackers may exploit this via an overly long value for the NLSPATH environment variable. Because of this flaw, a local attacker may be able to execute arbitrary instructions. As a result, the attacker may be able to execute malicious code and elevate privileges.

- 漏洞利用

The following exploit was provided by stripey <stripey@snosoft.com>:

- 解决方案

HP has released fixes for Tru64 UNIX/TruCluster systems. Note that appropriate patchkits must be applied.


Compaq Tru64 4.0 g PK3 (BL17)

Compaq Tru64 4.0 f PK7 (BL18)

Compaq Tru64 5.0 a PK3 (BL17)

Compaq Tru64 5.1 a PK2 (BL2)

Compaq Tru64 5.1 PK5 (BL19)

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站