CVE-2003-0485
CVSS4.6
发布时间 :2003-08-07 00:00:00
修订时间 :2016-10-17 22:34:28
NMCOS    

[原文]Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows attackers to execute arbitrary code via source code containing a long, invalid data type.


[CNNVD]Progress 4GL Compiler Datatype本地缓冲区溢出漏洞(CNNVD-200308-012)

        
        Progress 4GL Compiler是Progress应用程序编译器。
        Progress 4GL编译器在编译.p文件时不正确处理用户定义的数据类型,本地攻击者可以利用这个漏洞触发缓冲区溢出,可能以高权限用户执行任意指令。
        一般一个合法的数据类型为"char", "integer", "date"等,当编译器尝试解析非法数据类型时会显示如下信息:
        ** Invalid datatype -- sample types are: char, integer, date, logical (222)
        ** overflow.p Could not understand line 1. (196)
        在显示信息后,用户按空格键会退出。
        如果非法数据类型超过364字符,编译器由于不正确使用memmove()函数,会导致段错误。如下面的数据类型:
        def var andrew as AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
        AAAAAAAAAAAA00001111
        上面的0000就会覆盖EBP,1111会覆盖EIP。
        精心构建非法数据类型,并诱使其他用户使用编译器处理.p文件,就可能以其他用户权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0485
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0485
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200308-012
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=105613243117155&w=2
(UNKNOWN)  BUGTRAQ  20030620 SRT2003-06-20-1232 - Progress 4GL Compiler datatype overflow
http://www.securityfocus.com/bid/7997
(VENDOR_ADVISORY)  BID  7997

- 漏洞信息

Progress 4GL Compiler Datatype本地缓冲区溢出漏洞
中危 缓冲区溢出
2003-08-07 00:00:00 2005-10-20 00:00:00
本地  
        
        Progress 4GL Compiler是Progress应用程序编译器。
        Progress 4GL编译器在编译.p文件时不正确处理用户定义的数据类型,本地攻击者可以利用这个漏洞触发缓冲区溢出,可能以高权限用户执行任意指令。
        一般一个合法的数据类型为"char", "integer", "date"等,当编译器尝试解析非法数据类型时会显示如下信息:
        ** Invalid datatype -- sample types are: char, integer, date, logical (222)
        ** overflow.p Could not understand line 1. (196)
        在显示信息后,用户按空格键会退出。
        如果非法数据类型超过364字符,编译器由于不正确使用memmove()函数,会导致段错误。如下面的数据类型:
        def var andrew as AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
        AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
        AAAAAAAAAAAA00001111
        上面的0000就会覆盖EBP,1111会覆盖EIP。
        精心构建非法数据类型,并诱使其他用户使用编译器处理.p文件,就可能以其他用户权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        Progress
        --------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.progress.com

- 漏洞信息

2187
Progress 4GL Application Compiler Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

The Progress 4GL Application Compiler on Windows and Unix platforms contains a buffer overflow in the processing of user-defined data types when compiling .p Progress files. This could allow commands to be executed by the user executing the compiler.

- 时间线

2003-06-20 Unknow
Unknow Unknow

- 解决方案

Upgrade to the latest version of the compiler available from the vendor. If unable to upgrade as a work around, do not compile .p files from unknown sources or without properly reviewing the code.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Progress 4GL Compiler Datatype Buffer Overflow Vulnerability
Boundary Condition Error 7997
No Yes
2003-06-20 12:00:00 2009-07-11 10:06:00
This vulnerability was reported by KF <dotslash@snosoft.com>.

- 受影响的程序版本

Progress 4GL Compiler 9.1 D06

- 漏洞讨论

A vulnerability has been discovered in the Progress 4GL Compiler. The problem lies in the processing of user-defined data types when compiling .p Progress files. A defined data type with a width of excessive size may trigger a buffer overrun within the compiler, effectively corrupting adjacent process memory.

This vulnerability may ultimately be exploited to execute arbitrary code with the privileges of the user invoking the compiler.

- 漏洞利用

SnoSoft has announced that they have a working exploit for this issue, however it has not been made publically available.

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Although unconfirmed by Symantec, it has been reported that the vendor will address this vulnerability in release 10.0.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站