CVE-2003-0672
CVSS7.5
发布时间 :2003-08-27 00:00:00
修订时间 :2008-09-10 15:20:05
NMCOS    

[原文]Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remote attackers to execute arbitrary code via the username that isp rovided during authentication, which is not properly handled when recording a log message.


[CNNVD]Pam-PGSQL用户名记录远程格式串处理漏洞(CNNVD-200308-200)

        
        pam-pgsql是一款用于PostgreSQL数据库接口的PAM认证模块。
        pam-pgsql不正确处理用户提交的用户名,当记录消息时可导致发生格式字符串问题。
        攻击者提交恶意格式字符串作为用户名给使用PAM验证的程序(如HTTP、SSH、telnet),用户名在随后的pam-pqsql记录日志的过程中会发生格式串处理问题,导致进程内存中的敏感信息被破坏 ,精心构建提交数据可能以使用PAM验证的进程权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:leon_j_breedt:pam-pgsql:0.5.2
cpe:/a:leon_j_breedt:pam-pgsql:0.5.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0672
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0672
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200308-200
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2003/dsa-370
(VENDOR_ADVISORY)  DEBIAN  DSA-370

- 漏洞信息

Pam-PGSQL用户名记录远程格式串处理漏洞
高危 输入验证
2003-08-27 00:00:00 2005-10-20 00:00:00
远程  
        
        pam-pgsql是一款用于PostgreSQL数据库接口的PAM认证模块。
        pam-pgsql不正确处理用户提交的用户名,当记录消息时可导致发生格式字符串问题。
        攻击者提交恶意格式字符串作为用户名给使用PAM验证的程序(如HTTP、SSH、telnet),用户名在随后的pam-pqsql记录日志的过程中会发生格式串处理问题,导致进程内存中的敏感信息被破坏 ,精心构建提交数据可能以使用PAM验证的进程权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        Debian
        ------
        
        http://www.debian.org/security/2003/dsa-370

- 漏洞信息

2384
pam-pgsql Username Format String
Local / Remote, Context Dependent Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-08-11 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Pam-PGSQL Username Logging Remote Format String Vulnerability
Input Validation Error 8379
Yes No
2003-08-09 12:00:00 2009-07-11 10:56:00
Discovery of this vulnerability has been credited to Florian Zumbiehl.

- 受影响的程序版本

Leon J Breedt pam-pgsql 0.5.2
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
- PostgreSQL PostgreSQL 6.5.3
- PostgreSQL PostgreSQL 6.5.3
- PostgreSQL PostgreSQL 6.3.2
- PostgreSQL PostgreSQL 6.3.2
Leon J Breedt pam-pgsql 0.5.1
- FreeBSD FreeBSD 4.4
- PostgreSQL PostgreSQL 6.5.3
- PostgreSQL PostgreSQL 6.5.3
- PostgreSQL PostgreSQL 6.3.2
- PostgreSQL PostgreSQL 6.3.2

- 漏洞讨论

pam-pgsql has been reported prone to a remote format string vulnerability.

It has been reported that a remote attacker may supply malicious format string specifiers as a username, to a program that is requesting PAM authentication (HTTP, SSH, telnet, etc). The username will be later processed, during logging procedures in pam-pgsql. This issue may be levered to corrupt memory and execute arbitrary code.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Debian has released a security advisory (DSA 370-1) to address this issue. Further information relating to obtaining and applying fixes can be found in the referenced advisory. Customers who are affected by this issue are advised to upgrade as soon as possible.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站