CVE-2003-0933
CVSS4.6
发布时间 :2003-12-01 00:00:00
修订时间 :2008-09-10 15:20:57
NMCOS    

[原文]Buffer overflow in conquest 7.2 and earlier may allow a local user to execute arbitrary code via a long environment variable.


[CNNVD]Conquest未明本地环境变量缓冲区溢出漏洞(CNNVD-200312-017)

        
        conquest是一款实时多人可玩的星球大战游戏。
        conquest没有正确处理环境变量值,本地攻击者可以利用这个漏洞提升权限。
        目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0933
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0933
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200312-017
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2003/dsa-398
(VENDOR_ADVISORY)  DEBIAN  DSA-398

- 漏洞信息

Conquest未明本地环境变量缓冲区溢出漏洞
中危 边界条件错误
2003-12-01 00:00:00 2005-10-20 00:00:00
本地  
        
        conquest是一款实时多人可玩的星球大战游戏。
        conquest没有正确处理环境变量值,本地攻击者可以利用这个漏洞提升权限。
        目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        Debian
        ------
        Debian已经为此发布了一个安全公告(DSA-398-1)以及相应补丁:
        DSA-398-1:New conquest packages fix local conquest exploit
        链接:
        http://www.debian.org/security/2003/dsa-398

        补丁下载:
        Source archives:
        
        http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1.dsc

        Size/MD5 checksum: 606 89c7be20d34d9176d18eb51f28c7806e
        
        http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1.diff.gz

        Size/MD5 checksum: 32749 27d90e0b6719579833cb064a2b70dcdb
        
        http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1.orig.tar.gz

        Size/MD5 checksum: 255029 c02891f6c0c4b8c73a82c1c8185e3025
        Alpha architecture:
        
        http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_alpha.deb

        Size/MD5 checksum: 366064 b6d212bd4a4880488195d47002e66981
        ARM architecture:
        
        http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_arm.deb

        Size/MD5 checksum: 227160 42399fea69c68ce63890e63b1b6c00ef
        Intel IA-32 architecture:
        
        http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_i386.deb

        Size/MD5 checksum: 228846 f03fd6daf700e6f3bf8def68eff30d72
        Intel IA-64 architecture:
        
        http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_ia64.deb

        Size/MD5 checksum: 402110 ffbff5ca106ee2d41b28aa15e61f74ce
        HP Precision architecture:
        
        http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_hppa.deb

        Size/MD5 checksum: 260870 1348a3b191e52a84302ee6304654007f
        Motorola 680x0 architecture:
        
        http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_m68k.deb

        Size/MD5 checksum: 215282 02fc3e118af479c039dde99cf400dac7
        Big endian MIPS architecture:
        
        http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_mips.deb

        Size/MD5 checksum: 277570 a538cc763893262f56dbcc247d63f75f
        Little endian MIPS architecture:
        
        http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_mipsel.deb

        Size/MD5 checksum: 275324 ca3d4e2831592b7a0a9b302845895699
        PowerPC architecture:
        
        http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_powerpc.deb

        Size/MD5 checksum: 267460 6c14f9505b9a70a26b251086fb0a4283
        IBM S/390 architecture:
        
        http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_s390.deb

        Size/MD5 checksum: 241432 f427b9ce0febfe66370b773c84e30a2e
        Sun Sparc architecture:
        
        http://security.debian.org/pool/updates/main/c/conquest/conquest_7.1.1-6woody1_sparc.deb

        Size/MD5 checksum: 302096 50f45c32dc171f547ade2d0439e3ebe0
        补丁安装方法:
        1. 手工安装补丁包:
         首先,使用下面的命令来下载补丁软件:
         # wget url (url是补丁下载链接地址)
         然后,使用下面的命令来安装补丁:
         # dpkg -i file.deb (file是相应的补丁名)
        2. 使用apt-get自动安装补丁包:
         首先,使用下面的命令更新内部数据库:
         # apt-get update
        
         然后,使用下面的命令安装更新软件包:
         # apt-get upgrade

- 漏洞信息

8333
Conquest Environment Variable Overflow
Local Access Required Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A local overflow exists in Conquest. In conf.c and conqlb.c there are several sprintf calls that read data from the HOME variable without checking the length resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code as the group that owns the conquest executable (conquest is installed SGID) resulting in a loss of integrity, and/or availability.

- 时间线

1998-03-16 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 8.0 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): apply the patch from the Debian project to 7.1.

- 相关参考

- 漏洞作者

- 漏洞信息

Conquest Unspecified Local Environment Variable Buffer Overflow Vulnerability
Boundary Condition Error 8996
No Yes
2003-11-10 12:00:00 2009-07-12 12:56:00
Discovery of this vulnerability has been credited to Steve Kemp.

- 受影响的程序版本

Conquest Conquest 7.1.1 -6
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha

- 漏洞讨论

A local buffer overrun vulnerability has been reported for conquest. The problem occurs due to insufficient bounds checking when parsing data contained in the user's environment. As a result, an attacker may be capable of controlling the execution flow of the conquest program and effectively executing arbitrary code with elevated privileges.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Debian has released an advisory (DSA 398-1) and fixes to address this issue. Affected users are advised to apply these fixes as soon as possible. Further information regarding obtaining and applying these fixes is available in the referenced advisory.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站