CVE-2003-1067
CVSS7.2
发布时间 :2003-06-19 00:00:00
修订时间 :2014-01-16 21:39:35
NMCOS    

[原文]Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.


[CNNVD]多个Sun数据库函数缓冲区溢出漏洞(CNNVD-200306-111)

        
        Solaris是一款由Sun Microsystems公司开发和维护的商业性质UNIX操作系统。
        Sun的dbm_open()、ndbm()、dbm()和dbminit()库函数缺少正确的缓冲区边界检查,攻击者可以利用这些漏洞进行缓冲区溢出攻击,可以root权限在系统上执行任意指令。
        这些数据库函数在拷贝外部数据到内部内存缓冲区时存在问题,提供过多的数据可导致破坏内存敏感信息。Solaris Xsun应用程序就链接有此漏洞的库,精心利用此漏洞可能以root权限在系统上执行任意指令。
        <*链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55420
        *>

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:sun:solaris:8.0::x86
cpe:/o:sun:solaris:9.0::x86
cpe:/o:sun:solaris:7.0
cpe:/o:sun:solaris:2.6::x86
cpe:/o:sun:solaris:2.6
cpe:/o:sun:solaris:7.0::x86
cpe:/o:sun:solaris:8.0
cpe:/o:sun:solaris:9.0::sparc

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1067
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1067
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200306-111
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/12379
(VENDOR_ADVISORY)  XF  sun-database-functions-bo(12379)
http://www.securityfocus.com/bid/7991
(VENDOR_ADVISORY)  BID  7991
http://www.ciac.org/ciac/bulletins/n-108.shtml
(VENDOR_ADVISORY)  CIAC  N-108
http://sunsolve.sun.com/search/document.do?assetkey=1-26-55420-1
(VENDOR_ADVISORY)  SUNALERT  55420
http://secunia.com/advisories/9088/
(VENDOR_ADVISORY)  SECUNIA  9088
http://www.securityfocus.com/bid/64758
(UNKNOWN)  BID  64758
http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html
(UNKNOWN)  CONFIRM  http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html

- 漏洞信息

多个Sun数据库函数缓冲区溢出漏洞
高危 边界条件错误
2003-06-19 00:00:00 2005-10-20 00:00:00
远程※本地  
        
        Solaris是一款由Sun Microsystems公司开发和维护的商业性质UNIX操作系统。
        Sun的dbm_open()、ndbm()、dbm()和dbminit()库函数缺少正确的缓冲区边界检查,攻击者可以利用这些漏洞进行缓冲区溢出攻击,可以root权限在系统上执行任意指令。
        这些数据库函数在拷贝外部数据到内部内存缓冲区时存在问题,提供过多的数据可导致破坏内存敏感信息。Solaris Xsun应用程序就链接有此漏洞的库,精心利用此漏洞可能以root权限在系统上执行任意指令。
        <*链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F55420
        *>

- 公告与补丁

        厂商补丁:
        Sun
        ---
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        SPARC Platform
        Solaris 2.6:
        patche 105210-47
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105210&rev=47

        patche 105377-06
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105377&rev=06

        patche 105401-43
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105401&rev=43

        Solaris 7:
        patche 106541-22
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=106541&rev=22

        patche 106942-26
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=106541&rev=22

        patche 106949-03
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=106949&rev=03

        Solaris 8
        Patch 108827-24
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108827&rev=24

        Patch 108993-16
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108993&rev=16

        Patch 109152-02
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109152&rev=02

        Solari 9
        Patch 112874-01
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=112874&rev=01

        Patch 112922-02
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=112922&rev=02

        Patch 112922-02
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=112922&rev=02

        Patch 113319-10
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=113319&rev=10

        Patch 114569-02
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114569&rev=02

        Patch 114571-01
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114571&rev=01

        x86 Platform
        Solaris 2.6
        patche 105211-49
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105211&rev=49

        patche 105402-43
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=105402&rev=43

        Solaris 7
        patche 106542-22
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=106542&rev=22

        patche 106943-26
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=106943&rev=26

        patche 108828-25
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108828&rev=25

        patche 108994-16
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=108994&rev=16

        patche 114617-01
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114617&rev=01

        Solaris 9
        patche 113719-03
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=113719&rev=03

        patche 114570-01
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114570&rev=01

        patche 114715-01
        
        http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=114715&rev=01

- 漏洞信息

16004
Solaris dbm Multiple Function Local Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-06-19 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

RETIRED: Oracle Solaris CVE-2003-1067 Local Security Vulnerability
Unknown 64840
No Yes
2014-01-14 12:00:00 2014-01-16 12:21:00
Oracle

- 受影响的程序版本

- 漏洞讨论

Oracle Solaris is prone to a local security vulnerability.

The 'Localization (L10N)' sub component is affected.

This vulnerability affects the following supported versions:
8, 9

Note: This BID is being retired as a duplicate of BID 7991.

- 漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Updates are available. Please see the references or vendor advisory for more information.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站