CVE-2004-0623
CVSS10.0
发布时间 :2004-12-06 00:00:00
修订时间 :2016-10-17 22:46:59
NMCOPS    

[原文]Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.


[CNNVD]GNU GNATS Syslog()远程格式串漏洞(CNNVD-200412-041)

        GNATS是一款GNU漏洞、缺陷跟踪系统。
        GNU GNATS 4.00版本的日志记录函数中存在格式串问题,远程攻击者可以利用这个漏洞以进程权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:gnu:gnats:3.113.1GNU GNATS 3.113.1
cpe:/a:gnu:gnats:3.113.1.6
cpe:/a:gnu:gnats:3.14b
cpe:/a:gnu:gnats:3.2GNU GNATS 3.2
cpe:/a:gnu:gnats:3.113GNU GNATS 3.113
cpe:/a:gnu:gnats:4.0GNU GNATS 4.0
cpe:/a:gnu:gnats:3.0_02

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0623
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0623
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-041
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108820000823191&w=2
(UNKNOWN)  BUGTRAQ  20040625 format string vulnerability in Gnats
http://www.securityfocus.com/bid/10609
(VENDOR_ADVISORY)  BID  10609
http://xforce.iss.net/xforce/xfdb/16517
(VENDOR_ADVISORY)  XF  gnats-format-string(16517)

- 漏洞信息

GNU GNATS Syslog()远程格式串漏洞
危急 输入验证
2004-12-06 00:00:00 2012-12-07 00:00:00
远程  
        GNATS是一款GNU漏洞、缺陷跟踪系统。
        GNU GNATS 4.00版本的日志记录函数中存在格式串问题,远程攻击者可以利用这个漏洞以进程权限在系统上执行任意指令。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 在gnats/misc.c中把如下行:
        syslog (severity, buf);
        更改为:
        syslog (severity, "", buf);
        厂商补丁:
        GNU
        ---
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.gnu.org/software/gnats/

- 漏洞信息 (F34986)

dsa-590.txt (PacketStormID:F34986)
2004-11-10 00:00:00
 
advisory,arbitrary
linux,debian
CVE-2004-0623
[点击下载]

Debian Security Advisory 590-1 - Khan Shirani discovered a format string vulnerability in gnats, the GNU problem report management system. This problem may be exploited to execute arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 590-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 9th, 2004                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gnats
Vulnerability  : format string vulnerability
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0623
BugTraq ID     : 10609
Debian Bug     : 278577

Khan Shirani discovered a format string vulnerability in gnats, the
GNU problem report management system.  This problem may be exploited
to execute arbitrary code.

For the stable distribution (woody) this problem has been fixed in
version 3.999.beta1+cvs20020303-2.

For the unstable distribution (sid) this problem has been fixed in
version 4.0-7.

We recommend that you upgrade your gnats package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2.dsc
      Size/MD5 checksum:      572 a50e8e6bcea84deb584a0427bfdbc96d
    http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2.tar.gz
      Size/MD5 checksum:  1570021 b0f7f28328e21a7ce35e3315bf2bca0b

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_alpha.deb
      Size/MD5 checksum:  1050882 f604c53e94753708ff44e533c39c43e2
    http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_alpha.deb
      Size/MD5 checksum:   685026 6185e02fc2775180bf2c5ec11239b69a

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_arm.deb
      Size/MD5 checksum:   880912 3d2662f156e638cd1a52fd609dcab941
    http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_arm.deb
      Size/MD5 checksum:   602334 8fa0573e4f85c9363d53c6020b88ddd9

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_i386.deb
      Size/MD5 checksum:   866718 341223ed8802f9db37d635f885aeea18
    http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_i386.deb
      Size/MD5 checksum:   592452 d02b91bae6efc9628aab7d53236c6a7b

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_ia64.deb
      Size/MD5 checksum:  1242616 2365d9b58be38a9ab75550c14aa021c0
    http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_ia64.deb
      Size/MD5 checksum:   778954 72a9110a68fbba73b5c8ed6427ce18df

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_hppa.deb
      Size/MD5 checksum:   983490 b5f6d8bbff6ac02830b01a4e02284e75
    http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_hppa.deb
      Size/MD5 checksum:   652166 7c5057561328f30ec1177054ed57e638

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_m68k.deb
      Size/MD5 checksum:   822588 a539353ebf28be0523f808c1e1a4ca64
    http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_m68k.deb
      Size/MD5 checksum:   572790 472ed96d0bbbc993e0321af5d83bf394

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_mips.deb
      Size/MD5 checksum:   975242 e11de0c1cc6e7e85321411cd1066602a
    http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_mips.deb
      Size/MD5 checksum:   644922 85b1d1e6146c3bcdc655f1d120fc3361

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_mipsel.deb
      Size/MD5 checksum:   973682 aaf838802193112d9ec2ffaeec9ef65f
    http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_mipsel.deb
      Size/MD5 checksum:   645350 6cc250414c90dc14ffebce38846c3cf7

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_powerpc.deb
      Size/MD5 checksum:   909244 51c380ca38ba98a93312edfb99431da7
    http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_powerpc.deb
      Size/MD5 checksum:   614968 dcb3e1db579471f1dabc73d8a75b52ac

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_s390.deb
      Size/MD5 checksum:   895272 649ee321f435ee1340f854387fa66c67
    http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_s390.deb
      Size/MD5 checksum:   607174 2993bb4ebe7845926dee6641362569f2

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gnats/gnats_3.999.beta1+cvs20020303-2_sparc.deb
      Size/MD5 checksum:   898306 602f6382b3bef02e9d4e2a8009c46212
    http://security.debian.org/pool/updates/main/g/gnats/gnats-user_3.999.beta1+cvs20020303-2_sparc.deb
      Size/MD5 checksum:   608376 3f6bab03dd22a70e2007f1cb16f7b996


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBkOdYW5ql+IAeqTIRAuXrAJ9DhxYBMhOGkoeGSNH4SABTsSnSVACfWTam
vhOieU/C/dfKFmxKpkEIlp8=
=hhzi
-----END PGP SIGNATURE-----

    

- 漏洞信息

11622
GNATS log_msg() Function Remote Format String
Remote / Network Access, Local / Remote, Context Dependent Input Manipulation
Loss of Integrity

- 漏洞描述

GNATS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to a format string condition in the logging functions. With a specially formatted request that is passed to $SYSLOG, a remote attacker could execute command with the privilege of the GNATS process.

- 时间线

2004-06-25 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 4.0.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

GNU GNATS Syslog() Format String Vulnerability
Input Validation Error 10609
Yes No
2004-06-25 12:00:00 2009-07-12 05:16:00
Khan Shirani <khan_shirani@yahoo.com> disclosed this vulnerability.

- 受影响的程序版本

GNU GNATS 4.0
GNU GNATS 3.999
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Debian Linux 3.0
GNU GNATS 3.113.1
GNU GNATS 3.113 .1_6
GNU GNATS 3.113
GNU GNATS 3.14 b
GNU GNATS 3.2
GNU GNATS 3.0 02

- 漏洞讨论

It is reported that GNU GNATS contains a format string vulnerability in its logging function.

GNATS has the ability to log to various files: stderr, syslog() or a file.

If an attacker devises a method of controlling the arguments to the logging function, they would be able to read or write arbitrary locations in memory. Code execution could be possible.

GNU GNATS version 4.0 is reported vulnerable. Other version may also be affected.

NOTE: It has been reported that this issue is not exploitable due the application never passing user-supplied data to the affected formatted printing function. This is not verified, however, if it the case this issue is not exploitable. This BID will be updated when more information becomes available.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Debian has released an advisory (DSA 590-1) to address this issue. Please see the referenced advisory for more information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


GNU GNATS 3.999

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站