CVE-2004-0649
CVSS10.0
发布时间 :2004-08-06 00:00:00
修订时间 :2016-10-17 22:47:13
NMCOS    

[原文]Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitrary code.


[CNNVD]L2TPD Write_Packet Block基于BSS缓冲区溢出漏洞(CNNVD-200408-025)

        
        l2tpd是一个二层隧道协议守护进程,它基于RFC 2661。
        l2tpd存在基于BSS的缓冲区溢出问题,远程攻击者可以利用这个漏洞使应用程序崩溃。
        问题是由于应用程序不正确验证用户提供的字符串长度,攻击者至少可以利用这个漏洞使受影响的应用程序不稳定或崩溃。问题存在于control.c中的write_packet()函数中。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:l2tpd:l2tpd:0.69
cpe:/a:l2tpd:l2tpd:0.68
cpe:/a:l2tpd:l2tpd:0.65
cpe:/a:l2tpd:l2tpd:0.64
cpe:/a:l2tpd:l2tpd:0.67
cpe:/a:l2tpd:l2tpd:0.66
cpe:/a:l2tpd:l2tpd:0.63
cpe:/a:l2tpd:l2tpd:0.62
cpe:/o:gentoo:linux:1.4Gentoo Linux 1.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0649
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0649
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-025
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108640917925735&w=2
(UNKNOWN)  BUGTRAQ  20040604 bss-based buffer overflow in l2tpd
http://security.gentoo.org/glsa/glsa-200407-17.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200407-17
http://www.debian.org/security/2004/dsa-530
(VENDOR_ADVISORY)  DEBIAN  DSA-530
http://xforce.iss.net/xforce/xfdb/16326
(VENDOR_ADVISORY)  XF  l2tpd-writepacket-bo(16326)

- 漏洞信息

L2TPD Write_Packet Block基于BSS缓冲区溢出漏洞
危急 边界条件错误
2004-08-06 00:00:00 2005-10-20 00:00:00
远程  
        
        l2tpd是一个二层隧道协议守护进程,它基于RFC 2661。
        l2tpd存在基于BSS的缓冲区溢出问题,远程攻击者可以利用这个漏洞使应用程序崩溃。
        问题是由于应用程序不正确验证用户提供的字符串长度,攻击者至少可以利用这个漏洞使受影响的应用程序不稳定或崩溃。问题存在于control.c中的write_packet()函数中。
        

- 公告与补丁

        厂商补丁:
        L2tpd
        -----
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.l2tpd.org

- 漏洞信息

6726
l2tpd control.c write_packet Function Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown Vendor Verified

- 漏洞描述

A remote overflow exists in l2tpd. The l2tpd program fails to check the boundary in the write_packet() function in control.c, resulting in a buffer overflow. By establishing an L2TP tunnel and then sending a specially crafted packet, a remote attacker can overflow a buffer, resulting in a loss of integrity.

- 时间线

2004-06-07 Unknow
2004-06-04 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

L2TPD Write_Packet Block BSS based Buffer Overflow Vulnerability
Boundary Condition Error 10466
Yes No
2004-06-04 12:00:00 2009-07-12 05:16:00
Disclosure of this issue is credited to Thomas Walpuski <thomas-bugtraq@unproved.org>.

- 受影响的程序版本

l2tpd l2tpd 0.69
l2tpd l2tpd 0.68
l2tpd l2tpd 0.67
+ Debian Linux 3.0
l2tpd l2tpd 0.66
l2tpd l2tpd 0.65
l2tpd l2tpd 0.64
l2tpd l2tpd 0.63
l2tpd l2tpd 0.62
Gentoo Linux 1.4

- 漏洞讨论

l2tpd is reportedly affected by a BSS (block started by symbol) based buffer overflow vulnerability. This issue is due to a failure of the application to properly validate user supplied string lengths.

This issue has been reported to be extremely difficult to exploit; code execution is extremely unlikely. This issue might be leveraged to cause the affected application to behave unpredictably and perhaps crash.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Debian has released security advisory DSA 530-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo has released advisory GLSA 200407-17 dealing with this issue. They have advised that users take the following actions and upgrade to the latest stable version:

# emerge sync

# emerge -pv ">=net-l2tpd-0.69-r2"
# emerge ">=net-l2tpd-0.69-r2"

For more information, please see the referenced Gentoo advisory.


l2tpd l2tpd 0.67

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站