CVE-2004-0722
CVSS10.0
发布时间 :2004-08-18 00:00:00
修订时间 :2010-08-21 00:21:08
NMCOEPS    

[原文]Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.


[CNNVD]Mozilla SOAPParameter构造器远程整数溢出漏洞(CNNVD-200408-165)

        
        Netscape/Mozilla是流行的WEB浏览器。
        Netscape/Mozilla中的SOAPParameter对象构造器不正确输入验证,远程攻击者可以利用这个漏洞进行整数溢出攻击,可能以用户进程权限在系统上执行任意指令。
        问题存在于Netscape/Mozilla处理SOAP XML参数过程中,由于SOAPParameter对象构造器存在一个整数溢出,攻击者可以精心构建HTML文件,诱使目标用户解析,可能触发基于堆的溢出,以用户进程权限在系统上执行任意指令。
        

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:netscape:navigator:7.1Netscape Navigator 7.1
cpe:/a:mozilla:mozilla:1.6Mozilla Mozilla 1.6
cpe:/a:netscape:navigator:7.0Netscape Navigator 7.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9378Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versi...
oval:org.mitre.oval:def:4629Mozilla, Netscape SOAPParameter Integer Overflow
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0722
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0722
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-165
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/16862
(UNKNOWN)  XF  mozilla-netscape-soapparameter-bo(16862)
http://www.redhat.com/support/errata/RHSA-2004-421.html
(UNKNOWN)  REDHAT  RHSA-2004:421
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
(UNKNOWN)  SUSE  SUSE-SA:2004:036
http://bugzilla.mozilla.org/show_bug.cgi?id=236618
(UNKNOWN)  CONFIRM  http://bugzilla.mozilla.org/show_bug.cgi?id=236618
http://www.securityfocus.com/bid/15495
(UNKNOWN)  BID  15495
http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities
(UNKNOWN)  MISC  http://www.idefense.com/application/poi/display?id=117&type=vulnerabilities
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
(UNKNOWN)  SCO  SCOSA-2005.49

- 漏洞信息

Mozilla SOAPParameter构造器远程整数溢出漏洞
危急 未知
2004-08-18 00:00:00 2005-10-20 00:00:00
远程※本地  
        
        Netscape/Mozilla是流行的WEB浏览器。
        Netscape/Mozilla中的SOAPParameter对象构造器不正确输入验证,远程攻击者可以利用这个漏洞进行整数溢出攻击,可能以用户进程权限在系统上执行任意指令。
        问题存在于Netscape/Mozilla处理SOAP XML参数过程中,由于SOAPParameter对象构造器存在一个整数溢出,攻击者可以精心构建HTML文件,诱使目标用户解析,可能触发基于堆的溢出,以用户进程权限在系统上执行任意指令。
        

- 公告与补丁

        厂商补丁:
        Mozilla
        -------
        Mozilla 1.7.1已经修正此漏洞,建议用户下载使用:
        
        http://www.mozilla.org/products/mozilla1.x/

- 漏洞信息 (24346)

Mozilla 1.x and Netscape 7.0/7.1 SOAPParameter Integer Overflow Vulnerability (EDBID:24346)
linux dos
2004-08-02 Verified
0 zen-parse
N/A [点击下载]
source: http://www.securityfocus.com/bid/10843/info

It is reported that Mozilla and Netscape contain an integer overflow vulnerability in the SOAPParameter object constructor. This overflow may result in the corruption of critical heap memory structures, leading to possible remote code execution.

An attacker can exploit this issue by crafting a malicious web page and having unsuspecting users view the page in a vulnerable version of Mozilla or Netscape.

Netscape 7.0, 7.1, and versions of Mozilla prior to 1.7.1 are known to be vulnerable to this issue. Users of affected versions of Netscape are urged to switch to Mozilla 1.7.1 or later, as new versions of Netscape are not likely to appear.

var p=new Array(0x40000001);
var q=new SOAPParameter(p);		

- 漏洞信息 (F33953)

iDEFENSE Security Advisory 2004-08-02.t (PacketStormID:F33953)
2004-08-05 00:00:00
Zen-Parse,iDefense Labs  idefense.com
advisory,overflow,arbitrary,code execution
CVE-2004-0722
[点击下载]

iDEFENSE Security Advisory 08.02.04: Netscape version 7.0, 7.1, and Mozilla 1.6 are susceptible to a SOAPParameter constructor integer overflow vulnerability that can allow for arbitrary code execution running in the context of the user running the browser.

Netscape/Mozilla SOAPParameter Constructor Integer Overflow Vulnerability

iDEFENSE Security Advisory 08.02.04:

*I. BACKGROUND*

SOAP is an XML-based messaging protocol which defines a set of rules for
structuring messages, and can be used for web based applications.

*II. DESCRIPTION*

Improper input validation to the SOAPParameter object constructor in
Netscape and Mozilla allows execution of arbitrary code.

The SOAPParameter object's constructor contains an integer overflow
which allows controllable heap corruption.

A web page can be constructed to leverage this into remote execution of
arbitrary code.

*III. ANALYSIS*

Successful exploitation allows the remote attacker to execute arbitrary
code in the context of the user running the browser.

*IV. DETECTION*

Netscape version 7.0 and 7.1 have been confirmed to be vulnerable.
Mozilla 1.6 is also vulnerable to this issue. It is suspected that
earlier versions of both browsers may also be vulnerable.

Netscape 7.1 is the latest version of Netscape available. Netscape have
not released any information indicating they are intending to release
future versions of the Netscape browser, and no longer have any
developers working on this project.

The latest release of the Mozilla browser, 1.7.1, is not affected by
this vulnerability. The Mozilla browser may be considered as an
alternative to Netscape.

*V. WORKAROUNDS*

Disable Javascript in the browser.

Consider upgrading to the latest version of Mozilla.

*VI. VENDOR RESPONSE*

Mozilla 1.7.1 is available for download at:

http://www.mozilla.org/products/mozilla1.x/

*VII. CVE INFORMATION*

The Common Vulnerabilities and Exposures (CVE) project has assigned the
name CAN-2004-0722 to this issue. This is a candidate for inclusion in
the CVE list (http://cve.mitre.org <http://cve.mitre.org/>), which
standardizes names for
security problems.

*VIII. DISCLOSURE TIMELINE*

01/17/2004    Exploit acquired by iDEFENSE
03/05/2004    Bug sent to Netscape Security Bug form at
   http://cgi.netscape.com/cgi-bin/bug-security.cgi 
03/05/2004    Bug entered into bugzilla.mozilla.org
   http://bugzilla.mozilla.org/show_bug.cgi?id=236618
03/05/2004     iDEFENSE clients notified
03/08/2004    Patch submitted into Mozilla source tree.
   http://bugzilla.mozilla.org/show_bug.cgi?id=236618#c12
07/09/2004    Patch for 1.4 branch submitted into Mozilla source tree
   http://bugzilla.mozilla.org/show_bug.cgi?id=236618#c22
08/02/2004    Public disclosure

*IX. CREDIT*

zen-parse (zen-parse at gmx.net) is credited with this discovery.

*X. LEGAL NOTICES*

Copyright     

- 漏洞信息

59316
Netscape SOAPParameter Object Constructor Overflow
Remote / Network Access Input Manipulation
Loss of Integrity Patch / RCS, Upgrade, Discontinued Product
Exploit Private Vendor Verified, Coordinated Disclosure

- 漏洞描述

- 时间线

2004-08-02 Unknow
Unknow 2004-08-02

- 解决方案

Upgrade to version 1.7.1 or higher, as it has been reported to fix this vulnerability. In addition, Mozilla has released a patch for some older versions. Netscape has no fix available as the product has been discontinued.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Mozilla and Netscape SOAPParameter Integer Overflow Vulnerability
Boundary Condition Error 10843
Yes No
2004-08-02 12:00:00 2009-07-12 06:16:00
zen-parse <zen-parse@gmx.net> disclosed this vulnerability.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SGI Advanced Linux Environment 3.0
SCO Unixware 7.1.4
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux 8.1
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
Red Hat Fedora Core1
Netscape Navigator 7.1
Netscape Navigator 7.0.2
Netscape Navigator 7.0
Mozilla Browser 1.7 rc3
Mozilla Browser 1.7
Mozilla Browser 1.6
Mozilla Browser 1.5
Mozilla Browser 1.4.2
Mozilla Browser 1.4.1
Mozilla Browser 1.4 b
Mozilla Browser 1.4 a
Mozilla Browser 1.4
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
Mozilla Browser 1.3.1
Mozilla Browser 1.3
Mozilla Browser 1.2.1
Mozilla Browser 1.2 Beta
Mozilla Browser 1.2 Alpha
Mozilla Browser 1.2
Mozilla Browser 1.1 Beta
Mozilla Browser 1.1 Alpha
Mozilla Browser 1.1
Mozilla Browser 1.0.2
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ RedHat Enterprise Linux WS 2.1
+ Sun Linux 5.0.7
Mozilla Browser 1.0.1
Mozilla Browser 1.0 RC2
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
Mozilla Browser 1.0 RC1
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
Mozilla Browser 1.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0
Mozilla Browser 0.9.48
Mozilla Browser 0.9.35
Mozilla Browser 0.9.9
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
Mozilla Browser 0.9.8
- Apple Mac OS 9 9.2.2
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows XP 0
Mozilla Browser 0.9.7
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows XP 0
Mozilla Browser 0.9.6
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Be BeOS 5.0
- Be BeOS 5.0
- BSDI BSD/OS 4.2
- BSDI BSD/OS 4.2
- Compaq OpenVMS 7.3 Alpha
- Compaq OpenVMS 7.3 Alpha
- Compaq OpenVMS 7.2 -2 Alpha
- Compaq OpenVMS 7.2 -2 Alpha
- Compaq OpenVMS 7.1 -2 Alpha
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 4.0
- IBM AIX 4.3.3
- IBM AIX 4.3.3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0
- RedHat Linux 6.0
- SGI IRIX 6.5
- SGI IRIX 6.5
- Sun Solaris 2.8
- Sun Solaris 2.8
- Sun Solaris 2.7
- Sun Solaris 2.7
Mozilla Browser 0.9.5
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows XP 0
Mozilla Browser 0.9.4 .1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows XP 0
Mozilla Browser 0.9.4
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 6.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows XP 0
Mozilla Browser 0.9.3
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows XP 0
Mozilla Browser 0.9.2 .1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows XP 0
Mozilla Browser 0.9.2
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2.1
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.2
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.1
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0.4
- Apple Mac OS 9 9.0
- Apple Mac OS 9 9.0
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.2
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.1
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.4
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.3
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.2
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0.1
- Apple Mac OS X 10.0
- Apple Mac OS X 10.0
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 6.0
- Microsoft Windows 95
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98
- Microsoft Windows ME
- Microsoft Windows ME
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows XP 0
Mozilla Browser 0.8
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
Mozilla Browser M16
Mozilla Browser M15
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
Mandriva Linux Mandrake 9.2 amd64
Mandriva Linux Mandrake 9.2
Avaya Network Routing
Netscape Navigator 7.2
Mozilla Browser 1.7.1

- 不受影响的程序版本

Netscape Navigator 7.2
Mozilla Browser 1.7.1

- 漏洞讨论

It is reported that Mozilla and Netscape contain an integer overflow vulnerability in the SOAPParameter object constructor. This overflow may result in the corruption of critical heap memory structures, leading to possible remote code execution.

An attacker can exploit this issue by crafting a malicious web page and having unsuspecting users view the page in a vulnerable version of Mozilla or Netscape.

Netscape 7.0, 7.1, and versions of Mozilla prior to 1.7.1 are known to be vulnerable to this issue. Users of affected versions of Netscape are urged to switch to Mozilla 1.7.1 or later, as new versions of Netscape are not likely to appear.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

Example web page content sufficient for a denial of service was provided:
var p=new Array(0x40000001);
var q=new SOAPParameter(p);

- 解决方案

Mozilla has released version 1.7.1 of their browser that is immune to this vulnerability.

SCO has released an advisory SCOSA-2005.25 including updated packages to address this issue. Please see the referenced advisory for more information.

Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Fixes are not currently available; customers are advised to contact the vendor for further details regarding fix availability. Please see the referenced Avaya advisory at the following location for further details:
http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=198527&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()

RedHat has released advisory RHSA-2004:421-17 and fixes dealing with this issue for Mozilla on RedHat Enterprise Linux platforms. Please see the referenced advisory for further information.

Slackware has released an advisory (SSA:2004-223-01) to address this issue. Please see the referenced advisory for more information.

Mandrake Linux has released advisory MDKSA-2004:082 along with fixes addressing this issue. Please see the referenced advisory for further information.

SGI has made available Patch 10095, correcting this vulnerability for systems running SGI Advanced Linux Environment 3:

Patch 10095 is available from http://support.sgi.com/ and
ftp://patches.sgi.com/support/free/security/patches/ProPack/3/

The individual RPMs from Patch 10095 are available from:
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

Netscape Navigator 7.2 has been released to address this issue.

SuSE Linux has released advisory SUSE-SA:2004:036 along with fixes dealing with this issue. Please see the referenced advisory for more information.

Conectiva has released an advisory (CLA-2004:877) to address various issues including this in Mozilla. This advisory contains updated Mozilla packages (1.7.3) for Conectiva Linux 9 and 10. Please see the referenced advisory for more information.

The Fedora Legacy project has released advisory FLSA-2004:2089 along with fixes to address multiple issues in RedHat Fedora Core 1, and RedHat Linux 7.3 and 9.0. Please see the referenced advisory for further information.


Mozilla Browser M15

Mozilla Browser M16

Mozilla Browser 0.8

Mozilla Browser 0.9.2 .1

Mozilla Browser 0.9.2

Mozilla Browser 0.9.3

Mozilla Browser 0.9.35

Mozilla Browser 0.9.4

Mozilla Browser 0.9.4 .1

Mozilla Browser 0.9.48

Mozilla Browser 0.9.5

Mozilla Browser 0.9.6

Mozilla Browser 0.9.7

Mozilla Browser 0.9.8

Mozilla Browser 0.9.9

Mozilla Browser 1.0 RC1

Mozilla Browser 1.0 RC2

Mozilla Browser 1.0

Mozilla Browser 1.0.1

Mozilla Browser 1.0.2

Mozilla Browser 1.1

Mozilla Browser 1.1 Alpha

Mozilla Browser 1.1 Beta

Mozilla Browser 1.2 Alpha

Mozilla Browser 1.2

Mozilla Browser 1.2 Beta

Mozilla Browser 1.2.1

Mozilla Browser 1.3

Mozilla Browser 1.3.1

Mozilla Browser 1.4 b

Mozilla Browser 1.4

Mozilla Browser 1.4 a

Mozilla Browser 1.4.1

Mozilla Browser 1.4.2

Mozilla Browser 1.5

Mozilla Browser 1.6

Mozilla Browser 1.7

Mozilla Browser 1.7 rc3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站