CVE-2004-0768
CVSS7.5
发布时间 :2004-10-20 00:00:00
修订时间 :2009-01-23 00:24:34
NMCOPS    

[原文]libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.


[CNNVD]Libpng图形库未指明的远程缓冲区溢出漏洞(CNNVD-200410-066)

        libpng 1.2.5版本及之前版本不能正确地计算某些缓冲区偏移量,远程攻击者可以借助缓冲区溢出攻击执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:greg_roelofs:libpng3:1.2.5
cpe:/a:greg_roelofs:libpng3:1.2.3
cpe:/a:greg_roelofs:libpng3:1.2.2
cpe:/a:greg_roelofs:libpng3:1.2.0
cpe:/a:greg_roelofs:libpng3:1.2.1
cpe:/a:greg_roelofs:libpng3:1.2.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0768
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0768
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200410-066
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/16914
(VENDOR_ADVISORY)  XF  libpng-offset-bo(16914)
http://www.debian.org/security/2004/dsa-536
(VENDOR_ADVISORY)  DEBIAN  DSA-536
https://bugzilla.fedora.us/show_bug.cgi?id=1943
(UNKNOWN)  FEDORA  FLSA:1943
http://security.gentoo.org/glsa/glsa-200812-15.xml
(UNKNOWN)  GENTOO  GLSA-200812-15
http://secunia.com/advisories/33137
(UNKNOWN)  SECUNIA  33137

- 漏洞信息

Libpng图形库未指明的远程缓冲区溢出漏洞
高危 缓冲区溢出
2004-10-20 00:00:00 2009-01-23 00:00:00
远程  
        libpng 1.2.5版本及之前版本不能正确地计算某些缓冲区偏移量,远程攻击者可以借助缓冲区溢出攻击执行任意代码。

- 公告与补丁

        The vendor has released libpng 1.2.6rc1 to address these issues.
        libpng libpng3 1.2 .0
        
        libpng libpng3 1.2.1
        
        libpng libpng3 1.2.2
        

- 漏洞信息 (F72968)

Gentoo Linux Security Advisory 200812-15 (PacketStormID:F72968)
2008-12-15 00:00:00
Gentoo  security.gentoo.org
advisory,arbitrary
linux,gentoo
CVE-2004-0768,CVE-2006-0481,CVE-2006-3334,CVE-2008-1382,CVE-2008-3964
[点击下载]

Gentoo Linux Security Advisory GLSA 200812-15 - POV-Ray includes a version of libpng that might allow for the execution of arbitrary code when reading a specially crafted PNG file POV-Ray uses a statically linked copy of libpng to view and output PNG files. The version shipped with POV-Ray is vulnerable to CVE-2008-3964, CVE-2008-1382, CVE-2006-3334, CVE-2006-0481, CVE-2004-0768. A bug in POV-Ray's build system caused it to load the old version when your installed copy of libpng was >=media-libs/libpng-1.2.10. Versions less than 3.6.1-r4 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200812-15
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                              http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: Normal
       Title: POV-Ray: User-assisted execution of arbitrary code
        Date: December 14, 2008
        Bugs: #153538
          ID: 200812-15

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

POV-Ray includes a version of libpng that might allow for the execution
of arbitrary code when reading a specially crafted PNG file

Background
==========

POV-Ray is a well known open-source ray tracer.

Affected packages
=================

      -------------------------------------------------------------------
       Package           /  Vulnerable  /                     Unaffected
      -------------------------------------------------------------------
    1  media-gfx/povray     < 3.6.1-r4                       >= 3.6.1-r4

Description
===========

POV-Ray uses a statically linked copy of libpng to view and output PNG
files. The version shipped with POV-Ray is vulnerable to CVE-2008-3964,
CVE-2008-1382, CVE-2006-3334, CVE-2006-0481, CVE-2004-0768. A bug in
POV-Ray's build system caused it to load the old version when your
installed copy of libpng was >=media-libs/libpng-1.2.10.

Impact
======

An attacker could entice a user to load a specially crafted PNG file as
a texture, resulting in the execution of arbitrary code with the
permissions of the user running the application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All POV-Ray users should upgrade to the latest version:

      # emerge --sync
      # emerge --ask --oneshot --verbose ">=media-gfx/povray-3.6.1-r4"

References
==========

    [ 1 ] CVE-2004-0768
          http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0768
    [ 2 ] CVE-2006-0481
          http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0481
    [ 3 ] CVE-2006-3334
          http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3334
    [ 4 ] CVE-2008-1382
          http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1382
    [ 5 ] CVE-2008-3964
          http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3964

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

    http://security.gentoo.org/glsa/glsa-200812-15.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2008 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5


    

- 漏洞信息

10711
libpng Buffer Offset Multiple Unspecified Remote Overflows
Context Dependent Input Manipulation
Loss of Integrity Upgrade
Exploit Unknown Vendor Verified

- 漏洞描述

libpng contains multiple flaws related to the calculation of certain buffer offsets that may allow an attacker to execute arbitrary code. No further details have been provided.

- 时间线

2004-08-04 Unknow
Unknow 2004-08-04

- 解决方案

It has been reported that this issue has been fixed. Upgrade to version 1.2.6rc1, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Libpng Graphics Library Unspecified Remote Buffer Overflow Vulnerability
Design Error 10872
Yes No
2004-08-05 12:00:00 2008-12-15 05:01:00
The individual responsible for discovery of this issue is currently unknown; the vendor disclosed this issue.

- 受影响的程序版本

SCO Unixware 7.1.4
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
libpng libpng3 1.2.5
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ Gentoo Linux 1.2
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 10.0
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.1
+ Red Hat Fedora Core1
+ Slackware Linux 10.0
+ Slackware Linux 9.1
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux 9.0
+ Slackware Linux -current
+ Slackware Linux -current
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
+ Ubuntu Ubuntu Linux 4.1 ia32
libpng libpng3 1.2.4
+ Conectiva Linux 8.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ S.u.S.E. Linux 8.1
libpng libpng3 1.2.3
libpng libpng3 1.2.2
+ RedHat Linux 8.0 i386
libpng libpng3 1.2.1
+ Debian Linux 3.0
+ Debian Linux 3.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.2
+ Slackware Linux 8.1
libpng libpng3 1.2 .0
+ Conectiva Linux 8.0
Gentoo Linux
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
libpng libpng3 1.2.6 rc1

- 不受影响的程序版本

libpng libpng3 1.2.6 rc1

- 漏洞讨论

Libpng contains an error in calculating buffer offsets that may facilitate a buffer-overflow vulnerability. This issue stems from a logical design error.

Exploiting this vulnerability may allow an attacker to crash applications that use the library; code execution pay be possible.

Note that vulnerabilities previously outlined in this BID have been described in the Libpng Graphics Library Multiple Remote Vulnerabilities outlined in BID 10857.

- 漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

The vendor has released libpng 1.2.6rc1 to address these issues.


libpng libpng3 1.2 .0

libpng libpng3 1.2.1

libpng libpng3 1.2.2

libpng libpng3 1.2.3

libpng libpng3 1.2.4

libpng libpng3 1.2.5

SCO Unixware 7.1.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站