CVE-2004-0794
CVSS5.1
发布时间 :2004-10-20 00:00:00
修订时间 :2008-09-10 15:27:47
NMCOPS    

[原文]Multiple signal handler race conditions in lukemftpd (aka tnftpd before 20040810) allow remote authenticated attackers to cause a denial of service or execute arbitrary code.


[CNNVD]TNFTPD多个信号处理器远程超级用户妥协漏洞(CNNVD-200410-061)

        lukemftpd(也称为20040810之前的tnftpd)中的许多信号处理器竞争条件存在漏洞。远程已认证的攻击者可以导致服务拒绝或者执行任意代码。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:luke_mewburn:tnftpd:2003-12-17
cpe:/a:luke_mewburn:lukemftp:1.1
cpe:/a:luke_mewburn:lukemftp:1.5

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0794
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0794
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200410-061
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-009.txt.asc
(VENDOR_ADVISORY)  NETBSD  NetBSD-SA2004-009
http://xforce.iss.net/xforce/xfdb/17020
(UNKNOWN)  XF  tnftpd-gain-access(17020)
http://www.vuxml.org/freebsd/c4b025bb-f05d-11d8-9837-000c41e2cdad.html
(VENDOR_ADVISORY)  CONFIRM  http://www.vuxml.org/freebsd/c4b025bb-f05d-11d8-9837-000c41e2cdad.html
http://www.debian.org/security/2004/dsa-551
(UNKNOWN)  DEBIAN  DSA-551
http://lists.grok.org.uk/pipermail/full-disclosure/2004-August/025418.html
(UNKNOWN)  FULLDISC  20040817 Multiple remote vulnerabilities in lukemftpd aka. tnftpd

- 漏洞信息

TNFTPD多个信号处理器远程超级用户妥协漏洞
中危 竞争条件
2004-10-20 00:00:00 2005-10-20 00:00:00
远程  
        lukemftpd(也称为20040810之前的tnftpd)中的许多信号处理器竞争条件存在漏洞。远程已认证的攻击者可以导致服务拒绝或者执行任意代码。

- 公告与补丁

        The vendor has released patches resolving these issues.
        NetBSD has released advisory 2004-009 addressing this issue. Please see the referenced advisory for further information. Fixes are available from CVS for the NetBSD-current and NetBSD-2.0 branches.
        Apple has released an advisory (APPLE-SA-0024-09-07) along with fixes to address this, and many other issues. Please see the referenced advisory for further information.
        Heimdal has released an advisory (2004-09-13) along with version 0.6.3 to address this issue. Please see the referenced advisory for further information.
        Gentoo Linux has released an advisory (GLSA 200409-19) to address this issue. Please see the referenced advisory for further information. Users of affected packages are urged to execute the following with superuser privileges:
         emerge sync
         emerge -pv ">=app-crypt/heimdal-0.6.3"
         emerge ">=app-crypt/heimdal-0.6.3"
        Debian Linux has released an advisory (DSA 551-1) along with fixes dealing with this issue. Please the referenced advisory for more information.
        Sun has released an advisory (Sun Alert ID: 57655) with fixes to address these issues in Sun Java Desktop System (JDS) 2003 and Release 2 for the Linux platform. Please see the advisory in Web references for more information. Users may carry out the following actions from the launch bar to download the patch:
        Launch >> Applications >> System Tools >> Online Update
        Luke Mewburn TNFTPD 20031217
        
        Sun Java Desktop System (JDS) 2003
        

  •         Sun patch-9369
            

  •         

        Heimdal Heimdal 0.3 f
        
        Heimdal Heimdal 0.4 b
        
        Heimdal Heimdal 0.4 d
        
        Heimdal Heimdal 0.4 c
        
        Heimdal Heimdal 0.4 a
        
        Heimdal Heimdal 0.4 e
        
        Heimdal Heimdal 0.5 .0
        
        Heimdal Heimdal 0.5.1
        
        Heimdal Heimdal 0.5.2
        
        Heimdal Heimdal 0.5.3
        
        Heimdal Heimdal 0.6
        
        Heimdal Heimdal 0.6.1
        
        Heimdal Heimdal 0.6.2
        
        Luke Mewburn lukemftp 1.1
        

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站