CVE-2004-0802
CVSS5.1
发布时间 :2004-12-31 00:00:00
修订时间 :2010-01-28 00:34:01
NMCOP    

[原文]Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.


[CNNVD]IMLib/IMLib2多个BMP图像解码缓冲区溢出漏洞(CNNVD-200412-223)

        imlib2 1.1.2之前版本的BMP载入程序存在缓冲区溢出漏洞。远程攻击者可以借助一个特制的BMP图像来执行任意代码。该漏洞不同于CVE-2004-0817。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64
cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
cpe:/a:imagemagick:imagemagick:5.4.4.5ImageMagick 5.4.4.5
cpe:/a:enlightenment:imlib:1.9.8
cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/a:enlightenment:imlib:1.9.9
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64
cpe:/a:imagemagick:imagemagick:5.3.3ImageMagick 5.3.3
cpe:/a:imagemagick:imagemagick:5.5.7ImageMagick 5.5.7
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor
cpe:/a:enlightenment:imlib:1.9.13
cpe:/a:enlightenment:imlib:1.9.12
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/a:imagemagick:imagemagick:6.0.2ImageMagick 6.0.2
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/a:enlightenment:imlib:1.9.3
cpe:/a:enlightenment:imlib:1.9.14
cpe:/o:redhat:linux_advanced_workstation:2.1::ia64
cpe:/a:sun:java_desktop_system:2003
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/o:redhat:enterprise_linux:3.0::workstation
cpe:/a:enlightenment:imlib:1.9.6
cpe:/a:enlightenment:imlib2:1.0.1
cpe:/a:enlightenment:imlib:1.9.4
cpe:/o:turbolinux:turbolinux_workstation:8.0
cpe:/o:conectiva:linux:9.0Conectiva Linux 9.0
cpe:/a:enlightenment:imlib2:1.0.2
cpe:/a:imagemagick:imagemagick:5.4.8ImageMagick 5.4.8
cpe:/a:enlightenment:imlib:1.9.7
cpe:/a:enlightenment:imlib:1.9.1
cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64
cpe:/o:suse:suse_linux:8.0::i386
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/o:turbolinux:turbolinux_desktop:10.0
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/o:suse:suse_linux:8.2SuSE SuSE Linux 8.2
cpe:/a:imagemagick:imagemagick:5.4.7ImageMagick 5.4.7
cpe:/o:ubuntu:ubuntu_linux:4.1::ia64
cpe:/o:redhat:fedora_core:core_1.0
cpe:/o:ubuntu:ubuntu_linux:4.1::ppc
cpe:/a:imagemagick:imagemagick:5.4.8.2.1.1.0
cpe:/o:turbolinux:turbolinux_server:8.0
cpe:/a:sun:java_desktop_system:2.0Sun Java Desktop System 2.0
cpe:/a:enlightenment:imlib2:1.0
cpe:/o:turbolinux:turbolinux_server:7.0
cpe:/o:redhat:enterprise_linux:3.0::advanced_servers
cpe:/a:enlightenment:imlib:1.9.11
cpe:/a:enlightenment:imlib2:1.0.4
cpe:/o:suse:suse_linux:8.1SuSE SuSE Linux 8.1
cpe:/a:enlightenment:imlib:1.9.10
cpe:/o:turbolinux:turbolinux_workstation:7.0
cpe:/o:suse:suse_linux:9.2SuSE SuSE Linux 9.2
cpe:/o:redhat:fedora_core:core_3.0
cpe:/a:imagemagick:imagemagick:5.5.6.0_2003-04-09ImageMagick 5.5.6.0 2003-04-09
cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1MandrakeSoft Mandrake Linux Corporate Server 2.1
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1
cpe:/o:conectiva:linux:10.0Conectiva Linux 10.0
cpe:/a:enlightenment:imlib2:1.1.1
cpe:/a:enlightenment:imlib:1.9.2
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/a:enlightenment:imlib2:1.1
cpe:/a:enlightenment:imlib2:1.0.5
cpe:/o:suse:suse_linux:9.0::x86_64
cpe:/o:suse:suse_linux:8.0SuSE SuSE Linux 8.0
cpe:/a:enlightenment:imlib2:1.0.3
cpe:/o:mandrakesoft:mandrake_linux:9.2MandrakeSoft Mandrake Linux 9.2
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0
cpe:/a:enlightenment:imlib:1.9
cpe:/o:redhat:fedora_core:core_2.0
cpe:/o:mandrakesoft:mandrake_linux:10.0MandrakeSoft Mandrake Linux 10.0
cpe:/a:imagemagick:imagemagick:5.5.3.2.1.2.0ImageMagick 5.5.3.2.1.2.0
cpe:/a:enlightenment:imlib:1.9.5
cpe:/a:imagemagick:imagemagick:5.4.3ImageMagick 5.4.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0802
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0802
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-223
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/17183
(PATCH)  XF  imlib2-bmp-bo(17183)
http://www.securityfocus.com/bid/11084
(PATCH)  BID  11084
http://www.gentoo.org/security/en/glsa/glsa-200409-12.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200409-12
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000870
(PATCH)  CONECTIVA  CLA-2004:870
http://www.vuxml.org/freebsd/ba005226-fb5b-11d8-9837-000c41e2cdad.html
(VENDOR_ADVISORY)  CONFIRM  http://www.vuxml.org/freebsd/ba005226-fb5b-11d8-9837-000c41e2cdad.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-201611-1
(UNKNOWN)  SUNALERT  201611
http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/libs/imlib2/ChangeLog?rev=1.20&view=markup
(UNKNOWN)  MISC  http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/libs/imlib2/ChangeLog?rev=1.20&view=markup

- 漏洞信息

IMLib/IMLib2多个BMP图像解码缓冲区溢出漏洞
中危 缓冲区溢出
2004-12-31 00:00:00 2010-01-28 00:00:00
远程  
        imlib2 1.1.2之前版本的BMP载入程序存在缓冲区溢出漏洞。远程攻击者可以借助一个特制的BMP图像来执行任意代码。该漏洞不同于CVE-2004-0817。

- 公告与补丁

        The vendor has addressed this issue in Imlib2 1.1.2. Reportedly, this fix is available through CVS:
        http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/
        Please see the referenced advisories for more information.
        Sun Solaris 10
        
        RedHat Fedora Core2
        
        RedHat Fedora Core1
        
        Sun Solaris 10_x86
        
        Sun Solaris 9
        
        Sun Solaris 9_x86
        
        Enlightenment Imlib2 1.0.5
        

- 漏洞信息 (F34462)

dsa-552.txt (PacketStormID:F34462)
2004-09-29 00:00:00
Debian,Marcus Meissner  debian.org
advisory,overflow,arbitrary
linux,debian
CVE-2004-0802
[点击下载]

Debian Security Advisory DSA 552-1 - A heap overflow in imlib2 can be utilized by an attacker to execute arbitrary code on the victims machine.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 552-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 22nd, 2004                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : imlib2
Vulnerability  : unsanitised input
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0802
Debian Bug     : 271375

Marcus Meissner discovered a heap overflow error in imlib2, an imaging
library for X and X11 and the successor of imlib, that may be utilised
by an attacker to execute arbitrary code on the victims machine.

For the stable distribution (woody) this problem has been fixed in
version 1.0.5-2woody1.

For the unstable distribution (sid) this problem has been fixed in
version 1.1.0-12.4.

We recommend that you upgrade your imlib2 packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5-2woody1.dsc
      Size/MD5 checksum:      733 6e0c48c0bb26f71779994f48a1276f7d
    http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5-2woody1.diff.gz
      Size/MD5 checksum:    23552 75fc0654f4d5e8541a3def4e9b8682ea
    http://security.debian.org/pool/updates/main/i/imlib2/imlib2_1.0.5.orig.tar.gz
      Size/MD5 checksum:   688261 3b1a80c95ff2a4cfb3bce49e27d94461

  Alpha architecture:

    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_alpha.deb
      Size/MD5 checksum:   191008 1932e664898be7eb536ed57c13c72092
    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_alpha.deb
      Size/MD5 checksum:   482610 412010c09df703e76c35d772c8a94e27

  ARM architecture:

    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_arm.deb
      Size/MD5 checksum:   165138 58f39fa64ab03d1426edb509a2bdba4f
    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_arm.deb
      Size/MD5 checksum:   440882 6241d966c3f4ea7e1c4e5df327b424e1

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_i386.deb
      Size/MD5 checksum:   149288 8cb2235e5b522658c8a1bfd08f8deb77
    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_i386.deb
      Size/MD5 checksum:   403260 263d6ce6bebe21750107b6b8e01133d3

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_ia64.deb
      Size/MD5 checksum:   246578 4b36c9ec394e4eb52ccbbaa45812e71e
    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_ia64.deb
      Size/MD5 checksum:   508040 d9d004de6215343005bd9103c3bde9e1

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_hppa.deb
      Size/MD5 checksum:   193378 bff4a447aa4ccf25639afa48dfc1d66a
    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_hppa.deb
      Size/MD5 checksum:   467328 6e126882e888d9eee559695747527d0c

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_m68k.deb
      Size/MD5 checksum:   149228 f8de84277791acfe4d21980c18dc785f
    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_m68k.deb
      Size/MD5 checksum:   402160 e47af6aa12039f334361c0847bef326b

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_mips.deb
      Size/MD5 checksum:   157820 c320f8730e74ab8fef95315c12eef054
    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_mips.deb
      Size/MD5 checksum:   447128 8e890ee8e806f922bc236025890d96df

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_mipsel.deb
      Size/MD5 checksum:   156994 a5eb9cd7a19e755e225435d42a1bc1b9
    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_mipsel.deb
      Size/MD5 checksum:   439402 dedf6435b9984f7595b44e554af52031

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_powerpc.deb
      Size/MD5 checksum:   168606 2b5a9e85e4b05ec4235fe2c7bb27ee54
    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_powerpc.deb
      Size/MD5 checksum:   443384 83a929d947b89e3338c4ec80e88fd84f

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_s390.deb
      Size/MD5 checksum:   168770 c120eb24b687a7452fde8f1f8eb6f50c
    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_s390.deb
      Size/MD5 checksum:   421318 fe87d6d3664c181e3da123acec565c6c

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2_1.0.5-2woody1_sparc.deb
      Size/MD5 checksum:   166128 765676ea4c0755eeb95bee7f8eebd980
    http://security.debian.org/pool/updates/main/i/imlib2/libimlib2-dev_1.0.5-2woody1_sparc.deb
      Size/MD5 checksum:   434668 c343afb55a57309a3b4d402c26058d01


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBUa3iW5ql+IAeqTIRAsQzAJ9ta1vVbs2Uj/p3JACSpij6drvqkgCffBQc
0skiSbiUzXtm+v7RqDS9oD8=
=lXKA
-----END PGP SIGNATURE-----

    

- 漏洞信息

9436
imlib2 BMP Decoding Overflow
Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

A remote overflow exists in imlib2. imlib2 fails to properly perform bounds checking on BMP deconding resulting in a buffer overflow. With a specially crafted request, an attacker can cause imlib2 to crash possibly allowing the execution of arbitrary code resulting in a loss of confidentiality and/or integrity.

- 时间线

2004-08-31 Unknow
2004-08-31 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, the imlib2 development team has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站