CVE-2004-0903
CVSS10.0
发布时间 :2005-01-27 00:00:00
修订时间 :2016-10-17 22:49:50
NMCO    

[原文]Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.


[CNNVD]Mozilla 多个浏览器软件 nsVcardObj.cpp堆栈溢出漏洞(CNNVD-200501-291)

        Mozilla是著名的浏览器软件。
        多个Mozilla浏览器(Firefox预览版之前的版本、Mozilla 1.7.3之前的版本及 Thunderbird 0.8之前版本)中nsVCardObj.cpp的wirteGroup函数存在堆栈溢出漏洞。远程攻击者可使用畸形VCard附件,导致在预览信息时不能被正确处理,从而可执行任意代码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/o:redhat:enterprise_linux:3.0::advanced_server
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/o:redhat:enterprise_linux:3.0::enterprise_server
cpe:/o:conectiva:linux:10.0Conectiva Linux 10.0
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/o:suse:suse_linux:1.0::desktop
cpe:/a:mozilla:mozilla:1.7.1Mozilla Mozilla 1.7.1
cpe:/a:mozilla:mozilla:1.7.2Mozilla Mozilla 1.7.2
cpe:/o:suse:suse_linux:9.0::x86_64
cpe:/o:redhat:linux:7.3Red Hat Linux 7.3
cpe:/o:redhat:linux:9.0::i386
cpe:/o:redhat:linux:7.3::i386
cpe:/o:redhat:enterprise_linux:3.0::workstation_server
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/a:mozilla:thunderbird:0.7.2Mozilla Thunderbird 0.7.2
cpe:/o:redhat:enterprise_linux_desktop:3.0Red Hat Desktop 3.0
cpe:/a:mozilla:thunderbird:0.7.1Mozilla Thunderbird 0.7.1
cpe:/a:mozilla:thunderbird:0.7.3Mozilla Thunderbird 0.7.3
cpe:/o:conectiva:linux:9.0Conectiva Linux 9.0
cpe:/o:redhat:linux:7.3::i686
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/a:mozilla:thunderbird:0.7Mozilla Thunderbird 0.7
cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
cpe:/a:mozilla:mozilla:1.7Mozilla Mozilla 1.7
cpe:/o:redhat:linux_advanced_workstation:2.1::ia64
cpe:/o:suse:suse_linux:8.1SuSE SuSE Linux 8.1
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/o:redhat:fedora_core:core_1.0
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor
cpe:/o:suse:suse_linux:8::enterprise_server
cpe:/o:suse:suse_linux:9.0::enterprise_server
cpe:/o:suse:suse_linux:8.2SuSE SuSE Linux 8.2
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10873Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7....
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0903
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0903
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-291
(官方数据源) CNNVD

- 其它链接及资源

http://bugzilla.mozilla.org/show_bug.cgi?id=257314
(VENDOR_ADVISORY)  CONFIRM  http://bugzilla.mozilla.org/show_bug.cgi?id=257314
http://marc.info/?l=bugtraq&m=109698896104418&w=2
(UNKNOWN)  HP  SSRT4826
http://marc.info/?l=bugtraq&m=109900315219363&w=2
(UNKNOWN)  FEDORA  FLSA:2089
http://security.gentoo.org/glsa/glsa-200409-26.xml
(UNKNOWN)  GENTOO  GLSA-200409-26
http://www.kb.cert.org/vuls/id/414240
(VENDOR_ADVISORY)  CERT-VN  VU#414240
http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
(UNKNOWN)  CONFIRM  http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3
http://www.novell.com/linux/security/advisories/2004_36_mozilla.html
(UNKNOWN)  SUSE  SUSE-SA:2004:036
http://www.securityfocus.com/bid/11174
(VENDOR_ADVISORY)  BID  11174
http://www.us-cert.gov/cas/techalerts/TA04-261A.html
(UNKNOWN)  CERT  TA04-261A
http://xforce.iss.net/xforce/xfdb/17380
(VENDOR_ADVISORY)  XF  mozilla-netscape-nsvcardobj-bo(17380)

- 漏洞信息

Mozilla 多个浏览器软件 nsVcardObj.cpp堆栈溢出漏洞
危急 缓冲区溢出
2005-01-27 00:00:00 2005-10-20 00:00:00
远程  
        Mozilla是著名的浏览器软件。
        多个Mozilla浏览器(Firefox预览版之前的版本、Mozilla 1.7.3之前的版本及 Thunderbird 0.8之前版本)中nsVCardObj.cpp的wirteGroup函数存在堆栈溢出漏洞。远程攻击者可使用畸形VCard附件,导致在预览信息时不能被正确处理,从而可执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.mozilla.org/

- 漏洞信息

9966
Mozilla Multiple Products nsVCardObj.cpp writeGroup() Function Overflow
Local Access Required, Remote / Network Access Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

A local overflow exists in Mozilla-based applications and Netscape Navigator. The writegroup() function of the nsVCardObj.cpp component fails to ensure parameters with group properties (eg, TEL.HOME) are an acceptable length, resulting in a stack-based overflow. With a specially crafted vCard, an attacker can cause a denial of service condition, and possibly code execution, resulting in a loss of availability and integrity.

- 时间线

2004-08-29 Unknow
Unknow Unknow

- 解决方案

For Mozilla.org products, upgrade to Mozilla 1.7.3, Firefox 1.0PR, Thunderbird 0.8 or higher, as these have been confirmed to fix this vulnerability. An upgrade is required as there are no known workarounds. For Netscape products, there are currently no known upgrades or patches available to correct this issue. It is possible to mitigate the flaw by disabling the preview pane in Netscape Mail & News. This will help avoid automatic exploitation upon receiving a malicious vCard; however, it will not prevent exploitation if the malicious vCard is viewed via a Netscape product by some other method, such as opening the message normally.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站