CVE-2004-1053
CVSS10.0
发布时间 :2005-03-01 00:00:00
修订时间 :2008-09-05 16:40:11
NMCOS    

[原文]Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow.


[CNNVD]FreeBSD fetch 整数溢出漏洞(CNNVD-200503-023)

        FreeBSD的fetch是一款用于通过FTP,HTTP和HTTPS获取文件的工具。
        FreeBSD的fetch在处理HTTP头时存在整数溢出问题,远程攻击者可以利用这个漏洞以用户进程权限在系统上执行任意指令。
        恶意服务器或CGI脚本可以以畸形HTTP头字段应答HTTP或HTTPS请求,可在客户端触发缓冲区溢出,精心构建应答数据可能以用户进程权限在系统上执行任意指令。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1053
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1053
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200503-023
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/11702
(VENDOR_ADVISORY)  BID  11702
http://xforce.iss.net/xforce/xfdb/18160
(VENDOR_ADVISORY)  XF  fetch-http-header-bo(18160)
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:16.fetch.asc
(UNKNOWN)  FREEBSD  FreeBSD-SA-04:16

- 漏洞信息

FreeBSD fetch 整数溢出漏洞
危急 缓冲区溢出
2005-03-01 00:00:00 2005-10-20 00:00:00
远程  
        FreeBSD的fetch是一款用于通过FTP,HTTP和HTTPS获取文件的工具。
        FreeBSD的fetch在处理HTTP头时存在整数溢出问题,远程攻击者可以利用这个漏洞以用户进程权限在系统上执行任意指令。
        恶意服务器或CGI脚本可以以畸形HTTP头字段应答HTTP或HTTPS请求,可在客户端触发缓冲区溢出,精心构建应答数据可能以用户进程权限在系统上执行任意指令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:16.fetch.asc
        

- 漏洞信息

11921
FreeBSD fetch HTTP Header Integer Overflow
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

A remote overflow exists in fetch on FreeBSD. The fetch utility, which is a tool for fetching files via FTP, HTTP, and HTTPS, fails to check bounds on certain incoming HTTP headers resulting in an integer overflow. With a specially crafted response from a malicious server or CGI script, an attacker can overflow a buffer and execute arbitrary code resulting in a loss of integrity.

- 时间线

2004-11-18 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 4-STABLE or 5-STABLE, or to the RELENG_5_3, RELENG_5_2, RELENG_4_10, or RELENG_4_8 security branch dated after the correction date, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch for some older versions.

- 相关参考

- 漏洞作者

- 漏洞信息

FreeBSD Fetch Remote Buffer Overflow Vulnerability
Boundary Condition Error 11702
Yes No
2004-11-18 12:00:00 2009-07-12 08:06:00
Colin Percival <colin.percival@wadham.ox.ac.uk> disclosed this vulnerability to the vendor.

- 受影响的程序版本

FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.2 -RELENG
FreeBSD FreeBSD 5.2
FreeBSD FreeBSD 5.1 -RELENG
FreeBSD FreeBSD 5.1
FreeBSD FreeBSD 5.0 -RELENG
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 4.10 -RELENG
FreeBSD FreeBSD 4.10
FreeBSD FreeBSD 4.9 -RELENG
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.7 -RELENG
FreeBSD FreeBSD 4.7
FreeBSD fetch
+ FreeBSD FreeBSD 5.3
+ FreeBSD FreeBSD 5.2
+ FreeBSD FreeBSD 5.1
+ FreeBSD FreeBSD 5.0
+ FreeBSD FreeBSD 4.10
+ FreeBSD FreeBSD 4.9
+ FreeBSD FreeBSD 4.8
+ FreeBSD FreeBSD 4.7

- 漏洞讨论

A remote buffer overflow vulnerability affects the FreeBSD fetch utility. This issue is due to a failure of the application to carry out sufficient bounds checks during the parsing of certain HTTP response headers resulting in an integer overflow. Further operations on the response body result in the overflowing of process memory.

A malicious server may leverage this issue to execute arbitrary code on an affected computer with the privileges of a user executing the vulnerable client software. This may facilitate unauthorized access or privilege escalation.

- 漏洞利用

Exploit code is reported to exist, but is currently not publicly available.

- 解决方案

FreeBSD has released advisory FreeBSD-SA-04:16 along with fixes dealing with this issue. FreeBSD has advised users to obtain the provided patch and then update their packages with the following commands:

# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/usr.bin/fetch
# make obj && make depend && make && make install

For more information please see the referenced FreeBSD advisory.


FreeBSD fetch

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站