CVE-2004-1076
CVSS7.2
发布时间 :2005-01-10 00:00:00
修订时间 :2016-10-17 22:51:14
NMCOS    

[原文]Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file.


[CNNVD]Atari800 rt-config.c 缓冲区溢出漏洞(CNNVD-200501-167)

        atari800是一款Atari模拟器软件。
        Atari800 1.3.4之前版本中rt-config.c的RtConfigLoad函数存在多个缓冲区溢出漏洞。
        本地用户可以通过在配置文件中使用较大值的方式,利用此漏洞执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:atari800:atari800:0.8.2
cpe:/o:debian:debian_linux:3.0::ia-32
cpe:/o:atari800:atari800:0.6.2
cpe:/o:atari800:atari800:0.8.1
cpe:/o:debian:debian_linux:3.0::ppc
cpe:/o:atari800:atari800:1.2_pre0
cpe:/o:debian:debian_linux:3.0::hppa
cpe:/o:debian:debian_linux:3.0::sparc
cpe:/o:atari800:atari800:1.2.1_pre0
cpe:/o:debian:debian_linux:3.0::s-390
cpe:/o:atari800:atari800:0.9.9j
cpe:/o:atari800:atari800:0.8.6
cpe:/o:atari800:atari800:0.9.9f
cpe:/o:atari800:atari800:0.8.7
cpe:/o:atari800:atari800:0.9.9g
cpe:/o:debian:debian_linux:3.0::arm
cpe:/o:debian:debian_linux:3.0::mipsel
cpe:/o:debian:debian_linux:3.0::mips
cpe:/o:debian:debian_linux:3.0::alpha
cpe:/o:atari800:atari800:0.9.9h
cpe:/o:atari800:atari800:1.2
cpe:/o:atari800:atari800:0.9.9i
cpe:/o:atari800:atari800:0.8.8
cpe:/o:atari800:atari800:0.8.9
cpe:/o:atari800:atari800:1.3
cpe:/o:atari800:atari800:0.9.1
cpe:/o:atari800:atari800:1.0
cpe:/o:atari800:atari800:0.9.2
cpe:/o:atari800:atari800:0.5.4
cpe:/o:debian:debian_linux:3.0::m68k
cpe:/o:atari800:atari800:0.9.9a
cpe:/o:atari800:atari800:0.9.9b
cpe:/o:atari800:atari800:0.9.9c
cpe:/o:atari800:atari800:0.9.9d
cpe:/o:atari800:atari800:0.9.9e
cpe:/o:atari800:atari800:0.9.5
cpe:/o:atari800:atari800:0.9.6
cpe:/o:debian:debian_linux:3.0::ia-64
cpe:/o:atari800:atari800:1.0.5
cpe:/o:atari800:atari800:1.2.3
cpe:/o:atari800:atari800:1.0.6
cpe:/o:atari800:atari800:1.2.4
cpe:/o:atari800:atari800:0.7
cpe:/o:atari800:atari800:1.0.1
cpe:/o:atari800:atari800:0.6
cpe:/o:atari800:atari800:1.0.2
cpe:/o:atari800:atari800:0.9.3
cpe:/o:atari800:atari800:0.9.4
cpe:/o:atari800:atari800:0.9
cpe:/o:atari800:atari800:0.9.9
cpe:/o:atari800:atari800:1.0.7
cpe:/o:atari800:atari800:1.2.5
cpe:/o:atari800:atari800:0.9.7
cpe:/o:atari800:atari800:0.9.8
cpe:/o:atari800:atari800:1.0.3
cpe:/o:atari800:atari800:1.2.1
cpe:/o:atari800:atari800:1.0.4
cpe:/o:atari800:atari800:1.2.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1076
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1076
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-167
(官方数据源) CNNVD

- 其它链接及资源

http://cvs.sourceforge.net/viewcvs.py/atari800/atari800/DOC/ChangeLog?view=markup
(UNKNOWN)  CONFIRM  http://cvs.sourceforge.net/viewcvs.py/atari800/atari800/DOC/ChangeLog?view=markup
http://marc.info/?l=bugtraq&m=110142899319841&w=2
(UNKNOWN)  BUGTRAQ  20041125 Atari800 - local root.
http://marc.info/?l=bugtraq&m=110149441815270&w=2
(UNKNOWN)  BUGTRAQ  20041126 Re: Atari800 - local root. (fwd)
http://www.debian.org/security/2004/dsa-609
(UNKNOWN)  DEBIAN  DSA-609
http://www.securityfocus.com/bid/11756
(VENDOR_ADVISORY)  BID  11756

- 漏洞信息

Atari800 rt-config.c 缓冲区溢出漏洞
高危 缓冲区溢出
2005-01-10 00:00:00 2005-10-28 00:00:00
本地  
        atari800是一款Atari模拟器软件。
        Atari800 1.3.4之前版本中rt-config.c的RtConfigLoad函数存在多个缓冲区溢出漏洞。
        本地用户可以通过在配置文件中使用较大值的方式,利用此漏洞执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://sourceforge.net/projects/atari800/files/

- 漏洞信息

12140
Atari800 Atari800_Initialise() Function Local Overflow
Local Access Required Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

A local overflow exists in Atari800 in the "Atari800_Initialise" function, resulting in a buffer overflow. With a specially crafted request, an attacker can get root privileges and execute arbitrary code, resulting in a loss of integrity.

- 时间线

2004-11-27 Unknow
2004-11-25 Unknow

- 解决方案

Upgrade to version 1.3.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Atari800 Emulator Multiple Local Buffer Overflow Vulnerabilities
Boundary Condition Error 11756
No Yes
2004-11-25 12:00:00 2009-07-12 08:06:00
Discovery of these vulnerabilities is credited to Adam Zabrocki <pi3ki31ny@wp.pl>.

- 受影响的程序版本

Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Atari800 Atari800 1.3
Atari800 Atari800 1.2.5
Atari800 Atari800 1.2.4
Atari800 Atari800 1.2.3
Atari800 Atari800 1.2.2
Atari800 Atari800 1.2.1 pre0
Atari800 Atari800 1.2.1
Atari800 Atari800 1.2 pre0
Atari800 Atari800 1.2
Atari800 Atari800 1.0.7
Atari800 Atari800 1.0.6
Atari800 Atari800 1.0.5
Atari800 Atari800 1.0.4
Atari800 Atari800 1.0.3
Atari800 Atari800 1.0.2
Atari800 Atari800 1.0.1
Atari800 Atari800 1.0
Atari800 Atari800 0.9.9 j
Atari800 Atari800 0.9.9 i
Atari800 Atari800 0.9.9 h
Atari800 Atari800 0.9.9 g
Atari800 Atari800 0.9.9 f
Atari800 Atari800 0.9.9 e
Atari800 Atari800 0.9.9 d
Atari800 Atari800 0.9.9 c
Atari800 Atari800 0.9.9 b
Atari800 Atari800 0.9.9 a
Atari800 Atari800 0.9.9
Atari800 Atari800 0.9.8
Atari800 Atari800 0.9.7
Atari800 Atari800 0.9.6
Atari800 Atari800 0.9.5
Atari800 Atari800 0.9.4
Atari800 Atari800 0.9.3
Atari800 Atari800 0.9.2
Atari800 Atari800 0.9.1
Atari800 Atari800 0.9
Atari800 Atari800 0.8.9
Atari800 Atari800 0.8.8
Atari800 Atari800 0.8.7
Atari800 Atari800 0.8.6
Atari800 Atari800 0.8.2
Atari800 Atari800 0.8.1
Atari800 Atari800 0.7
Atari800 Atari800 0.6.2
Atari800 Atari800 0.6
Atari800 Atari800 0.5.4
Atari800 Atari800 1.3.3
Atari800 Atari800 1.3.2
Atari800 Atari800 1.3.1

- 不受影响的程序版本

Atari800 Atari800 1.3.3
Atari800 Atari800 1.3.2
Atari800 Atari800 1.3.1

- 漏洞讨论

Atari800 is reported prone to multiple local buffer overflow vulnerabilities. The issues exist in 'log.c' and 'rt-config.c' files and are due to a lack of sufficient boundary checks performed on user-supplied data.

A local attacker may exploit these vulnerabilities to have arbitrary attacker supplied instructions executed in the context of the vulnerable utility.

These vulnerabilities are reported to affect Atari800 1.3.1 and previous other versions might also be affected. It is reported that this application is installed setuid superuser when it is compiled to utilize SVGALIB.

This issue may be related to BID 8322.

- 漏洞利用

The following exploit is available:

- 解决方案

It is reported that these vulnerabilities are addressed in Atari800 version 1.3.3. This is not confirmed; customers are advised to contact the vendor for further details in regard to obtaining and applying appropriate updates.

The vendor reports that the vulnerability described in 'log.c' is fixed in versions after 2003-11-13, and that they are currently looking into the issue in 'rt-config.c'.

Debian has released an advisory (DSA 609-1) with fixes to address these issues. Please see the referenced advisory for more information.


Atari800 Atari800 1.2.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站