CVE-2004-1094
CVSS10.0
发布时间 :2005-01-10 00:00:00
修订时间 :2016-10-17 22:51:18
NMCOS    

[原文]Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.


[CNNVD]InnerMedia DUNZIP32.dll 栈溢出漏洞(CNNVD-200501-184)

        DUNZIP32.dll是一个较流行的压缩库。
        InnerMedia DynaZip DUNZIP32.dll 5.00.03及之前版本中存在缓冲区溢出漏洞。
        由于在解压包含有超长文件名的zip文件时存在溢出,攻击者可利用此漏洞执行任意代码。多个使用DUNZIP32.dll的软件均受此影响,包括Realplayer、RealOne、CheckMark Multiledger、McAfee及IBM Lotus Notes。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:checkmark:checkmark_payroll:3.9.1
cpe:/a:checkmark:multiledger:7.0.0
cpe:/a:checkmark:checkmark_payroll:3.9.6
cpe:/a:checkmark:checkmark_payroll:3.9.4
cpe:/a:checkmark:checkmark_payroll:3.9.5
cpe:/a:realnetworks:realplayer:10.5RealNetworks RealPlayer 10.5
cpe:/a:realnetworks:realplayer:10.5_6.0.12.1016_beta
cpe:/a:innermedia:dynazip_library:5.00.03
cpe:/a:realnetworks:realone_player:1.0
cpe:/a:realnetworks:realplayer:10.0RealNetworks RealPlayer 10.0
cpe:/a:innermedia:dynazip_library:5.00.02
cpe:/a:innermedia:dynazip_library:5.00.00
cpe:/a:checkmark:multiledger:6.0.5
cpe:/a:realnetworks:realone_player:2.0
cpe:/a:realnetworks:realplayer:10.0_beta
cpe:/a:realnetworks:realplayer:10.0_6.0.12.690
cpe:/a:checkmark:multiledger:6.0.3
cpe:/a:realnetworks:realplayer:10.5_6.0.12.1053
cpe:/a:innermedia:dynazip_library:5.00.01
cpe:/a:realnetworks:realplayer:10.5_6.0.12.1040
cpe:/a:checkmark:multiledger:7.0.1
cpe:/a:checkmark:checkmark_payroll:3.9.2
cpe:/a:checkmark:checkmark_payroll:3.7.5
cpe:/a:checkmark:checkmark_payroll:3.9.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1094
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1094
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-184
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/fulldisclosure/2004-10/1044.html
(UNKNOWN)  BUGTRAQ  20041027 EEYE: RealPlayer Zipped Skin File Buffer Overflow
http://marc.info/?l=bugtraq&m=109894226007607&w=2
(UNKNOWN)  BUGTRAQ  20041027 High Risk Vulnerability in RealPlayer
http://securityreason.com/securityalert/296
(UNKNOWN)  SREASON  296
http://securityreason.com/securityalert/653
(UNKNOWN)  SREASON  653
http://securitytracker.com/id?1011944
(UNKNOWN)  SECTRACK  1011944
http://securitytracker.com/id?1012297
(UNKNOWN)  SECTRACK  1012297
http://securitytracker.com/id?1016817
(UNKNOWN)  SECTRACK  1016817
http://service.real.com/help/faq/security/041026_player/EN/
(UNKNOWN)  CONFIRM  http://service.real.com/help/faq/security/041026_player/EN/
http://www.kb.cert.org/vuls/id/582498
(VENDOR_ADVISORY)  CERT-VN  VU#582498
http://www.networksecurity.fi/advisories/dtsearch.html
(VENDOR_ADVISORY)  MISC  http://www.networksecurity.fi/advisories/dtsearch.html
http://www.networksecurity.fi/advisories/lotus-notes.html
(UNKNOWN)  MISC  http://www.networksecurity.fi/advisories/lotus-notes.html
http://www.networksecurity.fi/advisories/mcafee-virusscan.html
(UNKNOWN)  MISC  http://www.networksecurity.fi/advisories/mcafee-virusscan.html
http://www.networksecurity.fi/advisories/multiledger.html
(UNKNOWN)  MISC  http://www.networksecurity.fi/advisories/multiledger.html
http://www.networksecurity.fi/advisories/payroll.html
(UNKNOWN)  MISC  http://www.networksecurity.fi/advisories/payroll.html
http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html
(UNKNOWN)  MISC  http://www.securiteam.com/windowsntfocus/6Z00W00EAM.html
http://www.securityfocus.com/archive/1/archive/1/420274/100/0/threaded
(UNKNOWN)  BUGTRAQ  20051223 dtSearch DUNZIP32.dll Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/1/archive/1/429361/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060330 McAfee VirusScan DUNZIP32.dll Buffer Overflow Vulnerability
http://www.securityfocus.com/archive/1/archive/1/445369/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060906 IBM Lotus Notes DUNZIP32.dll Buffer Overflow Vulnerability
http://www.securityfocus.com/bid/11555
(VENDOR_ADVISORY)  BID  11555
http://www.vupen.com/english/advisories/2005/2057
(UNKNOWN)  VUPEN  ADV-2005-2057
http://www.vupen.com/english/advisories/2006/1176
(UNKNOWN)  VUPEN  ADV-2006-1176
http://xforce.iss.net/xforce/xfdb/17879
(VENDOR_ADVISORY)  XF  realplayer-dunzip32-bo(17879)
http://xforce.iss.net/xforce/xfdb/22737
(UNKNOWN)  XF  payroll-dunzip32-bo(22737)

- 漏洞信息

InnerMedia DUNZIP32.dll 栈溢出漏洞
危急 缓冲区溢出
2005-01-10 00:00:00 2006-10-06 00:00:00
远程  
        DUNZIP32.dll是一个较流行的压缩库。
        InnerMedia DynaZip DUNZIP32.dll 5.00.03及之前版本中存在缓冲区溢出漏洞。
        由于在解压包含有超长文件名的zip文件时存在溢出,攻击者可利用此漏洞执行任意代码。多个使用DUNZIP32.dll的软件均受此影响,包括Realplayer、RealOne、CheckMark Multiledger、McAfee及IBM Lotus Notes。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.innermedia.com/

- 漏洞信息

19906
InnerMedia DynaZip DUNZIP32.dll Filename Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown Vendor Verified

- 漏洞描述

A remote overflow exists in InnerMedia's DynaZip as used in multiple products. The 'DUNZIP32.DLL' library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted '.zip' file containing a file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2004-10-27 Unknow
Unknow 2004-10-27

- 解决方案

Contact your vendor for an appropriate upgrade. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

InnerMedia DynaZip Remote Stack Based Buffer Overflow Vulnerability
Boundary Condition Error 11555
Yes No
2004-10-27 12:00:00 2006-09-07 09:23:00
Discovery of this vulnerability is credited to Yuji Ukai of eEye Digital Security and John Heasman of NGSSoftware. Juha-Matti Laurio of Networksecurity.fi discovered this issue in CheckMark Payroll and IBM Lotus Notes.

- 受影响的程序版本

Real Networks RealPlayer 10.5 v6.0.12.1056
Real Networks RealPlayer 10.5 v6.0.12.1053
Real Networks RealPlayer 10.5 v6.0.12.1040
Real Networks RealPlayer 10.5 Beta v6.0.12.1016
Real Networks RealPlayer 10.5
Real Networks RealPlayer 10.0 BETA
Real Networks RealPlayer 10.0 v6.0.12.690
Real Networks RealPlayer 10.0
+ S.u.S.E. cvsup-16.1h-43.i586.rpm
+ S.u.S.E. Linux Personal 9.3
+ S.u.S.E. Linux Personal 9.2
Real Networks RealOne Player 2.0
Real Networks RealOne Player 1.0
McAfee VirusScan 10.0.21
McAfee SecurityCenter Agent 6.0 .16
InnerMedia DynaZip Library 3.0 .0.14
InnerMedia DynaZip Library 5.00.03
InnerMedia DynaZip Library 5.00.02
InnerMedia DynaZip Library 5.00.01
InnerMedia DynaZip Library 5.00.00
IBM Lotus Notes 6.5.4
IBM Lotus Notes 6.5.3
IBM Lotus Notes 6.5.2
IBM Lotus Notes 6.5.1
IBM Lotus Notes 6.5
dtSearch Corp dtSearch with Spider 7.10 Build 7045
dtSearch Corp dtSearch with Spider
dtSearch Corp dtSearch 6.5 Build 6608
dtSearch Corp dtSearch 5.25
CheckMark Software Inc. MultiLedger 7.0
CheckMark Software Inc. MultiLedger 6.0.3
CheckMark Software Inc. CheckMark Payroll 3.9.6
CheckMark Software Inc. CheckMark Payroll 3.9.5
CheckMark Software Inc. CheckMark Payroll 3.9.4
CheckMark Software Inc. CheckMark Payroll 3.9.3
CheckMark Software Inc. CheckMark Payroll 3.9.2
CheckMark Software Inc. CheckMark Payroll 3.9.1
Real Networks RealPlayer 10.5 v6.0.12.1056
InnerMedia DynaZip Library 5.00.04
IBM Lotus Notes 6.5.5
IBM Lotus Notes 7.0
dtSearch Corp dtSearch with Spider 7.20 Build 7136
CheckMark Software Inc. MultiLedger 7.0.2
CheckMark Software Inc. CheckMark Payroll 3.9.7

- 不受影响的程序版本

Real Networks RealPlayer 10.5 v6.0.12.1056
InnerMedia DynaZip Library 5.00.04
IBM Lotus Notes 6.5.5
IBM Lotus Notes 7.0
dtSearch Corp dtSearch with Spider 7.20 Build 7136
CheckMark Software Inc. MultiLedger 7.0.2
CheckMark Software Inc. CheckMark Payroll 3.9.7

- 漏洞讨论

DynaZip is susceptible to a stack-based buffer-overflow vulnerability. This issue is due to the library's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

A remote attacker may exploit this vulnerability to execute arbitrary instructions in the context of an application that uses the affected library.

The following applications are known to include vulnerable versions of the affected library:

- RealPlayer for Microsoft Windows
- RealOne Player for Microsoft Windows
- CheckMark Payroll 2004/2005.

Other applications also likely include the vulnerable library.

- 漏洞利用

The discoverer of this vulnerability has developed an exploit, which is not believed to be in public circulation.

- 解决方案

Please see the references for more information and fixes by vendors.


CheckMark Software Inc. CheckMark Payroll 3.9.1

CheckMark Software Inc. CheckMark Payroll 3.9.2

CheckMark Software Inc. CheckMark Payroll 3.9.3

CheckMark Software Inc. CheckMark Payroll 3.9.4

CheckMark Software Inc. CheckMark Payroll 3.9.5

CheckMark Software Inc. CheckMark Payroll 3.9.6

CheckMark Software Inc. MultiLedger 7.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站