CVE-2004-1264
CVSS10.0
发布时间 :2005-01-10 00:00:00
修订时间 :2008-09-10 15:29:43
NMCOPS    

[原文]Buffer overflow in the simplify_path function in config.c for ChBg 1.5 allows remote attackers to execute arbitrary code via a crafted chbg scenario file.


[CNNVD]ChBg config.c 缓冲区溢出(CNNVD-200501-059)

        ChBg是一个桌面背景管理器软件。
        ChBg 1.5的config.c当中的simplify_path函数存在缓冲区溢出漏洞。
        远程攻击者可以利用一个特制的scenario文件执行任意代码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1264
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1264
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-059
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/18595
(UNKNOWN)  XF  chbg-simplifypath-bo(18595)
http://www.debian.org/security/2005/dsa-644
(UNKNOWN)  DEBIAN  DSA-644
http://tigger.uic.edu/~jlongs2/holes/chbg.txt
(VENDOR_ADVISORY)  MISC  http://tigger.uic.edu/~jlongs2/holes/chbg.txt
http://www.mandriva.com/security/advisories?name=MDKSA-2005:027
(UNKNOWN)  MANDRAKE  MDKSA-2005:027

- 漏洞信息

ChBg config.c 缓冲区溢出
危急 缓冲区溢出
2005-01-10 00:00:00 2005-10-20 00:00:00
远程  
        ChBg是一个桌面背景管理器软件。
        ChBg 1.5的config.c当中的simplify_path函数存在缓冲区溢出漏洞。
        远程攻击者可以利用一个特制的scenario文件执行任意代码。

- 公告与补丁

        目前厂商还没有提供此漏洞的相关补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://sourceforge.net/projects/chbg/

- 漏洞信息 (F35806)

dsa-644.txt (PacketStormID:F35806)
2005-01-19 00:00:00
 
advisory,overflow,arbitrary
linux,debian
CVE-2004-1264
[点击下载]

Debian Security Advisory 644-1 - Danny Lungstrom discoverd a vulnerability in chbg, a tool to change background pictures. A maliciously crafted configuration/scenario file could overflow a buffer and lead to the execution of arbitrary code on the victim's machine.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 644-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
January 18th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : chbg
Vulnerability  : buffer overflow
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2004-1264
Debian Bug     : 285904

Danny Lungstrom discoverd a vulnerability in chbg, a tool to change
background pictures.  A maliciously crafted configuration/scenario
file could overflow a buffer and lead to the execution of arbitrary
code on the victim's machine.

For the stable distribution (woody) this problem has been fixed in
version 1.5-1woody1.

For the unstable distribution (sid) this problem has been fixed in
version 1.5-4.

We recommend that you upgrade your chbg package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1.dsc
      Size/MD5 checksum:      600 3cb28b61fb97dca63f09a486dae5612f
    http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1.diff.gz
      Size/MD5 checksum:     3612 08098cf0fec406380e968186766de027
    http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5.orig.tar.gz
      Size/MD5 checksum:   322878 4a158c94c25b359c86da1de9ef3e986b

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_alpha.deb
      Size/MD5 checksum:   294456 afd6ce377d43c0df909d955e04c328cd

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_arm.deb
      Size/MD5 checksum:   247338 878c528ab81decd999503ad47557fc4a

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_i386.deb
      Size/MD5 checksum:   244862 d3a09b86dfc44164c541cda2eb66ce66

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_ia64.deb
      Size/MD5 checksum:   345228 e4b9ae6b9da9c34d5a930727bdfc1a44

  HP Precision architecture:

    Cannot be updated due to compiler error.

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_m68k.deb
      Size/MD5 checksum:   222916 7dce4c0b3ae27f624ee472bd153d5c66

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_mips.deb
      Size/MD5 checksum:   249054 66402b53b158bfa0b2144b6b97b1d794

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_mipsel.deb
      Size/MD5 checksum:   247536 769f5074ad1f4b148191d0e196d01778

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_powerpc.deb
      Size/MD5 checksum:   271272 f6b03b2a05de42ee203d7d9cbfe7c468

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_s390.deb
      Size/MD5 checksum:   239098 f20c7b0e36ecfc4540d3673f4ec477dd

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/chbg/chbg_1.5-1woody1_sparc.deb
      Size/MD5 checksum:   263302 28df5318e314bbaf79493b485aa6cffa


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB7NmrW5ql+IAeqTIRAmUEAKCLSpd0/8eiiFhfymdRCV70pS6p9QCfUIfW
JmmWy3Pi87ZjfreLomQQIls=
=WpPd
-----END PGP SIGNATURE-----

    

- 漏洞信息

12436
ChBg config.c simplify_path() Function Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-12-16 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

ChBg Scenario File Overflow Vulnerability
Boundary Condition Error 11957
Yes No
2004-12-15 12:00:00 2009-07-12 09:26:00
Discovery is credited to Danny Lungstrom.

- 受影响的程序版本

ChBg ChBg 1.5.8
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
ChBg ChBg 1.5
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0

- 漏洞讨论

ChBg is reported prone to a remote buffer overflow vulnerability. This issue arises because the application fails to carry out proper boundary checks before copying user-supplied data in to sensitive process buffers. It is reported that this issue can allow an attacker to gain superuser privileges on a vulnerable computer.

An attacker can exploit this issue by crafting a malicious scenario file. A scenario is a file containing a list of pictures to display.

If a user obtains this file and processes it through ChBg, the attacker-supplied instructions may be executed on the vulnerable computer.

ChBg 1.5 is reported prone to this vulnerability. It is likely that other versions are affected as well.

- 漏洞利用

A proof of concept file is available:

- 解决方案

Debian has released an advisory DSA 644-1 to address this issue. Please see the referenced advisory for more information.

Mandrake Linux has made an advisory available (MDKSA-2005:027) dealing with this issue. Please see the referenced advisory for more information.


ChBg ChBg 1.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站