CVE-2004-1287
CVSS10.0
发布时间 :2005-01-10 00:00:00
修订时间 :2010-08-21 00:22:09
NMCOS    

[原文]Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.


[CNNVD]NASM preproc.c 缓冲区溢出漏洞(CNNVD-200501-126)

        NASM是一个开源的80x86汇编器。
        NASM 0.98.38 1.2中preproc.c的error函数存在缓冲区溢出漏洞。
        攻击者可利用此漏洞,通过特别构造的asm文件,执行任意代码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11299Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1287
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1287
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-126
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/18540
(UNKNOWN)  XF  nasm-preprocc-bo(18540)
http://www.redhat.com/support/errata/RHSA-2005-381.html
(UNKNOWN)  REDHAT  RHSA-2005:381
http://tigger.uic.edu/~jlongs2/holes/nasm.txt
(VENDOR_ADVISORY)  MISC  http://tigger.uic.edu/~jlongs2/holes/nasm.txt

- 漏洞信息

NASM preproc.c 缓冲区溢出漏洞
危急 缓冲区溢出
2005-01-10 00:00:00 2005-10-28 00:00:00
远程  
        NASM是一个开源的80x86汇编器。
        NASM 0.98.38 1.2中preproc.c的error函数存在缓冲区溢出漏洞。
        攻击者可利用此漏洞,通过特别构造的asm文件,执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.nasm.us/pub/nasm/releasebuilds/?C=M;O=D

- 漏洞信息

12446
NASM error() Function ASM File Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-12-16 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

NASM Error Preprocessor Directive Buffer Overflow Vulnerability
Boundary Condition Error 11991
Yes No
2004-12-15 12:00:00 2009-07-12 09:26:00
Discovery is credited to Jonathan Rockway.

- 受影响的程序版本

Turbolinux Turbolinux Server 10.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Home
SGI ProPack 3.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
NASM NASM 0.98.38
+ Gentoo Linux 1.4
+ Gentoo Linux
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ Red Hat Fedora Core3
NASM NASM 0.98.34
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 8.0
NASM NASM 0.98.28
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0

- 漏洞讨论

NASM is prone to a buffer overflow. This condition is exposed when the application attempts to assemble a source file that contains malformed '%error' preprocessor directive arguments. Since the source file may originate from an external or untrusted source, this vulnerability is considered remote in nature.

Successful exploitation will permit arbitrary code execution with the privileges of the user running the application.

- 漏洞利用

The following example exploit has been published:

- 解决方案

SGI has released an advisory 20050502-01-U including updated SGI ProPack 3 Service Pack 5 packages to address this BID and other issues. Please see the referenced advisory for more information.

Fedora advisory FEDORA-2005-322 for Fedora Core 3 is available to address this issue. Fixes may be installed using the Red Hat Update Agent; this can be accomplished using the 'up2date' command. Please see the referenced advisory for more information.

Turbolinux has released a security announcement (TLSA- 24022005) and fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Gentoo Linux has released an advisory (GLSA 200412-20) dealing with this issue. All NASM users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/nasm-0.98.38-r1"

For more information, please see the referenced Gentoo Linux advisory.

Ubuntu has released an advisory USN-45-1 to address this issue. Please see the referenced advisory for more information.

Debian has released advisory DSA 623-1 to address this issue. Please see the attached advisory for further information on obtaining and applying fixes.

Mandrake has released advisory MDKSA-2005:004 to address this issue. Please see the attached advisory for details on obtaining and appying fixes.

RedHat has released advisory RHSA-2005:381-06 to address this issue. Please see the attached advisory for details on obtaining and appying fixes.


NASM NASM 0.98.28

NASM NASM 0.98.34

NASM NASM 0.98.38

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站