发布时间 :2005-05-02 00:00:00
修订时间 :2008-09-05 16:45:14

[原文]Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.


        XView library 3.2存在多个缓冲区溢出,本地用户可能可以借此通过使用该库的setid应用程序来执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  XF  xview-xvparseone-bo(19271)

- 漏洞信息

高危 缓冲区溢出
2005-05-02 00:00:00 2005-10-20 00:00:00
        XView library 3.2存在多个缓冲区溢出,本地用户可能可以借此通过使用该库的setid应用程序来执行任意代码。

- 公告与补丁

        xview xview 3.2 p1.4
        Debian olvwm_4.4.3.2p1.4-16woody2_alpha.deb
        Debian GNU/Linux 3.0 alias woody -16woody2_alpha.deb
        Debian olvwm_4.4.3.2p1.4-16woody2_arm.deb
        Debian GNU/Linux 3.0 alias woody -16woody2_arm.deb
        Debian olvwm_4.4.3.2p1.4-16woody2_hppa.deb
        Debian GNU/Linux 3.0 alias woody -16woody2_hppa.deb
        Debian olvwm_4.4.3.2p1.4-16woody2_i386.deb
        Debian GNU/Linux 3.0 alias woody -16woody2_i386.deb
        Debian olvwm_4.4.3.2p1.4-16woody2_ia64.deb
        Debian GNU/Linux 3.0 alias woody -16woody2_ia64.deb
        Debian olvwm_4.4.3.2p1.4-16woody2_m68k.deb
        Debian GNU/Linux 3.0 alias woody -16woody2_m68k.deb
        Debian olvwm_4.4.3.2p1.4-16woody2_mips.deb
        Debian GNU/Linux 3.0 alias woody -16woody2_mips.deb
        Debian olvwm_4.4.3.2p1.4-16woody2_mipsel.deb
        Debian GNU/Linux 3.0 alias woody -16woody2_mipsel.deb
        Debian olvwm_4.4.3.2p1.4-16woody2_powerpc.deb
        Debian GNU/Linux 3.0 alias woody -16woody2_powerpc.deb
        Debian olvwm_4.4.3.2p1.4-16woody2_s390.deb
        Debian GNU/Linux 3.0 alias woody -16woody2_s390.deb
        Debian olvwm_4.4.3.2p1.4-16woody2_sparc.deb
        Debian GNU/Linux 3.0 alias woody -16woody2_sparc.deb
        Debian olwm_3.2p1.4-16woody2_alpha.deb
        Debian GNU/Linux 3.0 alias woody ody2_alpha.deb
        Debian olwm_3.2p1.4-16woody2_arm.deb
        Debian GNU/Linux 3.0 alias woody ody2_arm.deb
        Debian olwm_3.2p1.4-16woody2_hppa.deb
        Debian GNU/Linux 3.0 alias woody ody2_hppa.deb
        Debian olwm_3.2p1.4-16woody2_i386.deb
        Debian GNU/Linux 3.0 alias woody ody2_i386.deb
        Debian olwm_3.2p1.4-16woody2_ia64.deb
        Debian GNU/Linux 3.0 alias woody ody2_ia64.deb
        Debian olwm_3.2p1.4-16woody2_m68k.deb
        Debian GNU/Linux 3.0 alias woody ody2_m68k.deb
        Debian olwm_3.2p1.4-16woody2_mips.deb
        Debian GNU/Linux 3.0 alias woody ody2_mips.deb
        Debian olwm_3.2p1.4-16woody2_mipsel.deb
        Debian GNU/Linux 3.0 alias woody ody2_mipsel.deb
        Debian olwm_3.2p1.4-16woody2_powerpc.deb
        Debian GNU/Linux 3.0 alias woody ody2_powerpc.deb
        Debian olwm_3.2p1.4-16woody2_s390.deb
        Debian GNU/Linux 3.0 alias woody ody2_s390.deb
        Debian olwm_3.2p1.4-16woody2_sparc.deb
        Debian GNU/Linux 3.0 alias woody ody2_sparc.deb
        Debian xview-clients_3.2p1.4-16woody2_alpha.deb
        Debian GNU/Linux 3.0 alias woody p1.4-16woody2_alpha.deb
        Debian xview-clients_3.2p1.4-16woody2_arm.deb
        Debian GNU/Linux 3.0 alias woody p1.4-16woody2_arm.deb
        Debian xview-clients_3.2p1.4-16woody2_hppa.deb
        Debian G

- 漏洞信息 (F36133)

dsa-672.txt (PacketStormID:F36133)
2005-02-23 00:00:00

Debian Security Advisory 672-1 - It was discovered that programs linked against xview are vulnerable to a number of buffer overflows in the XView library. When the overflow is triggered in a program which is installed setuid root a malicious user could perhaps execute arbitrary code as privileged user.

Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 672-1                                        Martin Schulze
February 9th, 2005            
- --------------------------------------------------------------------------

Package        : xview
Vulnerability  : buffer overflows
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-0076

Erik Sj    

- 漏洞信息

XView xv_parse_one() Local Overflow
Local Access Required Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A local overflow exists in xview. xview fails to verify the boundary in the xv_parse_one() function in xv_parser.c resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code with privileges via a setuid application linked against the library resulting in a loss of integrity.

- 时间线

2005-02-10 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 3.2p1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

XView Multiple Unspecified Local Buffer Overflow Vulnerabilities
Boundary Condition Error 12500
No Yes
2005-02-09 12:00:00 2009-07-12 10:06:00
Discovery is credited to Erik Sj lund.

- 受影响的程序版本

xview xview 3.2 p1.4
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0

- 漏洞讨论

It is reported that a number of unspecified buffer overflow vulnerabilities exist in the xview library. These issues could allow a local user to execute arbitrary code via linked executables that are installed with setuid privileges.

Debian has identified these issues in xview-3.2p1.4. Other versions affecting various platforms may be vulnerable as well.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: <>.

- 解决方案

Debian has released advisory DSA 672-1 to address this issue. Please see the referenced advisory for more information.

xview xview 3.2 p1.4

- 相关参考