CVE-2005-0667
CVSS5.1
发布时间 :2005-03-07 00:00:00
修订时间 :2008-09-05 16:46:57
NMCOPS    

[原文]Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.


[CNNVD]Sylpheed 邮件客户端 缓冲区溢出漏洞(CNNVD-200503-066)

        Sylpheed 1.0.3之前版本及1.9.5之前的其他版本中存在缓冲区溢出,远程攻击者可以通过带有特定标头的电子邮件信息执行任意代码,这些标头含有用户回复信息时未正确处理的非ASCII字符。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:redhat:enterprise_linux:2.1::workstation_ia64
cpe:/a:sylpheed:sylpheed:0.8.11
cpe:/o:redhat:enterprise_linux:2.1::advanced_server
cpe:/a:sylpheed:sylpheed:1.0.0
cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor
cpe:/o:redhat:fedora_core:core_3.0
cpe:/o:gentoo:linuxGentoo Linux
cpe:/a:sylpheed:sylpheed:0.9.99
cpe:/a:sylpheed:sylpheed:1.0.1
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server
cpe:/a:sylpheed:sylpheed:0.9.5
cpe:/o:altlinux:alt_linux:2.3::compact
cpe:/o:redhat:linux_advanced_workstation:2.1::ia64
cpe:/o:altlinux:alt_linux:2.3::junior
cpe:/o:redhat:enterprise_linux:2.1::advanced_server_ia64
cpe:/a:sylpheed:sylpheed:1.0.2
cpe:/o:redhat:enterprise_linux:2.1::workstation
cpe:/o:redhat:enterprise_linux:2.1::enterprise_server_ia64
cpe:/a:sylpheed:sylpheed:0.9.9
cpe:/a:sylpheed:sylpheed:0.9.7
cpe:/a:sylpheed:sylpheed:0.9.6
cpe:/a:sylpheed:sylpheed:0.9.11
cpe:/a:sylpheed:sylpheed:0.9.4
cpe:/a:sylpheed:sylpheed:0.9.10
cpe:/a:sylpheed-claws:sylpheed-claws:1.0.2
cpe:/a:sylpheed:sylpheed:0.9.8
cpe:/a:sylpheed:sylpheed:0.9.12

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0667
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0667
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200503-066
(官方数据源) CNNVD

- 其它链接及资源

http://www.redhat.com/support/errata/RHSA-2005-303.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:303
http://www.gentoo.org/security/en/glsa/glsa-200503-26.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200503-26
http://sylpheed.good-day.net/changelog.html.en
(VENDOR_ADVISORY)  CONFIRM  http://sylpheed.good-day.net/changelog.html.en
http://sylpheed.good-day.net/changelog-devel.html.en
(VENDOR_ADVISORY)  CONFIRM  http://sylpheed.good-day.net/changelog-devel.html.en
http://secunia.com/advisories/14491
(VENDOR_ADVISORY)  SECUNIA  14491
http://securitytracker.com/id?1013376
(VENDOR_ADVISORY)  SECTRACK  1013376

- 漏洞信息

Sylpheed 邮件客户端 缓冲区溢出漏洞
中危 缓冲区溢出
2005-03-07 00:00:00 2006-09-22 00:00:00
远程  
        Sylpheed 1.0.3之前版本及1.9.5之前的其他版本中存在缓冲区溢出,远程攻击者可以通过带有特定标头的电子邮件信息执行任意代码,这些标头含有用户回复信息时未正确处理的非ASCII字符。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Sylpheed Sylpheed 0.8.11
        Sylpheed sylpheed-1.0.3.tar.gz
        http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.3.tar.gz
        Sylpheed Sylpheed 0.9.10
        Sylpheed sylpheed-1.0.3.tar.gz
        http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.3.tar.gz
        Sylpheed Sylpheed 0.9.11
        Sylpheed sylpheed-1.0.3.tar.gz
        http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.3.tar.gz
        Sylpheed Sylpheed 0.9.12
        Fedora sylpheed-1.0.3-0.FC3.i386.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora sylpheed-1.0.3-0.FC3.x86_64.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Fedora sylpheed-debuginfo-1.0.3-0.FC3.i386.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/<
        Fedora sylpheed-debuginfo-1.0.3-0.FC3.x86_64.rpm
        RedHat Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        Sylpheed sylpheed-1.0.3.tar.gz
        http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.3.tar.gz
        Sylpheed Sylpheed 0.9.4
        Sylpheed sylpheed-1.0.3.tar.gz
        http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.3.tar.gz
        Sylpheed Sylpheed 0.9.5
        Sylpheed sylpheed-1.0.3.tar.gz
        http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.3.tar.gz
        Sylpheed Sylpheed 0.9.6
        Sylpheed sylpheed-1.0.3.tar.gz
        http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.3.tar.gz
        Sylpheed Sylpheed 0.9.7
        Sylpheed sylpheed-1.0.3.tar.gz
        http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.3.tar.gz
        Sylpheed Sylpheed 0.9.8
        Sylpheed sylpheed-1.0.3.tar.gz
        http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.3.tar.gz
        Sylpheed Sylpheed 0.9.9
        Sylpheed sylpheed-1.0.3.tar.gz
        http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.3.tar.gz
        Sylpheed Sylpheed 0.9.99
        Sylpheed sylpheed-1.0.3.tar.gz
        http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.3.tar.gz
        Sylpheed Sylpheed 1.0 .0
        Sylpheed sylpheed-1.0.3.tar.gz
        http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.3.tar.gz
        Sylpheed Sylpheed 1.0.1
        Sylpheed sylpheed-1.0.3.tar.gz
        http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.3.tar.gz
        Sylpheed Sylpheed 1.0.2
        Sylpheed sylpheed-1.0.3.tar.gz
        http://sylpheed.good-day.net/sylpheed/v1.0/sylpheed-1.0.3.tar.gz

- 漏洞信息 (F36732)

Gentoo Linux Security Advisory 200503-26 (PacketStormID:F36732)
2005-03-22 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-0667
[点击下载]

Gentoo Linux Security Advisory GLSA 200503-26 - Sylpheed and Sylpheed-claws fail to properly handle non-ASCII characters in email headers when composing reply messages. Versions less than 1.0.3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200503-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Sylpheed, Sylpheed-claws: Message reply overflow
      Date: March 20, 2005
      Bugs: #84056
        ID: 200503-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Sylpheed and Sylpheed-claws contain a vulnerability that can be
triggered when replying to specially crafted messages.

Background
==========

Sylpheed is a lightweight email client and newsreader. Sylpheed-claws
is a 'bleeding edge' version of Sylpheed.

Affected packages
=================

    -------------------------------------------------------------------
     Package                     /  Vulnerable  /           Unaffected
    -------------------------------------------------------------------
  1  mail-client/sylpheed             < 1.0.3                 >= 1.0.3
  2  mail-client/sylpheed-claws       < 1.0.3                 >= 1.0.3
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

Sylpheed and Sylpheed-claws fail to properly handle non-ASCII
characters in email headers when composing reply messages.

Impact
======

An attacker can send an email containing a malicious non-ASCII header
which, when replied to, would cause the program to crash, potentially
allowing the execution of arbitrary code with the privileges of the
user running the software.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Sylpheed users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-1.0.3"

All Sylpheed-claws users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=mail-client/sylpheed-claws-1.0.3"

References
==========

  [ 1 ] Sylpheed ChangeLog
        http://sylpheed.good-day.net/#changes
  [ 2 ] CAN-2005-0667
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0667

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200503-26.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息

14570
Sylpheed Message Header Processing Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-03-04 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Sylpheed Mail Client Buffer Overflow Vulnerability
Boundary Condition Error 12730
Yes No
2005-03-04 12:00:00 2009-07-12 10:56:00
The vendor announced this vulnerability.

- 受影响的程序版本

Sylpheed sylpheed-claws 1.0.2
Sylpheed Sylpheed 1.0.2
Sylpheed Sylpheed 1.0.1
Sylpheed Sylpheed 1.0 .0
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Sylpheed Sylpheed 0.9.99
Sylpheed Sylpheed 0.9.12
Sylpheed Sylpheed 0.9.11
Sylpheed Sylpheed 0.9.10
Sylpheed Sylpheed 0.9.9
Sylpheed Sylpheed 0.9.8
Sylpheed Sylpheed 0.9.7
Sylpheed Sylpheed 0.9.6
Sylpheed Sylpheed 0.9.5
Sylpheed Sylpheed 0.9.4
+ S.u.S.E. Linux Personal 9.3
+ S.u.S.E. Linux Personal 9.2 x86_64
+ S.u.S.E. Linux Personal 9.2
+ S.u.S.E. Linux Personal 9.1 x86_64
+ S.u.S.E. Linux Personal 9.1
+ S.u.S.E. Linux Personal 9.0 x86_64
+ S.u.S.E. Linux Personal 9.0
Sylpheed Sylpheed 0.8.11
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Gentoo Linux
ALT Linux ALT Linux Junior 2.3
ALT Linux ALT Linux Compact 2.3
Sylpheed Sylpheed 1.0.4
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
Sylpheed Sylpheed 1.0.3
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4

- 不受影响的程序版本

Sylpheed Sylpheed 1.0.4
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
Sylpheed Sylpheed 1.0.3
+ Gentoo Linux 1.4 _rc3
+ Gentoo Linux 1.4 _rc2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.4

- 漏洞讨论

It is reported that Sylpheed is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds-check user-supplied input data prior to copying it to fixed-size memory buffers.

Attackers may exploit this vulnerability to execute arbitrary machine code in the context of the vulnerable application.

Versions prior to 1.0.3 are reported to be vulnerable.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

The vendor has released version 1.0.3 of Sylpheed to address this issue.

ALT Linux has released updates dealing with this and other issues. Please see the reference section for more information.

Gentoo has released an advisory (GLSA 200503-26) and an updated eBuild to address this vulnerability. Gentoo users that are running the affected software may apply the update by issuing the following sequence of commands as a superuser:
Sylpheed:
emerge --sync
emerge --ask --oneshot --verbose ">=mail-client/sylpheed-1.0.3"

Sylpheed-claws:
emerge --sync
emerge --ask --oneshot --verbose ">=mail-client/sylpheed-claws-1.0.3"

Red Hat has released an advisory (FEDORA-2005-211) and fixes to address this issue in Fedora Core 3. Please see the referenced advisory for further details regarding obtaining and applying an appropriate fix.

Red Hat has released an advisory RHSA-2005:303-05 to address this issue. Please see the referenced advisory for more information.

SuSE Linux has released an advisory (SUSE-SR:2005:011) along with updates dealing with this issue. Please see the referenced advisory for more information.

TurboLinux has released advisory TLSA-2005-44 along with fixes dealing with this issue. Please see the referenced advisory for more information.


Sylpheed Sylpheed 0.8.11

Sylpheed Sylpheed 0.9.10

Sylpheed Sylpheed 0.9.11

Sylpheed Sylpheed 0.9.12

Sylpheed Sylpheed 0.9.4

Sylpheed Sylpheed 0.9.5

Sylpheed Sylpheed 0.9.6

Sylpheed Sylpheed 0.9.7

Sylpheed Sylpheed 0.9.8

Sylpheed Sylpheed 0.9.9

Sylpheed Sylpheed 0.9.99

Sylpheed Sylpheed 1.0 .0

Sylpheed Sylpheed 1.0.1

Sylpheed Sylpheed 1.0.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站