CVE-2005-1121
CVSS5.0
发布时间 :2005-05-02 00:00:00
修订时间 :2008-09-05 16:48:16
NMCOPS    

[原文]Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL.


[CNNVD]Oops! Proxy Server Auth远程格式化字符串漏洞(CNNVD-200505-171)

        Oops! Proxy Server 1.5.23以及较早版本的lib.c包含的my_xlog函数中存在格式化字符串漏洞,当被passwd_mysql和passwd_pgsql模块的auth函数调用时,可能允许攻击者通过URL执行任意代码。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:igor_khasilev:oops_proxy_server:1.5.19
cpe:/o:gentoo:linuxGentoo Linux
cpe:/a:igor_khasilev:oops_proxy_server:1.4.22
cpe:/a:igor_khasilev:oops_proxy_server:1.5.53

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1121
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1121
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-171
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/13172
(PATCH)  BID  13172
http://www.debian.org/security/2005/dsa-726
(VENDOR_ADVISORY)  DEBIAN  DSA-726
http://security.gentoo.org/glsa/glsa-200505-02.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200505-02
http://rst.void.ru/papers/advisory24.txt
(VENDOR_ADVISORY)  MISC  http://rst.void.ru/papers/advisory24.txt
http://xforce.iss.net/xforce/xfdb/20191
(UNKNOWN)  XF  oops-format-string(20191)

- 漏洞信息

Oops! Proxy Server Auth远程格式化字符串漏洞
中危 格式化字符串
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        Oops! Proxy Server 1.5.23以及较早版本的lib.c包含的my_xlog函数中存在格式化字符串漏洞,当被passwd_mysql和passwd_pgsql模块的auth函数调用时,可能允许攻击者通过URL执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://security.debian.org/pool/updates/main/o/oops/oops_1.5.19.cvs.20010818-0.1woody1_alpha.deb

- 漏洞信息 (F38409)

Gentoo Linux Security Advisory 200505-2 (PacketStormID:F38409)
2005-07-02 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-1121
[点击下载]

Gentoo Linux Security Advisory GLSA 200505-02 - A format string flaw has been detected in the my_xlog() function of the Oops! proxy, which is called by the passwd_mysql and passwd_pgsql module's auth() functions. Versions less than 1.5.24_pre20050503 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200505-02
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: Oops!: Remote code execution
      Date: May 05, 2005
      Bugs: #91303
        ID: 200505-02

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

The Oops! proxy server contains a remotely exploitable format string
vulnerability, which could potentially lead to the execution of
arbitrary code.

Background
==========

Oops! is an advanced, multithreaded caching web proxy.

Affected packages
=================

    -------------------------------------------------------------------
     Package         /       Vulnerable       /             Unaffected
    -------------------------------------------------------------------
  1  net-proxy/oops     < 1.5.24_pre20050503     >= 1.5.24_pre20050503

Description
===========

A format string flaw has been detected in the my_xlog() function of the
Oops! proxy, which is called by the passwd_mysql and passwd_pgsql
module's auth() functions.

Impact
======

A remote attacker could send a specially crafted HTTP request to the
Oops! proxy, potentially triggering this vulnerability and leading to
the execution of arbitrary code.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Oops! users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-proxy/oops-1.5.24_pre20050503"

References
==========

  [ 1 ] CAN-2005-1121
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1121

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200505-02.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息

16087
Oops! Proxy Server my_xlog auth() Format String
Remote / Network Access, Local / Remote, Context Dependent Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Public

- 漏洞描述

A remote overflow exists in Oops! proxy server. The proxy server fails to properly format log messages resulting in a format string overflow. With a specially crafted request, an attacker can cause the server to crash resulting in a loss of availability.

- 时间线

2005-04-14 Unknow
2005-04-14 Unknow

- 解决方案

Gentoo users should upgrade to version 1.5.24_pre20050503 or higher, as it has been reported to fix this vulnerability. # emerge --sync # emerge --ask --oneshot --verbose ">=net-proxy/oops-1.5.24_pre20050503" Other users may upgrade to the current version in CVS from the vendor's web site or apply the vendor-provided patch.

- 相关参考

- 漏洞作者

- 漏洞信息

Oops! Proxy Server Auth Remote Format String Vulnerability
Input Validation Error 13172
Yes No
2005-04-14 12:00:00 2009-07-12 12:56:00
Discovery of this issue is credited to GHC team <foster@ghc.ru>.

- 受影响的程序版本

Igor Khasilev Oops Proxy Server 1.5.53
Igor Khasilev Oops Proxy Server 1.5.19
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Igor Khasilev Oops Proxy Server 1.4.22
- Debian Linux 2.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 3.5.1
- Mandriva Linux Mandrake 7.2
- RedHat Linux 7.0
- S.u.S.E. Linux 7.0
- Sun Solaris 8_sparc
Gentoo Linux

- 漏洞讨论

Oops! Proxy Server is prone to a remote format string vulnerability. This issue presents itself because the application fails to properly sanitize user-supplied input prior to passing it as the format specifier to a formatted printing function.

A successful attack may result in crashing the server or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context the server.

Oops! versions prior to and including version 1.5.53 are reported prone to this issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Gentoo has released an advisory (GLSA 200505-02) and an updated eBuild to address this issue. Gentoo users may apply updates by issuing the following series of commands as a superuser:
emerge --sync
emerge --ask --oneshot --verbose ">=net-proxy/oops-1.5.24_pre20050503"

Debian has released advisory DSA 726-1 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.


Igor Khasilev Oops Proxy Server 1.5.19

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站