CVE-2005-1127
CVSS5.0
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:17:28
NMCOPS    

[原文]Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.


[CNNVD]Rob Brown Net-Server Perl模块日志函数格式化字符串漏洞(CNNVD-200505-641)

        Net::Server 0.87及更早版本中的log函数存在格式化字符串漏洞,在用于Postfix Greylisting Policy Server (Postgrey) 1.18及更早版本以及可能的其他产品上时,远程攻击者可以通过一个在发送给syslog之前未正确处理的格式化字符串限定符来发起拒绝服务攻击(崩溃)。如使用给Postgrey的发送方地址。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:postgrey:postgrey:1.18
cpe:/a:postgrey:postgrey:1.17
cpe:/a:postgrey:postgrey:1.16

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1127
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1127
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-641
(官方数据源) CNNVD

- 其它链接及资源

http://lists.ee.ethz.ch/postgrey/msg00627.html
(UNKNOWN)  MLIST  [postgrey] 20050414 Problem with crashing postgrey
http://lists.ee.ethz.ch/postgrey/msg00630.html
(UNKNOWN)  MLIST  [postgrey] 20050414 Re: Problem with crashing postgrey
http://lists.ee.ethz.ch/postgrey/msg00647.html
(PATCH)  MLIST  [postgrey] 20050414 ANNOUNCE: Postgrey 1.21 (SECURITY)
http://marc.info/?l=full-disclosure&m=111354538331167&w=2
(UNKNOWN)  FULLDISC  20050415 Use of function "log" in Perl module Net::Server
http://www.debian.org/security/2006/dsa-1121
(UNKNOWN)  DEBIAN  DSA-1121
http://www.debian.org/security/2006/dsa-1122
(UNKNOWN)  DEBIAN  DSA-1122
http://www.gentoo.org/security/en/glsa/glsa-200608-18.xml
(UNKNOWN)  GENTOO  GLSA-200608-18
http://www.mandriva.com/security/advisories?name=MDKSA-2006:131
(UNKNOWN)  MANDRIVA  MDKSA-2006:131
http://www.securityfocus.com/bid/13193
(UNKNOWN)  BID  13193
http://xforce.iss.net/xforce/xfdb/20108
(UNKNOWN)  XF  postgrey-logging-dos(20108)

- 漏洞信息

Rob Brown Net-Server Perl模块日志函数格式化字符串漏洞
中危 格式化字符串
2005-05-02 00:00:00 2005-10-20 00:00:00
远程※本地  
        Net::Server 0.87及更早版本中的log函数存在格式化字符串漏洞,在用于Postfix Greylisting Policy Server (Postgrey) 1.18及更早版本以及可能的其他产品上时,远程攻击者可以通过一个在发送给syslog之前未正确处理的格式化字符串限定符来发起拒绝服务攻击(崩溃)。如使用给Postgrey的发送方地址。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Rob Brown Net-Server 0.85
        Mandriva perl-Net-Server-0.85-3.1.C30mdk.noarch.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads/
        Rob Brown Net-Server 0.87
        Debian libnet-server-perl_0.87-3sarge1_all.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/libn/libnet-server-perl/l ibnet-server-perl_0.87-3sarge1_all.deb
        Postgrey Postgrey 1.16
        Postgrey postgrey-1.21.tar.gz
        http://isg.ee.ethz.ch/tools/postgrey/pub/postgrey-1.21.tar.gz
        Postgrey Postgrey 1.17
        Postgrey postgrey-1.21.tar.gz
        http://isg.ee.ethz.ch/tools/postgrey/pub/postgrey-1.21.tar.gz
        Postgrey Postgrey 1.18
        Postgrey postgrey-1.21.tar.gz
        http://isg.ee.ethz.ch/tools/postgrey/pub/postgrey-1.21.tar.gz
        Postgrey Postgrey 1.21
        Debian postgrey_1.21-1sarge1_all.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/p/postgrey/postgrey_1.21- 1sarge1_all.deb
        

- 漏洞信息 (F48584)

Mandriva Linux Security Advisory 2006.131 (PacketStormID:F48584)
2006-07-26 00:00:00
Mandriva  mandriva.com
advisory,perl
linux,mandriva
CVE-2005-1127
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-131 - Peter Bieringer discovered a flaw in the perl Net::Server module where the "log" function was not safe against format string exploits in version 0.87 and earlier.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:131
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : perl-Net-Server
 Date    : July 25, 2006
 Affected: Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Peter Bieringer discovered a flaw in the perl Net::Server module where
 the "log" function was not safe against format string exploits in
 version 0.87 and earlier.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1127
 _______________________________________________________________________
 
 Updated Packages:
 
 Corporate 3.0:
 33e4382b4ad9bf5a1894298a468895e8  corporate/3.0/RPMS/perl-Net-Server-0.85-3.1.C30mdk.noarch.rpm
 9294cea422b1a149b5a13ad4f8824780  corporate/3.0/SRPMS/perl-Net-Server-0.85-3.1.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 891bb910d688342cf8a9fde373694b70  x86_64/corporate/3.0/RPMS/perl-Net-Server-0.85-3.1.C30mdk.noarch.rpm
 9294cea422b1a149b5a13ad4f8824780  x86_64/corporate/3.0/SRPMS/perl-Net-Server-0.85-3.1.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFExln1mqjQ0CJFipgRAqUdAJwIP9LgzvoCJGwOiuRjuqezD8h50gCg07Vg
hpJ3I8a6FOiUg82/pAASvTE=
=uUzj
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F48558)

Debian Linux Security Advisory 1122-1 (PacketStormID:F48558)
2006-07-26 00:00:00
Debian  debian.org
advisory,perl
linux,debian
CVE-2005-1127
[点击下载]

Debian Security Advisory 1122-1 - Peter Bieringer discovered that the "log" function in the Net::Server Perl module, an extensible, general perl server engine, is not safe against format string exploits.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1122-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 24th, 2005                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : libnet-server-perl
Vulnerability  : format string
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2005-1127
Debian Bug     : 378640

Peter Bieringer discovered that the "log" function in the Net::Server
Perl module, an extensible, general perl server engine, is not safe
against format string exploits.

The old stable distribution (woody) does not contain this package.

For the stable distribution (sarge) this problem has been fixed in
version 0.87-3sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.89-1.

We recommend that you upgrade your libnet-server-perl package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/libn/libnet-server-perl/libnet-server-perl_0.87-3sarge1.dsc
      Size/MD5 checksum:      692 9790e3935bc81150adb54a5d5a3fa692
    http://security.debian.org/pool/updates/main/libn/libnet-server-perl/libnet-server-perl_0.87-3sarge1.diff.gz
      Size/MD5 checksum:     8220 59438319c03603473e174c61009b0d7c
    http://security.debian.org/pool/updates/main/libn/libnet-server-perl/libnet-server-perl_0.87.orig.tar.gz
      Size/MD5 checksum:    69235 0b8553db414dac4c43b9f9282f8e149c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/libn/libnet-server-perl/libnet-server-perl_0.87-3sarge1_all.deb
      Size/MD5 checksum:   126808 5f8a62959bae9000ec8e64a23263d072


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFExOJbW5ql+IAeqTIRAiy2AJ9Xbi7cRq7+VtTl1sZYnzKR5yMdlQCgrwGe
RRVbqy68ksVHqr9tF6vf1ig=
=9BkT
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F48553)

Debian Linux Security Advisory 1121-1 (PacketStormID:F48553)
2006-07-26 00:00:00
Debian  debian.org
advisory,remote
linux,debian
CVE-2005-1127
[点击下载]

Debian Security Advisory 1121-1 - Peter Bieringer discovered that postgrey, an greylisting implementation for Postfix, is vulnerable to a format string attack that allows remote attackers to the daemon.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1121-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 24th, 2006                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : postgrey
Vulnerability  : format string
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2005-1127

Peter Bieringer discovered that postgrey, an greylisting
implementation for Postfix, is vulnerable to a format string attack
that allows remote attackers to the daemon.

For the stable distribution (sarge) this problem has been fixed in
version 1.21-1sarge1.

For the stable distribution (sarge) this problem has also been fixed
in version 1.21-1volatile4 in the volatile archive.

For the unstable distribution (sid) this problem has been fixed in
version 1.22-1.

We recommend that you upgrade your postgrey package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/p/postgrey/postgrey_1.21-1sarge1.dsc
      Size/MD5 checksum:      628 2a0d8c903c9f47b374a9fa871056b5df
    http://security.debian.org/pool/updates/main/p/postgrey/postgrey_1.21-1sarge1.diff.gz
      Size/MD5 checksum:    13354 96eefd0e11745edf1cce5fa833d83396
    http://security.debian.org/pool/updates/main/p/postgrey/postgrey_1.21.orig.tar.gz
      Size/MD5 checksum:    25934 1274e073be5178445e0892a9dcc6fe98

  Architecture independent components:

    http://security.debian.org/pool/updates/main/p/postgrey/postgrey_1.21-1sarge1_all.deb
      Size/MD5 checksum:    41526 43de6a5366b7df928212489a84ec127f


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFExHBPW5ql+IAeqTIRAvR1AJ9QlEU3EkHZ/qMZFR8lGOa2GfqiFgCfQtz2
QHWLKraLGZILLXPCG20Eoq0=
=X3l3
-----END PGP SIGNATURE-----

    

- 漏洞信息

15517
Net::Server Logging Function Format String DoS
Remote / Network Access, Local / Remote, Context Dependent Denial of Service, Input Manipulation
Loss of Integrity, Loss of Availability
Exploit Unknown

- 漏洞描述

Postgrey contains a flaw that may allow a remote denial of service. The issue is due to a format string error in syslog/printf functions. By sending a mail with a specially crafted sender address, an attacker can crash the service, resulting in loss of availability for the platform.

- 时间线

2005-04-14 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.21 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Rob Brown Net-Server Perl Module Logging Function Format String Vulnerability
Input Validation Error 13193
Yes Yes
2005-04-15 12:00:00 2006-09-05 08:28:00
Discovery of the issue in Postgrey is credited to Stefan Schmidt. "Dr. Peter Bieringer" <pbieringer@aerasec.de> discovered the issue in Net-Server along with assistance from David Schweikert and Stefan Schmidt.

- 受影响的程序版本

S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
S.u.S.E. Linux 7.3 sparc
S.u.S.E. Linux 7.3 ppc
S.u.S.E. Linux 7.3 i386
S.u.S.E. Linux 7.3
S.u.S.E. Linux 7.2 i386
S.u.S.E. Linux 7.2
S.u.S.E. Linux 7.1 x86
S.u.S.E. Linux 7.1 sparc
S.u.S.E. Linux 7.1 ppc
S.u.S.E. Linux 7.1 alpha
S.u.S.E. Linux 7.1
S.u.S.E. Linux 7.0 sparc
S.u.S.E. Linux 7.0 ppc
S.u.S.E. Linux 7.0 i386
S.u.S.E. Linux 7.0 alpha
S.u.S.E. Linux 7.0
S.u.S.E. Linux 6.4 ppc
S.u.S.E. Linux 6.4 i386
S.u.S.E. Linux 6.4 alpha
S.u.S.E. Linux 6.4
S.u.S.E. Linux 6.3 ppc
S.u.S.E. Linux 6.3 alpha
S.u.S.E. Linux 6.3
S.u.S.E. Linux 6.2
S.u.S.E. Linux 6.1 alpha
S.u.S.E. Linux 6.1
S.u.S.E. Linux 6.0
S.u.S.E. Linux 5.3
S.u.S.E. Linux 5.2
S.u.S.E. Linux 5.1
S.u.S.E. Linux 5.0
S.u.S.E. Linux 4.4.1
S.u.S.E. Linux 4.4
S.u.S.E. Linux 4.3
S.u.S.E. Linux 4.2
S.u.S.E. Linux 4.0
S.u.S.E. Linux 3.0
S.u.S.E. Linux 2.0
S.u.S.E. Linux 1.0
Rob Brown Net-Server 0.87
Rob Brown Net-Server 0.86
Rob Brown Net-Server 0.85
Rob Brown Net-Server 0.84
Postgrey Postgrey 1.21
+ Rob Brown Net-Server 0.87
Postgrey Postgrey 1.18
+ Rob Brown Net-Server 0.87
Postgrey Postgrey 1.17
+ Rob Brown Net-Server 0.87
Postgrey Postgrey 1.16
+ Rob Brown Net-Server 0.87
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

Net-Server API is prone to a remote format-string vulnerability. The issue resides in the 'log' subroutine of the 'Server.pm' module.

This vulnerability may occur when an application uses the 'log' subroutine of the affected module to handle malicious data passed through a network request.

A successful attack may crash the server or lead to arbitrary code execution. This may facilitate unauthorized access or privilege escalation in the context the server.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Please see the referenced advisories for more information.


Rob Brown Net-Server 0.85

Rob Brown Net-Server 0.87

Postgrey Postgrey 1.16

Postgrey Postgrey 1.17

Postgrey Postgrey 1.18

Postgrey Postgrey 1.21

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站