CVE-2005-1349
CVSS7.5
发布时间 :2005-05-02 00:00:00
修订时间 :2010-04-02 01:04:24
NMCOPS    

[原文]Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.


[CNNVD]Convert-UUlib Perl模块缓冲区溢出漏洞(CNNVD-200505-342)

        Convert-UUlib (Convert::UUlib)1.051之前版本中的缓冲区溢出漏洞,允许远程攻击者通过读取操作的畸形参数来执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1349
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1349
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-342
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/15130
(PATCH)  SECUNIA  15130
http://xforce.iss.net/xforce/xfdb/20275
(VENDOR_ADVISORY)  XF  convert-uulib-bo(20275)
http://www.gentoo.org/security/en/glsa/glsa-200504-26.xml
(UNKNOWN)  GENTOO  GLSA-200504-26
http://www.securityfocus.com/bid/13401
(UNKNOWN)  BID  13401
http://www.mandriva.com/security/advisories?name=MDKSA-2006:022
(UNKNOWN)  MANDRIVA  MDKSA-2006:022

- 漏洞信息

Convert-UUlib Perl模块缓冲区溢出漏洞
高危 缓冲区溢出
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        Convert-UUlib (Convert::UUlib)1.051之前版本中的缓冲区溢出漏洞,允许远程攻击者通过读取操作的畸形参数来执行任意代码。

- 公告与补丁

        暂无数据

- 漏洞信息 (F52789)

barracude-uulib.txt (PacketStormID:F52789)
2006-12-06 00:00:00
Jean-Sebastien Guay-Leroux  
advisory,overflow
CVE-2005-1349
[点击下载]

Further research has been performed against the Barracuda Convert-UUlib library buffer overflow.

Topic:                  Barracuda Convert-UUlib library buffer
                        overflow leads to remote compromise

Announced:              2006-12-05
Product:                Barracuda Spam Firewall
Vendor:                 http://www.barracudanetworks.com/
Impact:                 Remote shell access
Affected product:       Barracuda Spam Firewall with firmware <
                        3.3.15.026 AND virus definition < 2.0.325
Credits:                Jean-S    

- 漏洞信息

15867
Perl Convert::UUlib Module Local Overflow
Local Access Required Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

An overflow exists in Convert-UUlib. Convert-UUlib fails to perform proper bounds checking on parameter functions resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. It is not clear if this vulnerability can be remotely exploited, or requires malformed content to be sent to a user to run.

- 时间线

2005-04-26 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.051 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Convert-UUlib Perl Module Buffer Overflow Vulnerability
Boundary Condition Error 13401
Yes No
2005-04-26 12:00:00 2006-12-07 02:19:00
This issue was announced in a vendor advisory.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 7
+ Linux kernel 2.4.19
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SuSE eMail Server III
S.u.S.E. SuSE eMail Server 3.1
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Professional 7.3
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux IMAP Server 1.0
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Database Server 0
S.u.S.E. Linux Connectivity Server
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
S.u.S.E. Linux 7.3 sparc
S.u.S.E. Linux 7.3 ppc
S.u.S.E. Linux 7.3 i386
S.u.S.E. Linux 7.3
S.u.S.E. Linux 7.2 i386
S.u.S.E. Linux 7.2
S.u.S.E. Linux 7.1 x86
S.u.S.E. Linux 7.1 sparc
S.u.S.E. Linux 7.1 ppc
S.u.S.E. Linux 7.1 alpha
S.u.S.E. Linux 7.1
S.u.S.E. Linux 7.0 sparc
S.u.S.E. Linux 7.0 ppc
S.u.S.E. Linux 7.0 i386
S.u.S.E. Linux 7.0 alpha
S.u.S.E. Linux 7.0
S.u.S.E. Linux 6.4 ppc
S.u.S.E. Linux 6.4 i386
S.u.S.E. Linux 6.4 alpha
S.u.S.E. Linux 6.4
S.u.S.E. Linux 6.3 ppc
S.u.S.E. Linux 6.3 alpha
S.u.S.E. Linux 6.3
S.u.S.E. Linux 6.2
S.u.S.E. Linux 6.1 alpha
S.u.S.E. Linux 6.1
S.u.S.E. Linux 6.0
S.u.S.E. Linux 5.3
S.u.S.E. Linux 5.2
S.u.S.E. Linux 5.1
S.u.S.E. Linux 5.0
S.u.S.E. Linux 4.4.1
S.u.S.E. Linux 4.4
S.u.S.E. Linux 4.3
S.u.S.E. Linux 4.2
S.u.S.E. Linux 4.0
S.u.S.E. Linux 3.0
S.u.S.E. Linux 2.0
S.u.S.E. Linux 1.0
Marc Lehmann Convert-UUlib 1.50
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MailEnable MailEnable Professional 1.116
MailEnable MailEnable Professional 1.115
MailEnable MailEnable Professional 1.114
MailEnable MailEnable Professional 1.113
MailEnable MailEnable Professional 1.112
MailEnable MailEnable Professional 1.111
MailEnable MailEnable Professional 1.110
MailEnable MailEnable Professional 1.109
MailEnable MailEnable Professional 1.108
MailEnable MailEnable Professional 1.107
MailEnable MailEnable Professional 1.106
MailEnable MailEnable Professional 1.105
MailEnable MailEnable Professional 1.104
MailEnable MailEnable Professional 1.103
MailEnable MailEnable Professional 1.102
MailEnable MailEnable Professional 1.101
MailEnable MailEnable Professional 1.54
MailEnable MailEnable Professional 1.53
MailEnable MailEnable Professional 1.52
MailEnable MailEnable Professional 1.51
MailEnable MailEnable Professional 1.19
MailEnable MailEnable Professional 1.18
MailEnable MailEnable Professional 1.17
MailEnable MailEnable Professional 1.16
MailEnable MailEnable Professional 1.15
MailEnable MailEnable Professional 1.14
MailEnable MailEnable Professional 1.13
MailEnable MailEnable Professional 1.12
MailEnable MailEnable Professional 1.5
MailEnable MailEnable Professional 1.2 a
MailEnable MailEnable Professional 1.2
MailEnable MailEnable Professional 1.1
MailEnable MailEnable Professional 1.0 017
MailEnable MailEnable Professional 1.0 016
MailEnable MailEnable Professional 1.0 015
MailEnable MailEnable Professional 1.0 014
MailEnable MailEnable Professional 1.0 013
MailEnable MailEnable Professional 1.0 012
MailEnable MailEnable Professional 1.0 011
MailEnable MailEnable Professional 1.0 010
MailEnable MailEnable Professional 1.0 009
MailEnable MailEnable Professional 1.0 008
MailEnable MailEnable Professional 1.0 007
MailEnable MailEnable Professional 1.0 006
MailEnable MailEnable Professional 1.0 005
MailEnable MailEnable Professional 1.0 004
MailEnable MailEnable Enterprise Edition 1.0 4
MailEnable MailEnable Enterprise Edition 1.0 3
MailEnable MailEnable Enterprise Edition 1.0 2
MailEnable MailEnable Enterprise Edition 1.0 1
MailEnable MailEnable Enterprise Edition 1.0
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Convert-UUlib Convert-UUlib 1.05
+ UUDeview UUDeview 0.5.20
Convert-UUlib Convert-UUlib 1.04
+ UUDeview UUDeview 0.5.20
Conectiva Linux 10.0
Barracuda Networks Barracuda Spam Firewall 3.1.18 firmware
Barracuda Networks Barracuda Spam Firewall 3.1.17 firmware
Barracuda Networks Barracuda Spam Firewall 3.3.03.055
Barracuda Networks Barracuda Spam Firewall 3.3.03.053
Barracuda Networks Barracuda Spam Firewall 3.3.03.022 firmware
Barracuda Networks Barracuda Spam Firewall 3.3.01.001
Barracuda Networks Barracuda Spam Firewall 3.3.0.54
Marc Lehmann Convert-UUlib 1.51
Barracuda Networks Barracuda Spam Firewall 3.3.15 026

- 不受影响的程序版本

Marc Lehmann Convert-UUlib 1.51
Barracuda Networks Barracuda Spam Firewall 3.3.15 026

- 漏洞讨论

Convert-UUlib Perl module is prone to a remotely exploitable buffer-overflow vulnerability.

A remote attacker may leverage this condition to overwrite sensitive program control variables and thus gain control of the process's execution flow.

This BID will be updated as soon as further information regarding this issue is made available.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

NOTE: A fix for this issue is reportedly available, but Symantec was unable to confirm this. Contact the software vendor to determine the availability of fixed packages.

Please see the referenced advisories for more information.


Convert-UUlib Convert-UUlib 1.05

Convert-UUlib Convert-UUlib 1.04

Conectiva Linux 10.0

Debian Linux 3.0 s/390

Debian Linux 3.0 alpha

Debian Linux 3.0 mips

Debian Linux 3.0 mipsel

Debian Linux 3.0 hppa

Debian Linux 3.0 arm

Debian Linux 3.0 m68k

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站