CVE-2005-1546
CVSS5.1
发布时间 :2005-05-14 00:00:00
修订时间 :2008-09-10 15:39:27
NMCOPS    

[原文]Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted PE file.


[CNNVD]HT Editor PE Parser未明远程缓冲区溢出漏洞(CNNVD-200505-1030)

        HT Editor的0.8.0之前版本中的PE解析器存在缓冲区溢出,远程攻击者可以通过特制的PE文件来执行任意代码。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:ht_editor:ht_editor:0.7.5
cpe:/a:ht_editor:ht_editor:0.6.0b
cpe:/a:ht_editor:ht_editor:0.7.3
cpe:/a:ht_editor:ht_editor:0.6.0
cpe:/a:ht_editor:ht_editor:0.4.5
cpe:/a:ht_editor:ht_editor:0.4.4b
cpe:/a:ht_editor:ht_editor:0.7.1
cpe:/a:ht_editor:ht_editor:0.4.4d
cpe:/a:ht_editor:ht_editor:0.4.0
cpe:/a:ht_editor:ht_editor:0.5.0
cpe:/a:ht_editor:ht_editor:2000-01-14
cpe:/a:ht_editor:ht_editor:0.4.1
cpe:/a:ht_editor:ht_editor:0.4.4
cpe:/a:ht_editor:ht_editor:0.3.991
cpe:/a:ht_editor:ht_editor:0.7.0
cpe:/a:ht_editor:ht_editor:0.3.992
cpe:/a:ht_editor:ht_editor:0.4.4c
cpe:/a:ht_editor:ht_editor:0.7.4
cpe:/a:ht_editor:ht_editor:0.8.0
cpe:/a:ht_editor:ht_editor:0.4.2
cpe:/a:ht_editor:ht_editor:0.4.3
cpe:/a:ht_editor:ht_editor:0.7.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1546
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1546
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-1030
(官方数据源) CNNVD

- 其它链接及资源

http://www.gentoo.org/security/en/glsa/glsa-200505-08.xml
(UNKNOWN)  GENTOO  GLSA-200505-08
http://www.debian.org/security/2005/dsa-743
(UNKNOWN)  DEBIAN  DSA-743

- 漏洞信息

HT Editor PE Parser未明远程缓冲区溢出漏洞
中危 缓冲区溢出
2005-05-14 00:00:00 2005-10-20 00:00:00
远程  
        HT Editor的0.8.0之前版本中的PE解析器存在缓冲区溢出,远程攻击者可以通过特制的PE文件来执行任意代码。

- 公告与补丁

        暂无数据

- 漏洞信息 (F38567)

Debian Linux Security Advisory 743-1 (PacketStormID:F38567)
2005-07-09 00:00:00
Debian  security.debian.org
advisory,arbitrary
linux,debian
CVE-2005-1545,CVE-2005-1546
[点击下载]

Debian Security Advisory DSA 743-1 - Several problems have been discovered in ht, a viewer, editor and analyzer for various executables, that may lead to the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 743-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 8th, 2005                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : ht
Vulnerability  : buffer overflows, integer overflows
Problem-Type   : local
Debian-specific: no
CVE ID         : CAN-2005-1545 CAN-2005-1546

Several problems have been discovered in ht, a viewer, editor and
analyser for various executables, that may lead to the execution of
arbitrary code.  The Common Vulnerabilities and Exposures project
identifies the following problems:

CAN-2005-1545

    Tavis Ormandy of the Gentoo Linux Security Team discovered an
    integer overflow in the ELF parser.

CAN-2005-1546

    The authors have discovered a buffer overflow in the PE parser.

For the old stable distribution (woody) these problems have been fixed
in version 0.5.0-1woody4.  For the HP Precision architecture, you are
advised not to use this package anymore since we cannot provide
updated packages as it doesn't compile anymore.

For the stable distribution (sarge) these problems have been fixed in
version 0.8.0-2sarge4.

For the unstable distribution (sid) these problems have been fixed in
version ht_0.8.0-3.

We recommend that you upgrade your ht package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4.dsc
      Size/MD5 checksum:      584 4653e91e5fcc046218492c5b70975908
    http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4.diff.gz
      Size/MD5 checksum:    18027 c0f55bca3f64f699ea1db32caa1edc3a
    http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0.orig.tar.gz
      Size/MD5 checksum:   603468 f997c26420d20cfcedcf2e9fb0950f55

  Alpha architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_alpha.deb
      Size/MD5 checksum:   431216 98864a95b8dece5cf2f6614bacb2f848

  ARM architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_arm.deb
      Size/MD5 checksum:   346374 0996a963fc4fbd8a6f178d8db3867b27

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_i386.deb
      Size/MD5 checksum:   391250 62203558c5a141e998bcaed868cd86f8

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_ia64.deb
      Size/MD5 checksum:   521134 16d2ab06e915abe1c83c949745dfe3e9

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_m68k.deb
      Size/MD5 checksum:   345330 0da281b13edf4e4f76d826fa56461e60

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_mips.deb
      Size/MD5 checksum:   437798 47c0af952f9f3989afa176c45e117de7

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_mipsel.deb
      Size/MD5 checksum:   433168 2da594648d9ac00c40a740c5892939af

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_powerpc.deb
      Size/MD5 checksum:   342788 306c770a13af146b94a18006edeacf74

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_s390.deb
      Size/MD5 checksum:   324036 1f72968e1cb7824a74f3e8a9e116ea89

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.5.0-1woody4_sparc.deb
      Size/MD5 checksum:   322232 39e612d42c867c07a6d3d8b6957cef86


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4.dsc
      Size/MD5 checksum:      589 a160a1a789111a129c7d59f220ba23c3
    http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4.diff.gz
      Size/MD5 checksum:     7592 780d1783a37b568dcf9e7eeccfefd87f
    http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0.orig.tar.gz
      Size/MD5 checksum:   893870 28b1556a8709ca350eb69700284f4161

  Alpha architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_alpha.deb
      Size/MD5 checksum:   653000 63278477c264a5e260d86ca0b8b36ff4

  ARM architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_arm.deb
      Size/MD5 checksum:   529762 516da62634d9331184cf3ed2fb40fae6

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_i386.deb
      Size/MD5 checksum:   525616 176a5d4315baa52fdb0c7e1893acb4ae

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_ia64.deb
      Size/MD5 checksum:   739078 1d956b2eed1e862f1bf83b5b35f63b1d

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_hppa.deb
      Size/MD5 checksum:   697518 82136c68e4bd524b347c8e41cd32eb0f

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_m68k.deb
      Size/MD5 checksum:   468668 f340a186b531a93bee5ad95dfd87d34c

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_mips.deb
      Size/MD5 checksum:   689090 215230ee97e265a56b702e24d61816c7

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_mipsel.deb
      Size/MD5 checksum:   679632 08e68c4d254fc62a8b7974ef2dba8e66

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_powerpc.deb
      Size/MD5 checksum:   558910 fc2483e406cd607e342516dc4f12c73c

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_s390.deb
      Size/MD5 checksum:   524210 b3364896f512cd942e90c20dcf3217ab

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/h/ht/ht_0.8.0-2sarge4_sparc.deb
      Size/MD5 checksum:   501158 92fdf959c3acc63e403e10ac7de0b1a4


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCzo59W5ql+IAeqTIRAvTyAJ0dFhUtvm+qJflDv9vwek/LB6ehmQCZAVd0
n+NYzK7M27HVsRG8Zyr0q8A=
=VopR
-----END PGP SIGNATURE-----

    

- 漏洞信息

16352
HT Editor PE Parser Overflow
Local Access Required Input Manipulation
Loss of Integrity
Exploit Unknown Vendor Verified

- 漏洞描述

A local buffer overflow exists in HT Editor. The editor fails to perform proper bounds checking in the PE parser resulting in an overflow. By causing a user to open a specially crafted PE file, an attacker can cause execution of arbitrary code resulting in a loss of integrity.

- 时间线

2005-05-10 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.8.0-r2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. Gentoo Linux users can upgrade with the following commands: # emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/hteditor-0.8.0-r2" Other users should upgrade to the latest version from CVS or contact their distribution vendor.

- 相关参考

- 漏洞作者

- 漏洞信息

HT Editor PE Parser Unspecified Remote Buffer Overflow Vulnerability
Boundary Condition Error 13587
Yes No
2005-05-10 12:00:00 2009-07-12 05:56:00
Reported by the vendor.

- 受影响的程序版本

HT Editor HT Editor 0.8
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
HT Editor HT Editor 0.5
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0

- 漏洞讨论

HT Editor is affected by an unspecified buffer overflow vulnerability.

Specific details about this issue are not currently available. It is known that this vulnerability affects the PE parser.

A successful attack may result in arbitrary code execution and allow the attacker to gain unauthorized access to the vulnerable computer.

HT Editor 0.8.0 and prior versions are affected by this issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

Gentoo has released advisory GLSA 200505-08 to address this issue. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:

emerge --sync
emerge --ask --oneshot --verbose ">=app-editors/hteditor-0.8.0-r2"

Debian Linux has released security advisory DSA 743-1 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.

Debian has released security advisory DSA 773-1 addressing several issues for their AMD64 port of the operating system. Please see the referenced
advisory for further information.


HT Editor HT Editor 0.5

HT Editor HT Editor 0.8

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站