CVE-2005-1704
CVSS4.6
发布时间 :2005-05-24 00:00:00
修订时间 :2011-03-07 00:00:00
NMCOPS    

[原文]Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow.


[CNNVD]GDB多个漏洞(CNNVD-200505-1170)

        gdb的6.3之前版本、binutils、elfutils和可能其它软件包的二进制文件描述符(BFD)库存在整数溢出,用户辅助式攻击者可以通过一个指定大量节头的特制的对象文件,造成基于堆的缓冲区溢出,来执行任意代码。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-189 [数值错误]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9071Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows use...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1704
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-1170
(官方数据源) CNNVD

- 其它链接及资源

http://www.vupen.com/english/advisories/2007/1267
(VENDOR_ADVISORY)  VUPEN  ADV-2007-1267
http://www.vmware.com/support/vi3/doc/esx-55052-patch.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/vi3/doc/esx-55052-patch.html
http://www.ubuntulinux.org/support/documentation/usn/usn-136-1
(UNKNOWN)  UBUNTU  USN-136-1
http://www.trustix.org/errata/2005/0025/
(UNKNOWN)  TRUSTIX  2005-0025
http://www.securityfocus.com/bid/13697
(UNKNOWN)  BID  13697
http://www.securityfocus.com/archive/1/archive/1/464745/100/0/threaded
(UNKNOWN)  BUGTRAQ  20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates
http://www.redhat.com/support/errata/RHSA-2006-0368.html
(UNKNOWN)  REDHAT  RHSA-2006:0368
http://www.redhat.com/support/errata/RHSA-2006-0354.html
(UNKNOWN)  REDHAT  RHSA-2006:0354
http://www.redhat.com/support/errata/RHSA-2005-801.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:801
http://www.redhat.com/support/errata/RHSA-2005-763.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:763
http://www.redhat.com/support/errata/RHSA-2005-709.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:709
http://www.redhat.com/support/errata/RHSA-2005-673.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:673
http://www.redhat.com/support/errata/RHSA-2005-659.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:659
http://www.osvdb.org/16757
(UNKNOWN)  OSVDB  16757
http://www.mandriva.com/security/advisories?name=MDKSA-2005:215
(UNKNOWN)  MANDRAKE  MDKSA-2005:215
http://www.mandriva.com/security/advisories?name=MDKSA-2005:095
(UNKNOWN)  MANDRAKE  MDKSA-2005:095
http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml
(UNKNOWN)  GENTOO  GLSA-200506-01
http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm
http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm
(UNKNOWN)  SECUNIA  18506
http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf
http://securitytracker.com/id?1016544
(UNKNOWN)  SECTRACK  1016544
http://security.gentoo.org/glsa/glsa-200505-15.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200505-15
http://secunia.com/advisories/24788
(VENDOR_ADVISORY)  SECUNIA  24788
http://secunia.com/advisories/21717
(VENDOR_ADVISORY)  SECUNIA  21717
http://secunia.com/advisories/21262
(VENDOR_ADVISORY)  SECUNIA  21262
http://secunia.com/advisories/21122
(VENDOR_ADVISORY)  SECUNIA  21122
http://secunia.com/advisories/17718
(VENDOR_ADVISORY)  SECUNIA  17718
http://secunia.com/advisories/17356
(VENDOR_ADVISORY)  SECUNIA  17356
http://secunia.com/advisories/17257
(VENDOR_ADVISORY)  SECUNIA  17257
http://secunia.com/advisories/17135
(VENDOR_ADVISORY)  SECUNIA  17135
http://secunia.com/advisories/17072
(VENDOR_ADVISORY)  SECUNIA  17072
http://secunia.com/advisories/17001
(VENDOR_ADVISORY)  SECUNIA  17001
http://secunia.com/advisories/15527
(VENDOR_ADVISORY)  SECUNIA  15527
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001060
(UNKNOWN)  CONECTIVA  CLA-2006:1060
http://bugs.gentoo.org/show_bug.cgi?id=91398
(UNKNOWN)  CONFIRM  http://bugs.gentoo.org/show_bug.cgi?id=91398
ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc
(UNKNOWN)  SGI  20060703-01-P

- 漏洞信息

GDB多个漏洞
中危 缓冲区溢出
2005-05-24 00:00:00 2007-02-08 00:00:00
远程※本地  
        gdb的6.3之前版本、binutils、elfutils和可能其它软件包的二进制文件描述符(BFD)库存在整数溢出,用户辅助式攻击者可以通过一个指定大量节头的特制的对象文件,造成基于堆的缓冲区溢出,来执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Turbolinux Home
        Turbolinux gdb-5.3-3.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/gdb-5.3-3.i586.rpm
        GNU Binutils 2.15.92.0.2
        RedHat binutils-2.15.92.0.2-5.1.i386.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat binutils-2.15.92.0.2-5.1.src.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat binutils-2.15.92.0.2-5.1.x86_64.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat binutils-debuginfo-2.15.92.0.2-5.1.i386.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        RedHat binutils-debuginfo-2.15.92.0.2-5.1.x86_64.rpm
        Fedora Core 3
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
        GNU Binutils 2.15.94.0.2.2
        RedHat binutils-2.15.94.0.2.2-2.1.i386.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
        RedHat binutils-2.15.94.0.2.2-2.1.ppc.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
        RedHat binutils-2.15.94.0.2.2-2.1.src.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
        RedHat binutils-2.15.94.0.2.2-2.1.x86_64.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
        RedHat binutils-debuginfo-2.15.94.0.2.2-2.1.i386.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
        RedHat binutils-debuginfo-2.15.94.0.2.2-2.1.ppc.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
        RedHat binutils-debuginfo-2.15.94.0.2.2-2.1.x86_64.rpm
        Fedora Core 4
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/
        Turbolinux Appliance Server 1.0 Hosting Edition
        Turbolinux gdb-5.2.1-2.i586.rpm
        Turbolinux Appliance Server 1.0 Hosting Edition
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
        Turbolinux Appliance Server 1.0 Workgroup Edition
        Turbolinux gdb-5.2.1-2.i586.rpm
        Turbolinux Appliance Server 1.0 Workgroup Edition
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/
        MandrakeSoft Linux Mandrake 10.0 AMD64
        Mandriva gdb-6.0-2.1.100mdk.amd64.rpm
        Mandrakelinux 10.0/AMD64:
        http://www.mandriva.com/en/download
        Mandriva gdb-6.0-2.1.100mdk.src.rpm
        Mandrakelinux 10.0/AMD64:
        http://www.mandriva.com/en/download
        MandrakeSoft Linux Mandrake 10.0
        Mandriva gdb-6.0-2.1.100mdk.i586.rpm
        Mandrakelinux 10.0:
        http://www.mandriva.com/en/download
        Mandriva gdb-6.0-2.1.100mdk.src.rpm
        Mandrakelinux 10.0:
        http://www.mandriva.com/en/download
        Turbolinux Turbolinux Desktop 10.0
        Turbolinux gdb-5.3-3.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/gdb-5.3-3.i586.rpm
        MandrakeSoft Linux Mandrake 10.1
        Mandriva gdb-6.2-2.1.101mdk.i586.rpm
        Mandrakelinux 10.1:
        http://www.mandriva.com/en/download
        Mandriva gdb-6.2-2.1.101mdk.src.rpm
        Mandrakelinux 10.1:
        http://www.mandriva.com/en/download
        MandrakeSoft Linux Mandrake 10.1 x86_64
        Mandriva gdb-6.2-2.1.101mdk.src.rpm
        Mandrakelinux 10.1/X86_64:
        http://www.mandriva.com/en/download
        Mandriva gdb-6.2-2.1.101mdk.x86_64.rpm
        Mandrakelinux 10.1/X86_64:
        http://www.mandriva.com/en/download
        MandrakeSoft Linux Mandrake 10.2
        Mandriva gdb-6.3-3.1.102mdk.i586.rpm
        Mandrakelinux 10.2:
        http://www.mandriva.com/en/download
        Mandriva gdb-6.3-3.1.102mdk.src.rpm
        Mandrakelinux 10.2:
        http://www.mandriva.com/en/download
        MandrakeSoft Linux Mandrake 10.2 x86_64
        Mandriva gdb-6.3-3.1.102mdk.src.rpm
        Mandrakelinux 10.2/X86_64:
        http://www.mandriva.com/en/download
        Mandriva gdb-6.3-3.1.102mdk.x86_64.rpm
        Mandrakelinux 10.2/X86_64:
        http://www.mandriva.com/en/download
        MandrakeSoft Corporate Server 2.1 x86_64
        Mandriva gdb-5.3-24.1.C21mdk.src.rpm
        Corporate Server 2.1/X86_64:
        http://www.mandriva.com/en/download
        Mandriva gdb-5.3-24.1.C21mdk.x86_64.rpm
        Corporate Server 2.1/X86_64:
        http://www.man

- 漏洞信息 (F55667)

VMware Security Advisory 2007-0003 (PacketStormID:F55667)
2007-04-05 00:00:00
VMware  vmware.com
advisory
CVE-2005-3011,CVE-2006-4810,CVE-2007-1270,CVE-2007-1271,CVE-2005-2096,CVE-2005-1849,CVE-2003-0107,CVE-2005-1704
[点击下载]

VMware Security Advisory - ESX 3.0.1 and 3.0.0 patches address several security issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2007-0003
Synopsis:          VMware ESX 3.0.1 and 3.0.0 server security updates
Issue date:        2007-04-02
Updated on:        2007-04-02
CVE numbers:       CVE-2005-3011 CVE-2006-4810 CVE-2007-1270
                   CVE-2007-1271 CVE-2005-2096 CVE-2005-1849
                   CVE-2003-0107 CVE-2005-1704
- -------------------------------------------------------------------

1. Summary:

ESX 3.0.1 and 3.0.0 patches address several security issues.

2. Relevant releases:

VMware ESX 3.0.1 without patches ESX-2559638, ESX-1161870, ESX-3416571,
ESX-5011126, ESX-7737432, ESX-7780490, ESX-8174018, ESX-8852210,
ESX-9617902,
ESX-9916286

VMware ESX 3.0.0 without patches ESX-1121906, ESX-131737, ESX-1870154,
ESX-392718, ESX-4197945, ESX-4921691, ESX-5752668, ESX-7052426, ESX-3616065

3. Problem description:

Problems addressed by these patches:

a.   texinfo service console update

     Updated texinfo packages for the service console fix two security
     vulnerabilities are now available.  A buffer overflow in the the
     program texinfo could allow local user to execute arbitrary code in
     the service console via a crafted texinfo file.  And could allow a
     local user to overwrite arbitrary files via a symlink attack on
     temporary files.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the names CVE-2005-3011 and CVE-2006-4810 to these
     issues.

     ESX 301 Download Patch ESX-2559638
     ESX 300 Download Patch ESX-1121906

b.   This bundle is a group of patches to resolve two possible security
issues.

     They are as follows:
     A VMware internal security audit revealed a double free condition.
     It may be possible for an attacker to influence the operation of
     the system. In most circumstances, this influence will be limited
     to denial of service or information leakage, but it is
     theoretically possible for an attacker to insert arbitrary code
     into a running program. This code would be executed with the
     permissions of the vulnerable program.  There are no known exploits
     for this issue.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the name CVE-2007-1270 to this issue.

     A VMware internal security audit revealed a potential buffer
     overflow condition. There are no known vulnerabilities, but such
     vulnerabilities may be used to elevate privileges or to crash the
     application and thus cause a denial of service.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the name CVE-2007-1271 to this issue.

     The following patches are contained within this bundle:

     ESX 301                      ESX 300
     -------                     --------
     ESX-1161870                  ESX-131737
     ESX-3416571                  ESX-1870154
     ESX-5011126                  ESX-392718
     ESX-7737432                  ESX-4197945
     ESX-7780490                  ESX-4921691
     ESX-8174018                  ESX-5752668
     ESX-8852210                  ESX-7052426
     ESX-9617902                  ESX-9976400

     ESX 301 Download Patch Bundle ESX-6431040
     ESX 300 Download Patch Bundle ESX-5754280

c.   This patch updates internally used zlib libraries in order to
     address potential security issues with older versions of this
     library.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the names CVE-2005-2096, CVE-2005-1849, CVE-2003-0107
     to these issues.

     ESX 301 Download Patch ESX-9916286
     ESX 300 Download Patch ESX-3616065

d.  binutils service console update

     NOTE: This vulnerability and update only apply to ESX 3.0.0.

     A integer overflow in the Binary File Descriptor (BFD) library for
     the GNU Debugger before version 6.3, binutils, elfutils, and
     possibly other packages, allows user-assisted attackers to execute
     arbitrary code via a crafted object file that specifies a large
     number of section headers, leading to a heap-based buffer overflow.

     The Common Vulnerabilities and Exposures project (cve.mitre.org)
     has assigned the name CVE-2005-1704 to this issue.

     ESX 300 Download Patch ESX-55052

4. Solution:

Please review the Patch notes for your version of ESX and verify the
md5sum of your downloaded file.

  ESX 3.0.1
  http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html
  md5sum 9ee9d9769dfe2668aa6a4be2df284ea6

  http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html
  md5sum ef6bc745b3d556e0736fd39b8ddc8087

  http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html
  md5sum 7b98cfe1b2e0613c368d4080dcacccb8

  ESX 3.0.0
  http://www.vmware.com/support/vi3/doc/esx-55052-patch.html
  md5sum 8d45e36ec997707ebe68d84841026fef

  http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html
  md5sum 02c5bcccea156dd0db93177e5e3fab8b

  http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html
  md5sum 90e4face2edaab07080531a37a49ec01

  http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html
  md5sum 82b3c7e18dd1422f30c4aa9e477c6a27

5. References:

  ESX 3.0.1

Patch URL:http://www.vmware.com/support/vi3/doc/esx-2559638-patch.html
Patch URL:http://www.vmware.com/support/vi3/doc/esx-6431040-patch.html
Patch URL:http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html
Knowledge base URL:http://kb.vmware.com/kb/2559638
Knowledge base URL:http://kb.vmware.com/kb/6431040
Knowledge base URL:http://kb.vmware.com/kb/9916286

  ESX 3.0.0

Patch URL:http://www.vmware.com/support/vi3/doc/esx-55052-patch.html
Patch URL:http://www.vmware.com/support/vi3/doc/esx-1121906-patch.html
Patch URL:http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html
Patch URL:http://www.vmware.com/support/vi3/doc/esx-5754280-patch.html
Knowledge base URL:http://kb.vmware.com/kb/55052
Knowledge base URL:http://kb.vmware.com/kb/1121906
Knowledge base URL:http://kb.vmware.com/kb/3616065
Knowledge base URL:http://kb.vmware.com/kb/55052


  CVE numbers

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3011
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4810
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1270
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1271
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2096
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1849
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0107
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1704

6. Contact:

http://www.vmware.com/security

VMware Security Response Policy
http://www.vmware.com/vmtn/technology/security/security_response.html

E-mail:  security@vmware.com

Copyright 2007 VMware Inc. All rights reserved.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGFAiH6KjQhy2pPmkRCDhvAJ9IdzXG4Ino7NGYPnRvW5ZLFMdhRgCgk1Rr
bGpwMyFZk0OMLWyA/L8PODQ=
=MjIU
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F41933)

Mandriva Linux Security Advisory 2005.215 (PacketStormID:F41933)
2005-11-30 00:00:00
Mandriva  mandriva.com
advisory,overflow,arbitrary
linux,mandriva
CVE-2005-1704
[点击下载]

Mandriva Linux Security Advisory - Integer overflows in various applications in the binutils package may allow attackers to execute arbitrary code via a carefully crafted object file.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:215
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : binutils
 Date    : November 23, 2005
 Affected: 10.1, 10.2, Corporate 2.1, Corporate 3.0,
           Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Integer overflows in various applications in the binutils package 
 may allow attackers to execute arbitrary code via a carefully crafted 
 object file. 
 
 The updated packages have been patched to help address these problems.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1704
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 708b5397a0f8d66ff7825a87109cee13  10.1/RPMS/binutils-2.15.90.0.3-1.2.101mdk.i586.rpm
 cfe970075dabce10d2ea4d8e4fa67aaf  10.1/RPMS/libbinutils2-2.15.90.0.3-1.2.101mdk.i586.rpm
 2aa1168d9d0b6c603da3acbdea22fc9c  10.1/RPMS/libbinutils2-devel-2.15.90.0.3-1.2.101mdk.i586.rpm
 1f5e832b6ed31c56b3def12e375610da  10.1/SRPMS/binutils-2.15.90.0.3-1.2.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 e700db501ac6f8f9b2d417c080ab5eea  x86_64/10.1/RPMS/binutils-2.15.90.0.3-1.2.101mdk.x86_64.rpm
 6abac53d844407ef121691b636b20e1b  x86_64/10.1/RPMS/lib64binutils2-2.15.90.0.3-1.2.101mdk.x86_64.rpm
 b6f861d559d57c8c5a92e777815e4c73  x86_64/10.1/RPMS/lib64binutils2-devel-2.15.90.0.3-1.2.101mdk.x86_64.rpm
 1f5e832b6ed31c56b3def12e375610da  x86_64/10.1/SRPMS/binutils-2.15.90.0.3-1.2.101mdk.src.rpm

 Mandriva Linux 10.2:
 c2a2cfc84982642148278a522ae20398  10.2/RPMS/binutils-2.15.92.0.2-6.2.102mdk.i586.rpm
 e026dde17010169f948ffcc7f0f84196  10.2/RPMS/libbinutils2-2.15.92.0.2-6.2.102mdk.i586.rpm
 2d0f051e47a0bd56f6472a182d552064  10.2/RPMS/libbinutils2-devel-2.15.92.0.2-6.2.102mdk.i586.rpm
 f22b295f02e30b0eb4d12411621c0404  10.2/SRPMS/binutils-2.15.92.0.2-6.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 dc5b9b89c6fb480e4e22cd78aa377a54  x86_64/10.2/RPMS/binutils-2.15.92.0.2-6.2.102mdk.x86_64.rpm
 29fbcbe86219392c6e821d8551f918b0  x86_64/10.2/RPMS/lib64binutils2-2.15.92.0.2-6.2.102mdk.x86_64.rpm
 5cab7d1ab727c5965faf90c14c16ab88  x86_64/10.2/RPMS/lib64binutils2-devel-2.15.92.0.2-6.2.102mdk.x86_64.rpm
 f22b295f02e30b0eb4d12411621c0404  x86_64/10.2/SRPMS/binutils-2.15.92.0.2-6.2.102mdk.src.rpm

 Corporate Server 2.1:
 4fc16a664f25b5b7ce57938d5b9aa6e1  corporate/2.1/RPMS/binutils-2.13.90.0.10-1.2.C21mdk.i586.rpm
 18c1b567a556d8f3f8e8333dca45c971  corporate/2.1/RPMS/libbinutils2-2.13.90.0.10-1.2.C21mdk.i586.rpm
 c08be5df6b56231ca1c4436a805d6b81  corporate/2.1/RPMS/libbinutils2-devel-2.13.90.0.10-1.2.C21mdk.i586.rpm
 dbc46ffe4e6f710d355796211bdff83c  corporate/2.1/SRPMS/binutils-2.13.90.0.10-1.2.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 1561acb857e03d7a167af0945efe7650  x86_64/corporate/2.1/RPMS/binutils-2.13.90.0.10-1.2.C21mdk.x86_64.rpm
 e683343df371de35d026cbdba7dbc898  x86_64/corporate/2.1/RPMS/libbinutils2-2.13.90.0.10-1.2.C21mdk.x86_64.rpm
 9c53bf3a8c5a303c2f97d06216dbf30c  x86_64/corporate/2.1/RPMS/libbinutils2-devel-2.13.90.0.10-1.2.C21mdk.x86_64.rpm
 dbc46ffe4e6f710d355796211bdff83c  x86_64/corporate/2.1/SRPMS/binutils-2.13.90.0.10-1.2.C21mdk.src.rpm

 Corporate 3.0:
 ef926843f1e4141cecbb5a77015d5092  corporate/3.0/RPMS/binutils-2.14.90.0.7-2.2.C30mdk.i586.rpm
 494a84d96695e9b3d5fe98dec372cb56  corporate/3.0/RPMS/libbinutils2-2.14.90.0.7-2.2.C30mdk.i586.rpm
 0deb09a9ee7a41172fbf242cf40b9f10  corporate/3.0/RPMS/libbinutils2-devel-2.14.90.0.7-2.2.C30mdk.i586.rpm
 e57a1ef31c7d86749bb93f2c5632c168  corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 c999b0c9026df1c47e2ecfafb3396973  x86_64/corporate/3.0/RPMS/binutils-2.14.90.0.7-2.2.C30mdk.x86_64.rpm
 b2eacb13d69dc3a3f24ba0d466a0a7d2  x86_64/corporate/3.0/RPMS/lib64binutils2-2.14.90.0.7-2.2.C30mdk.x86_64.rpm
 603859440efa6b87a0b66954e01977b9  x86_64/corporate/3.0/RPMS/lib64binutils2-devel-2.14.90.0.7-2.2.C30mdk.x86_64.rpm
 e57a1ef31c7d86749bb93f2c5632c168  x86_64/corporate/3.0/SRPMS/binutils-2.14.90.0.7-2.2.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 9eab0b74b586e443a0e533af8cca5fa4  mnf/2.0/RPMS/binutils-2.14.90.0.7-2.2.M20mdk.i586.rpm
 93047308f094f014b37aee12534c43df  mnf/2.0/RPMS/libbinutils2-2.14.90.0.7-2.2.M20mdk.i586.rpm
 0ccb5c7d9a158dbce80de957aa7b0b04  mnf/2.0/SRPMS/binutils-2.14.90.0.7-2.2.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDhKsfmqjQ0CJFipgRAgbcAJ44oqybcmVb8HGLmJsoOi7Pnc34vACg15Y6
wbya/4Q74mmWUW84jwoMa0E=
=Hfll
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F39339)

Ubuntu Security Notice 136-1 (PacketStormID:F39339)
2005-08-14 00:00:00
Ubuntu  ubuntu.com
advisory,overflow
linux,ubuntu
CVE-2005-1704
[点击下载]

Ubuntu Security Notice USN-136-1 - Tavis Ormandy found an integer overflow in the Binary File Descriptor (BFD) parser in the GNU debugger. The same vulnerable code is also present in binutils.

===========================================================
Ubuntu Security Notice USN-136-1	       May 27, 2005
binutils vulnerability
CAN-2005-1704
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

binutils
binutils-multiarch

The problem can be corrected by upgrading the affected package to
version 2.14.90.0.7-8ubuntu0.2 (for Ubuntu 4.10), or 2.15-5ubuntu2.1
(for Ubuntu 5.04).  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

Tavis Ormandy found an integer overflow in the Binary File Descriptor
(BFD) parser in the GNU debugger. The same vulnerable code is also
present in binutils. By tricking an user into processing a specially
crafted executable with the binutils tools (strings, objdump, nm,
readelf, etc.), an attacker could exploit this to execute arbitrary
code with the privileges of the user running the affected program.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7-8ubuntu0.2.diff.gz
      Size/MD5:    51417 f845b3e1355e35e68d0a318e36a2bab0
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7-8ubuntu0.2.dsc
      Size/MD5:      802 710bf99bd72b1afae20fc92dd66ae031
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7.orig.tar.gz
      Size/MD5: 13625636 3211f9065fd85f5f726f08c2f0c3db0c

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.14.90.0.7-8ubuntu0.2_all.deb
      Size/MD5:   422494 10e5d330120ae23eb2b85b2e6a779eca

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.14.90.0.7-8ubuntu0.2_amd64.deb
      Size/MD5:  2912498 264f76c2de25f569789ea90793fdd814
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.14.90.0.7-8ubuntu0.2_amd64.deb
      Size/MD5:  8052384 3c9f4400cddf2a251209e6351cf13bd8
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7-8ubuntu0.2_amd64.deb
      Size/MD5:  2468256 a380b11ae81d9e08e49b2b37012ddbbf

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.14.90.0.7-8ubuntu0.2_i386.deb
      Size/MD5:  2852262 9d23fd3a5722a623e63f42981d0425e6
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.14.90.0.7-8ubuntu0.2_i386.deb
      Size/MD5:  7882298 58b4b6f4b304574e003fed0f52247400
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7-8ubuntu0.2_i386.deb
      Size/MD5:  2435474 43bdef72991cf1c41f09dbb6e8153f21

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.14.90.0.7-8ubuntu0.2_powerpc.deb
      Size/MD5:  3536650 4d2aa7df363e35b302a1b6ec9a11a67e
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.14.90.0.7-8ubuntu0.2_powerpc.deb
      Size/MD5:  9379314 77b7df24ffa9cc6b146c19df533b2873
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.14.90.0.7-8ubuntu0.2_powerpc.deb
      Size/MD5:  2572692 f7ccefe764c69541c7bdab7ebf212023

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.1.diff.gz
      Size/MD5:    41141 3912bde660d30bdc9db259b1e4760fa8
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.1.dsc
      Size/MD5:      781 99488b7c339737189950036dda41ac58
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15.orig.tar.gz
      Size/MD5: 15134701 ea140e23ae50a61a79902aa67da5214e

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-doc_2.15-5ubuntu2.1_all.deb
      Size/MD5:   433890 571c4d3c59d12dc2648633da05debf1f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.1_amd64.deb
      Size/MD5:  2839936 a150864ff843b4a7f2891bc8033f78b9
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.1_amd64.deb
      Size/MD5:  8022016 15283e00c70b96cc6703629c8d0aa73a
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.1_amd64.deb
      Size/MD5:  1369076 e50eeb7b75e2a43ca805a5ae7ad661e9

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.1_i386.deb
      Size/MD5:  2795900 db51c8d640ec43bf34c4a4ee4125b8d5
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.1_i386.deb
      Size/MD5:  7868676 6ee9d67f9c08e1a054743d428af51cd9
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.1_i386.deb
      Size/MD5:  1323878 4463e0ac4fae73f5b241e92e46205e33

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils-dev_2.15-5ubuntu2.1_powerpc.deb
      Size/MD5:  3470772 b946466edc98a0bd2e5252229a2d7473
    http://security.ubuntu.com/ubuntu/pool/universe/b/binutils/binutils-multiarch_2.15-5ubuntu2.1_powerpc.deb
      Size/MD5:  9386154 8c0d4741185a22c913dfddfd98c840f7
    http://security.ubuntu.com/ubuntu/pool/main/b/binutils/binutils_2.15-5ubuntu2.1_powerpc.deb
      Size/MD5:  1465548 4e586fe1daaf83b5a6255cc05b4e9ab4
    

- 漏洞信息 (F39338)

Ubuntu Security Notice 135-1 (PacketStormID:F39338)
2005-08-14 00:00:00
Ubuntu  ubuntu.com
advisory,overflow,arbitrary
linux,ubuntu
CVE-2005-1704,CVE-2005-1705
[点击下载]

Ubuntu Security Notice USN-135-1 - Tavis Ormandy found an integer overflow in the GNU debugger. By tricking an user into merely load a specially crafted executable, an attacker could exploit this to execute arbitrary code with the privileges of the user running gdb. However, loading untrusted binaries without actually executing them is rather uncommon, so the risk of this flaw is low.

===========================================================
Ubuntu Security Notice USN-135-1	       May 27, 2005
gdb vulnerabilities
CAN-2005-1704, CAN-2005-1705
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

gdb

The problem can be corrected by upgrading the affected package to
version 6.1-3ubuntu0.1 (for Ubuntu 4.10), or 6.3-5ubuntu1.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Tavis Ormandy found an integer overflow in the GNU debugger. By
tricking an user into merely load a specially crafted executable, an
attacker could exploit this to execute arbitrary code with the
privileges of the user running gdb. However, loading untrusted
binaries without actually executing them is rather uncommon, so the
risk of this flaw is low. (CAN-2005-1704)

Tavis Ormandy also discovered that gdb loads and executes the file
".gdbinit" in the current directory even if the file belongs to a
different user. By tricking an user into run gdb in a directory with a
malicious .gdbinit file, a local attacker could exploit this to run
arbitrary commands with the privileges of the user invoking gdb.
(CAN-2005-1705)


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1-3ubuntu0.1.diff.gz
      Size/MD5:   121937 5ecb8a37380fb8f96773527bc5b386bc
    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1-3ubuntu0.1.dsc
      Size/MD5:      782 68c9d10a3ee6274d001c49d5233b88ca
    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1.orig.tar.gz
      Size/MD5: 16693869 f707d21f5a3e963ce059caed75e899a2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1-3ubuntu0.1_amd64.deb
      Size/MD5:  2737380 bb0de70cfc7b7aa814e2860124c91c6d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1-3ubuntu0.1_i386.deb
      Size/MD5:  2403326 492f0103c85a726ba748788bf097592c

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.1-3ubuntu0.1_powerpc.deb
      Size/MD5:  3747906 88f4da50a99596f5723c9acb596026f6

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3-5ubuntu1.1.diff.gz
      Size/MD5:   152409 15724d0389095cd77749d9d323600e87
    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3-5ubuntu1.1.dsc
      Size/MD5:      837 cee3bc5743823b718199294ce4c22588
    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3.orig.tar.gz
      Size/MD5: 17374476 812de9e756d53c749ea5516d9ffa5905

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3-5ubuntu1.1_amd64.deb
      Size/MD5:  2951872 0da1a71bd8ed90219fb3ce88823e178a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3-5ubuntu1.1_i386.deb
      Size/MD5:  2648228 1bd3001a609d0122b45c018b64150498

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gdb/gdb_6.3-5ubuntu1.1_powerpc.deb
      Size/MD5:  4046246 6769a82f244d229077bb9ed6b1667cf4
    

- 漏洞信息

16870
binutils BFD Library Local Overflow
Local Access Required Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

A local overflow exists in binutils. The BFD library fails to validate user supplied input resulting in a heap overflow. With a specially crafted file, an attacker can gain escalated privileges resulting in a loss of confidentiality.

- 时间线

2005-05-27 2005-05-04
2005-05-20 Unknow

- 解决方案

Upgrade to the latest snapshot version from CVS, as it has been reported to fix this vulnerability. In addition, Ubuntu has released a patch for some older versions distributed by them.

- 相关参考

- 漏洞作者

- 漏洞信息

GDB Multiple Vulnerabilities
Unknown 13697
Yes Yes
2005-05-20 12:00:00 2007-04-05 07:52:00
Discovery is credited to Tavis Ormandy of the Gentoo Linux Security Audit Team.

- 受影响的程序版本

VMWare ESX Server 3.0
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Turbolinux Turbolinux Workstation 8.0
Turbolinux Turbolinux Workstation 7.0
Turbolinux Turbolinux Server 8.0
Turbolinux Turbolinux Server 7.0
Turbolinux Turbolinux Desktop 10.0
Turbolinux Turbolinux 10 F...
Turbolinux Home
Turbolinux Appliance Server Workgroup Edition 1.0
Turbolinux Appliance Server Hosting Edition 1.0
Turbolinux Appliance Server 1.0 Workgroup Edition
Turbolinux Appliance Server 1.0 Hosting Edition
SGI ProPack 3.0 SP6
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
GNU GDB 6.3
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
GNU GDB 6.1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
GNU Binutils 2.15
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
GNU Binutils 2.14
+ Trustix Secure Enterprise Linux 2.0
+ Trustix Secure Linux 2.2
+ Trustix Secure Linux 2.1
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
GNU Binutils 2.12
GNU Binutils 2.11
GNU Binutils 2.15.94.0.2.2
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
GNU Binutils 2.15.92.0.2
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Gentoo Linux
Conectiva Linux 10.0
Avaya S8710 R2.0.1
Avaya S8710 R2.0.0
Avaya S8710 CM 3.1
Avaya S8700 R2.0.1
Avaya S8700 R2.0.0
Avaya S8700 CM 3.1
Avaya S8500 R2.0.1
Avaya S8500 R2.0.0
Avaya S8500 CM 3.1
Avaya S8300 R2.0.1
Avaya S8300 R2.0.0
Avaya S8300 CM 3.1
Avaya Messaging Storage Server
Avaya Message Networking
Avaya Intuity LX
Avaya Integrated Management 2.1
Avaya Integrated Management
Avaya CVLAN
Avaya Converged Communications Server 2.0

- 漏洞讨论

GDB is reportedly affected by multiple vulnerabilities. These issues can allow an attacker to execute arbitrary code and commands on an affected computer. A successful attack may allow the attacker to gain elevated privileges or unauthorized access.

The following specific issues were identified:

- a remote heap-overflow vulnerability when loading malformed object files.
- a local privilege-escalation vulnerability.

GDB 6.3 is reportedly affected by these issues; other versions are likely vulnerable as well. GNU binutils 2.14 and 2.15 are affected by the heap-overflow issue as well.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Please see the referenced advisories for more information.


Turbolinux Home

GNU Binutils 2.15.92.0.2

GNU Binutils 2.15.94.0.2.2

Turbolinux Appliance Server 1.0 Hosting Edition

Turbolinux Appliance Server 1.0 Workgroup Edition

Mandriva Linux Mandrake 10.0 AMD64

Mandriva Linux Mandrake 10.0

Turbolinux Turbolinux Desktop 10.0

Mandriva Linux Mandrake 10.1

Mandriva Linux Mandrake 10.1 x86_64

Mandriva Linux Mandrake 10.2

Mandriva Linux Mandrake 10.2 x86_64

MandrakeSoft Corporate Server 2.1 x86_64

MandrakeSoft Corporate Server 2.1

GNU Binutils 2.11

GNU Binutils 2.12

GNU Binutils 2.14

GNU Binutils 2.15

MandrakeSoft Corporate Server 3.0

VMWare ESX Server 3.0

MandrakeSoft Corporate Server 3.0 x86_64

Ubuntu Ubuntu Linux 4.1 ia32

GNU GDB 6.1

GNU GDB 6.3

Turbolinux Turbolinux Server 7.0

Turbolinux Turbolinux Workstation 7.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站