CVE-2005-2658
CVSS7.5
发布时间 :2005-09-15 16:03:00
修订时间 :2008-09-05 16:52:20
NMCOPS    

[原文]Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 and earlier might allow remote NNTP servers to execute arbitrary code via a date with a long month.


[CNNVD]Turquoise SuperStat utility.cpp远程缓冲区溢出漏洞(CNNVD-200509-139)

        Turquoise SuperStat是一个简单但是功能强大的Fidonet和Usenet消息的统计程序。
        Turquoise SuperStat (turqstat) 2.2.4以及较早版本的utility.cpp存在缓冲区溢出漏洞,从而NNTP远程服务器可以通过带长月份格式的日期来执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:softwolves_software:turquoise_superstat:2.2.3
cpe:/a:softwolves_software:turquoise_superstat:2.2.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2658
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2658
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200509-139
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2005/dsa-812
(VENDOR_ADVISORY)  DEBIAN  DSA-812
http://cvs.alioth.debian.org/cgi-bin/cvsweb.cgi/turqstat/utility.cpp.diff?cvsroot=turqstat&r2=1.41&r1=1.40&f=u
(UNKNOWN)  MISC  http://cvs.alioth.debian.org/cgi-bin/cvsweb.cgi/turqstat/utility.cpp.diff?cvsroot=turqstat&r2=1.41&r1=1.40&f=u
http://www.securityfocus.com/bid/14852
(UNKNOWN)  BID  14852

- 漏洞信息

Turquoise SuperStat utility.cpp远程缓冲区溢出漏洞
高危 缓冲区溢出
2005-09-15 00:00:00 2005-10-20 00:00:00
远程  
        Turquoise SuperStat是一个简单但是功能强大的Fidonet和Usenet消息的统计程序。
        Turquoise SuperStat (turqstat) 2.2.4以及较早版本的utility.cpp存在缓冲区溢出漏洞,从而NNTP远程服务器可以通过带长月份格式的日期来执行任意代码。

- 公告与补丁

        暂无数据

- 漏洞信息 (F40102)

Debian Linux Security Advisory 812-1 (PacketStormID:F40102)
2005-09-20 00:00:00
Debian  debian.org
advisory,overflow
linux,debian
CVE-2005-2658
[点击下载]

Debian Security Advisory DSA 812-1 - Peter Karlsson discovered a buffer overflow in Turquoise SuperStat, a program for gathering statistics from Fidonet and Usenet, that can be exploited by a specially crafted NNTP server.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 812-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 15th, 2005                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : turqstat
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CAN-2005-2658

Peter Karlsson discovered a buffer overflow in Turquoise SuperStat, a
program for gathering statistics from Fidonet and Usenet, that can be
exploited by a specially crafted NNTP server.

For the old stable distribution (woody) this problem has been fixed in
version 2.2.1woody1.

For the stable distribution (sarge) this problem has been fixed in
version 2.2.2sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 2.2.4-1.

We recommend that you upgrade your turqstat package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1.dsc
      Size/MD5 checksum:      544 d928fdfa27a159fdab8a5a8884fe5f89
    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1.tar.gz
      Size/MD5 checksum:   270910 42d8a8a0a918f170de995d486c23b653

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_alpha.deb
      Size/MD5 checksum:   132096 906f3128869e6d7b0afd07cec132c72a
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_alpha.deb
      Size/MD5 checksum:   176418 3109d357b362669a322ec7f5d3a95d7f

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_arm.deb
      Size/MD5 checksum:   124080 f0fd9cedb36db2636a823aa8ade7c916
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_arm.deb
      Size/MD5 checksum:   165586 15456da1a258074d87ce7732b3382498

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_i386.deb
      Size/MD5 checksum:   113180 6eee07bf2fe43335b19c9b1629b6057f
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_i386.deb
      Size/MD5 checksum:   153308 8d8a680ee6838382d749936fd5e2a6f1

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_ia64.deb
      Size/MD5 checksum:   137222 789b31dcb961a9f4db2114f86b543bb2
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_ia64.deb
      Size/MD5 checksum:   187992 5699afd846374683fa0d8a5713966a71

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_hppa.deb
      Size/MD5 checksum:   151334 01917983921193be6871f8d7f88ada9a
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_hppa.deb
      Size/MD5 checksum:   189768 15400f31cf5cc357fe2b848fe833a334

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_m68k.deb
      Size/MD5 checksum:   110610 41a66acf6252b48d8df4e4697eb77b11
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_m68k.deb
      Size/MD5 checksum:   149208 aae5619b44e2ceac583d0b1e88763812

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_mips.deb
      Size/MD5 checksum:   111064 34b913e65e80b6911af2a02894d816bf
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_mips.deb
      Size/MD5 checksum:   146630 376ba9b7bff126d556e1fe31594e4728

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_mipsel.deb
      Size/MD5 checksum:   107550 87be688734db30761800c310f1c8c1c1
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_mipsel.deb
      Size/MD5 checksum:   142122 1bca8324176ebc4ae870e1c3d3beb398

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_powerpc.deb
      Size/MD5 checksum:   112282 bc6797f83d4c9a7ae1840abbe00db82f
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_powerpc.deb
      Size/MD5 checksum:   150786 0a40ea48ddffb8c13766ddfcd8bc496f

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_s390.deb
      Size/MD5 checksum:   104326 4240b133663e82195a64c511d32bc15e
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_s390.deb
      Size/MD5 checksum:   139432 c27f7844b178a3d868c88b1aa495da12

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.1woody1_sparc.deb
      Size/MD5 checksum:   112886 a60fbcc55e894b9b658f710871d372b2
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.1woody1_sparc.deb
      Size/MD5 checksum:   151838 e9f0531430def331ea663a2179d5a067


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1.dsc
      Size/MD5 checksum:      551 ff23197169d40165a1d81e537dd32137
    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1.tar.gz
      Size/MD5 checksum:   283780 a3a45fc896c7cd323a0f5920b1d6a63c

  Alpha architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_alpha.deb
      Size/MD5 checksum:   110668 50293b365282f4db408f18490f240373
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_alpha.deb
      Size/MD5 checksum:   157870 b67322d2478cc2f66983fe25dd59737e

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_amd64.deb
      Size/MD5 checksum:   101154 d10054aebc7330706bf3f320a3ff6a5b
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_amd64.deb
      Size/MD5 checksum:   143072 ea9531d04c0bd89b5c739b5b7800f94e

  ARM architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_arm.deb
      Size/MD5 checksum:   138204 c1fe5c573bcc3a45cb737d602f3ba4c5
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_arm.deb
      Size/MD5 checksum:   183976 03a55e5783a24c298375ac0bb338c2f2

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_i386.deb
      Size/MD5 checksum:   101718 29f9c8ed4061190bf384cf93a067a6f2
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_i386.deb
      Size/MD5 checksum:   143188 b6bbb8562f7c0ecea4d39294248cb3ee

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_ia64.deb
      Size/MD5 checksum:   122406 3894751f0c12ed40f868a48d721aa9ea
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_ia64.deb
      Size/MD5 checksum:   173152 59a041fd4689ddec5e4fba55940a5b5e

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_hppa.deb
      Size/MD5 checksum:   122114 4b0a48530c521722ad2d635f3d56b385
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_hppa.deb
      Size/MD5 checksum:   172938 a173b5c4aad3958c375af803cd756550

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_m68k.deb
      Size/MD5 checksum:   102090 ba002e24bb7a895be99b9915294dc1fc
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_m68k.deb
      Size/MD5 checksum:   147268 896316b5b3513378160f89ea67e0a57d

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_mips.deb
      Size/MD5 checksum:   108740 ca396d064422ac90d9db281ccda3b154
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_mips.deb
      Size/MD5 checksum:   147568 9ec920273e732b003fe5c89fbc01af75

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_mipsel.deb
      Size/MD5 checksum:   105518 57c04fcbeea57eb5c9ad63ac4f43a0a1
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_mipsel.deb
      Size/MD5 checksum:   144070 62c805442a1aa43331221ea6bce2dda7

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_powerpc.deb
      Size/MD5 checksum:   103126 99656e90993501fe4e35b8a8b03746f5
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_powerpc.deb
      Size/MD5 checksum:   144386 0f35c9cd34a61ae4b94d77544edd1e48

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_s390.deb
      Size/MD5 checksum:   100554 717b9cd9da21deaf958a55490d1e9190
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_s390.deb
      Size/MD5 checksum:   136704 911498ec823201e76f3cc1737dfa2d4c

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/t/turqstat/turqstat_2.2.2sarge1_sparc.deb
      Size/MD5 checksum:   104778 960e5ad3d3440798498dde2761a2195e
    http://security.debian.org/pool/updates/main/t/turqstat/xturqstat_2.2.2sarge1_sparc.deb
      Size/MD5 checksum:   144502 46c24e1d6d2bb57a80f3080cf1c2b238


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDKQXVW5ql+IAeqTIRAm2yAJ9YW6HOuxrILTIArodmBw7o7e9AagCcCzWF
BmxcLxJtepBq0QvIAzlk/DU=
=Ymqt
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

19419
Turquoise SuperStat Date Parser Crafted NNTP Server Response Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-09-15 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Turquoise SuperStat Date Parser Remote Buffer Overflow Vulnerability
Boundary Condition Error 14852
Yes No
2005-09-15 12:00:00 2009-07-12 05:06:00
Discovery is credited to Peter Karlsson.

- 受影响的程序版本

Turquoise SuperStat Turquoise SuperStat 2.2.3
Turquoise SuperStat Turquoise SuperStat 2.2.2
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
Turquoise SuperStat Turquoise SuperStat 2.2.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
Turquoise SuperStat Turquoise SuperStat 2.2
Turquoise SuperStat Turquoise SuperStat 2.2.4

- 不受影响的程序版本

Turquoise SuperStat Turquoise SuperStat 2.2.4

- 漏洞讨论

Turquoise SuperStat is prone to a buffer overflow in its NNTP response mechanism.

The vulnerability presents itself when a malicious NNTP server supplies excessive data to the application that is handled by the date parsing routines.

A successful attack may result in a remote compromise.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

The vendor has released an upgrade to address this issue.

Debian had released advisory DSA 812-1 to address this issue. Please see the referenced advisory for more information.


Turquoise SuperStat Turquoise SuperStat 2.2

Turquoise SuperStat Turquoise SuperStat 2.2.1

Turquoise SuperStat Turquoise SuperStat 2.2.2

Turquoise SuperStat Turquoise SuperStat 2.2.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站