CVE-2005-2958
CVSS7.5
发布时间 :2005-10-25 12:02:00
修订时间 :2010-04-02 01:35:22
NMCOPS    

[原文]Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code.


[CNNVD]LibGDA多个格式串处理漏洞(CNNVD-200510-214)

        libGDA是一个开发面向数据库的应用程序的完整的框架,允许应用程序能访问PostgreSQL、MySQL、Oracle、Sybase和ODBC数据源。
        Gnome数据库访问库(libgda)的日志处理器中存在两个格式串漏洞,允许本地攻击者以运行该函数库的权限执行任意代码。目前更多信息不详。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2958
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2958
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-214
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2005/dsa-871
(VENDOR_ADVISORY)  DEBIAN  DSA-871
http://www.ubuntulinux.org/support/documentation/usn/usn-212-1
(UNKNOWN)  UBUNTU  USN-212-1
http://www.securityfocus.com/bid/15200
(UNKNOWN)  BID  15200
http://www.redhat.com/archives/fedora-announce-list/2005-November/msg00013.html
(UNKNOWN)  FEDORA  FEDORA-2005-1029
http://www.novell.com/linux/security/advisories/2005_27_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:027
http://www.mandriva.com/security/advisories?name=MDKSA-2005:203
(UNKNOWN)  MANDRIVA  MDKSA-2005:203
http://www.gentoo.org/security/en/glsa/glsa-200511-01.xml
(UNKNOWN)  GENTOO  GLSA-200511-01
http://securitytracker.com/id?1015107
(UNKNOWN)  SECTRACK  1015107
http://secunia.com/advisories/17559
(UNKNOWN)  SECUNIA  17559
http://secunia.com/advisories/17500
(UNKNOWN)  SECUNIA  17500
http://secunia.com/advisories/17426
(UNKNOWN)  SECUNIA  17426
http://secunia.com/advisories/17391
(UNKNOWN)  SECUNIA  17391
http://secunia.com/advisories/17339
(UNKNOWN)  SECUNIA  17339
http://secunia.com/advisories/17323
(UNKNOWN)  SECUNIA  17323

- 漏洞信息

LibGDA多个格式串处理漏洞
高危 格式化字符串
2005-10-25 00:00:00 2005-10-25 00:00:00
本地  
        libGDA是一个开发面向数据库的应用程序的完整的框架,允许应用程序能访问PostgreSQL、MySQL、Oracle、Sybase和ODBC数据源。
        Gnome数据库访问库(libgda)的日志处理器中存在两个格式串漏洞,允许本地攻击者以运行该函数库的权限执行任意代码。目前更多信息不详。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.dsc
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.diff.gz
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_alpha.deb
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_amd64.deb
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_arm.deb
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_i386.deb
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_ia64.deb
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_hppa.deb
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_m68k.de
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mips.deb
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mipsel.deb
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_powerpc.deb
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_s390.deb
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_sparc.deb

- 漏洞信息 (F41074)

Ubuntu Security Notice 212-1 (PacketStormID:F41074)
2005-10-30 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,vulnerability
linux,ubuntu
CVE-2005-2958
[点击下载]

Ubuntu Security Notice USN-212-1 - Steve Kemp discovered two format string vulnerabilities in the logging handler of the Gnome database access library. Depending on the application that uses the library, this could have been exploited to execute arbitrary code with the permission of the user running the application.

--LpQ9ahxlCli8rRTG
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-212-1	   October 28, 2005
libgda2 vulnerability
CAN-2005-2958
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

libgda2-1
libgda2-3

The problem can be corrected by upgrading the affected package to
version 1.0.4-1ubuntu0.1 (for Ubuntu 4.10), 1.1.99-1ubuntu0.1 (for
Ubuntu 5.04), or 1.2.1-2ubuntu3.1 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Steve Kemp discovered two format string vulnerabilities in the logging
handler of the Gnome database access library. Depending on the
application that uses the library, this could have been exploited to
execute arbitrary code with the permission of the user running the
application.


Updated packages for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.0.4-=
1ubuntu0.1.diff.gz
      Size/MD5:    14829 ba4ce8b304539a61ab575d932711070f
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.0.4-=
1ubuntu0.1.dsc
      Size/MD5:     1961 c6eaf76b68cd4ea8f436a62f2dab101b
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.0.4.=
orig.tar.gz
      Size/MD5:  1778950 345980ba52dcc1a4d24092e57869f92c

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-doc_1.=
0.4-1ubuntu0.1_all.deb
      Size/MD5:   212224 354ca028706f54fa53ad89b93fbad5ed

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freet=
ds_1.0.4-1ubuntu0.1_amd64.deb
      Size/MD5:    72040 2ce51b479b815b0fe71abe3e8bfccfd9
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql=
_1.0.4-1ubuntu0.1_amd64.deb
      Size/MD5:    18266 345c90c113c27a1241fa9c88949c1a3e
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_=
1.0.4-1ubuntu0.1_amd64.deb
      Size/MD5:    13316 f6f3c62598bf67ce54b4c992ce1a2b39
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postg=
res_1.0.4-1ubuntu0.1_amd64.deb
      Size/MD5:    24476 0c9eb106b5f1eb434f7aa0eaf8005814
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlit=
e_1.0.4-1ubuntu0.1_amd64.deb
      Size/MD5:    12396 d719341406907ed2816b3bbc71e84158
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-1_1.0.=
4-1ubuntu0.1_amd64.deb
      Size/MD5:   223580 aefc05d04856fc97187de0e8e5a85216
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common=
_1.0.4-1ubuntu0.1_amd64.deb
      Size/MD5:   279102 e3513da5ad1d08a9e59627630587ac7f
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dbg_1.=
0.4-1ubuntu0.1_amd64.deb
      Size/MD5:  1734352 8048f322356530e36f10e63282bf9d7c
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.=
0.4-1ubuntu0.1_amd64.deb
      Size/MD5:   313830 a6cd2d0bf8971dcd5814d7cf4a47b122

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freet=
ds_1.0.4-1ubuntu0.1_i386.deb
      Size/MD5:    70584 ce56c16f4697028f3bf11250664ba125
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql=
_1.0.4-1ubuntu0.1_i386.deb
      Size/MD5:    16470 f59e3521b70e11b2361451a29c8665ff
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_=
1.0.4-1ubuntu0.1_i386.deb
      Size/MD5:    12100 356c229d2e2f559333dc09db7656f20d
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postg=
res_1.0.4-1ubuntu0.1_i386.deb
      Size/MD5:    22490 54f9c4ed879f81658df08404bdb30a57
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlit=
e_1.0.4-1ubuntu0.1_i386.deb
      Size/MD5:    11030 eab5962d136c45315a0b3f704a7134f9
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-1_1.0.=
4-1ubuntu0.1_i386.deb
      Size/MD5:   196738 130447269c9b143214c913b6a37b9c69
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common=
_1.0.4-1ubuntu0.1_i386.deb
      Size/MD5:   274650 c593c6c45152608abca1f2a1c7509378
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dbg_1.=
0.4-1ubuntu0.1_i386.deb
      Size/MD5:  1698036 aaea8cad4c2d58fd3e4079c7a0c93999
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.=
0.4-1ubuntu0.1_i386.deb
      Size/MD5:   246530 f719503a52dcbb72c26937d83f42c3d2

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freet=
ds_1.0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:    71976 3364891a091d4f334222c840bd2384fd
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql=
_1.0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:    18706 711acc62b5889f1296107789fd54c3e1
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_=
1.0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:    13392 bcf4a6f17df3004302ce4ae5eb0f4b78
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postg=
res_1.0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:    25044 5c9a121f3e296eb3da8be5d5459f709e
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlit=
e_1.0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:    12396 34b7b57515cec017f8f57adcd3ce0bc4
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-1_1.0.=
4-1ubuntu0.1_powerpc.deb
      Size/MD5:   205576 e396fbee9af57b5f2c12e0862c615be2
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common=
_1.0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:   279400 0954e2bf905d1ecce113787b38f5d242
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dbg_1.=
0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:  1707936 cec04d93c7bf063e1f020f39cf24d5bd
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.=
0.4-1ubuntu0.1_powerpc.deb
      Size/MD5:   334026 4a23e94cc13a9c510a16c44c6f6c7d92

Updated packages for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.1.99=
-1ubuntu0.1.diff.gz
      Size/MD5:     8586 1c333a3c2c26190125b252ca4f8c9d0a
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.1.99=
-1ubuntu0.1.dsc
      Size/MD5:     2015 bdd8f14c7de66ca7f7e9b62f02403710
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.1.99=
=2Eorig.tar.gz
      Size/MD5:  2024240 50d115c5c363b3a5ffadcd8451952d40

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-doc_1.=
1.99-1ubuntu0.1_all.deb
      Size/MD5:   251970 3cac3fd6ad68e3083d64da50d1178c47

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freet=
ds_1.1.99-1ubuntu0.1_amd64.deb
      Size/MD5:    18578 da97e9f50e49e901febb32ece5fa5a62
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql=
_1.1.99-1ubuntu0.1_amd64.deb
      Size/MD5:    19062 33da6da7a2b0cc58cec33f654f54d772
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_=
1.1.99-1ubuntu0.1_amd64.deb
      Size/MD5:    13490 11708d137647170d55d7601937d20ce7
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postg=
res_1.1.99-1ubuntu0.1_amd64.deb
      Size/MD5:    27632 a05e6371bc7939503d28e10384a3cf7d
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlit=
e_1.1.99-1ubuntu0.1_amd64.deb
      Size/MD5:    12144 1c74d73717424367f691528603bbb257
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-1_1.1.=
99-1ubuntu0.1_amd64.deb
      Size/MD5:   224148 9197c55ce41c9042ee9fa21985b637a9
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common=
_1.1.99-1ubuntu0.1_amd64.deb
      Size/MD5:   306548 f8bf9572fcc7f8952a20f1948387d6ba
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dbg_1.=
1.99-1ubuntu0.1_amd64.deb
      Size/MD5:  1801822 38e87b84f5c542efad9c7aa80d112561
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.=
1.99-1ubuntu0.1_amd64.deb
      Size/MD5:   307764 fdb18e04aeef6eff6c95bc797feef7cb

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freet=
ds_1.1.99-1ubuntu0.1_i386.deb
      Size/MD5:    17506 f527ff8ca670357feb93007e166ed4f1
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql=
_1.1.99-1ubuntu0.1_i386.deb
      Size/MD5:    17368 7845367c1b81632880aa36aa429a7fa2
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_=
1.1.99-1ubuntu0.1_i386.deb
      Size/MD5:    12436 2f881650ffd1310f45c4f789d2596294
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postg=
res_1.1.99-1ubuntu0.1_i386.deb
      Size/MD5:    26012 42dcb9bb5b0b21140360aa21e29497ac
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlit=
e_1.1.99-1ubuntu0.1_i386.deb
      Size/MD5:    11062 99c13906571f17675dc0d4951facdc92
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-1_1.1.=
99-1ubuntu0.1_i386.deb
      Size/MD5:   206700 1e4c48bf1a2863c574174787d8929996
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common=
_1.1.99-1ubuntu0.1_i386.deb
      Size/MD5:   301632 53217aec9dde9b83a4f6fb9b6bc95161
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dbg_1.=
1.99-1ubuntu0.1_i386.deb
      Size/MD5:  1778954 15fdde243d26de9a60b77907624e8dd9
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.=
1.99-1ubuntu0.1_i386.deb
      Size/MD5:   248406 a798e54b5c89073d67798f154eb709cc

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freet=
ds_1.1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:    18938 6c885e902438bc2082cfb6f81a9e1613
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql=
_1.1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:    19584 b1258f2da21064974a0dcf83bc1dd514
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_=
1.1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:    13758 56a9537ccd9fa9f304095559f5dc4fb1
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postg=
res_1.1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:    28532 c292dd8b75613f320df5e6352540097b
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlit=
e_1.1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:    12452 ed890b1dfe7198cc26eca83e61f6e8f0
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-1_1.1.=
99-1ubuntu0.1_powerpc.deb
      Size/MD5:   215548 1dd5a8a5d3c1c199fcbe5f549419f7e4
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common=
_1.1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:   307350 88f5f699b17fe80431b68ad8b2749476
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dbg_1.=
1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:  2922290 47c9ad0c2370f639337794fbb350f69c
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.=
1.99-1ubuntu0.1_powerpc.deb
      Size/MD5:   311146 613cb5bf05953af61b485c9c6abc45f5

Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.2.1-=
2ubuntu3.1.diff.gz
      Size/MD5:    10175 a0581f32596cc721eeaa933f508d6e6f
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.2.1-=
2ubuntu3.1.dsc
      Size/MD5:     1992 9158d234ff184030863d6a50afe6697b
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2_1.2.1.=
orig.tar.gz
      Size/MD5:  2038045 ca6103ad97d565c08a613b13b6b32f8d

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-doc_1.=
2.1-2ubuntu3.1_all.deb
      Size/MD5:   246388 7142c393d12e3146fae1a15de535b10f

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freet=
ds_1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:    18546 15be35e689037fd226ad4f528aac4bfc
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql=
_1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:    19578 da4f42e21631a4a644b1aff013ecc6c2
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_=
1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:    13698 2c344fa51462e375a155323e02f5fd55
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postg=
res_1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:    28754 55b01eb7fc20f4d7862d53c11b2821c3
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlit=
e_1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:    12282 33d0f3be65110d072d664c06ed929298
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/libgda2-3-=
dbg_1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:   416856 675183d4545f2e3f0c229bfb1fe377c6
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-3_1.2.=
1-2ubuntu3.1_amd64.deb
      Size/MD5:   239950 604676f4cb12564db11adf6668882650
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common=
_1.2.1-2ubuntu3.1_amd64.deb
      Size/MD5:   307488 2699efd00caadec2bd6885670f1a6475
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.=
2.1-2ubuntu3.1_amd64.deb
      Size/MD5:   332512 34c36816a9037ddbb7503286c52eceab

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freet=
ds_1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:    16676 330563f77bf572f20ae414dd84ea78f1
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql=
_1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:    17244 36fec55d50978dfd0723f4d37f707c2a
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_=
1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:    12344 55cd204876243d2d71e98c15c0e0806c
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postg=
res_1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:    26508 8ac8e0eb58bb5533b4f53ba56823cfc6
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlit=
e_1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:    10960 728d197c4d4ab1066efcd8622e5b9749
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/libgda2-3-=
dbg_1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:   337150 2616e6eb277bb65c09cbd01882e01e9e
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-3_1.2.=
1-2ubuntu3.1_i386.deb
      Size/MD5:   214874 4df22945859ddd132641d9ae8e774f44
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common=
_1.2.1-2ubuntu3.1_i386.deb
      Size/MD5:   304172 f11c6831a48fa5f2a80737b62aff20b5
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.=
2.1-2ubuntu3.1_i386.deb
      Size/MD5:   264982 9ebcbc5d33d6a9bbb1a8b898950ce832

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-freet=
ds_1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:    18778 971fa11b5e31722f1b3d96694430d738
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-mysql=
_1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:    19934 a60c238b1556e0a3889c21a20804b144
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-odbc_=
1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:    14016 a04e7b90000ca4d9fd44e934163b2420
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-postg=
res_1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:    29294 428c8acd0677a7028215cb97200a366b
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/gda2-sqlit=
e_1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:    12756 b6b74dbaffe3e0475b9bf88e9aa9e3d7
    http://security.ubuntu.com/ubuntu/pool/universe/libg/libgda2/libgda2-3-=
dbg_1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:   400498 b2cbd77cc9113f309425d88b316ae748
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-3_1.2.=
1-2ubuntu3.1_powerpc.deb
      Size/MD5:   232080 3ff7a24735140e8bed80f51508c69d78
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-common=
_1.2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:   310282 4d614c824c5c3b3ffe0880c559c633e3
    http://security.ubuntu.com/ubuntu/pool/main/libg/libgda2/libgda2-dev_1.=
2.1-2ubuntu3.1_powerpc.deb
      Size/MD5:   336260 fdb3fc9d7a77b97f7515c2a778e98693

--=20
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org

--LpQ9ahxlCli8rRTG
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDYn4bDecnbV4Fd/IRAooxAKDcWoMSzDTRnZAj78S8s0WjQPgWdgCg8VIb
q/toNRAzMzEGN79SeOJohIg=
=/vYn
-----END PGP SIGNATURE-----

--LpQ9ahxlCli8rRTG--
    

- 漏洞信息

20315
GNOME-DB libgda Logging Function Multiple Format String
Local / Remote, Context Dependent Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-10-25 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

LibGDA Multiple Format String Vulnerabilities
Input Validation Error 15200
No Yes
2005-10-25 12:00:00 2009-07-12 05:56:00
Steve Kemp is credited with the discovery of these vulnerabilities.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Office Server
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
Red Hat Fedora Core3
Gnome-DB libgda 2.0
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 2006.0 x86_64
+ Mandriva Linux Mandrake 2006.0
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
Gnome-DB libgda 1.2.2
Gnome-DB libgda 1.2.1
Gnome-DB libgda 1.1.99
Gnome-DB libgda 1.0.4
Gnome-DB libgda 1.0.3
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

libgda is prone to multiple format string vulnerabilities. These issues arise due to insufficient sanitization of user-supplied data.

Very little information is available on these issues. This BID will be updated as more information becomes available.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Debian Linux has released security advisory DSA 871-1 addressing this issue. Please see the referenced advisory for further information.

Debian Linux has released an updated security advisory (DSA 871-2) addressing this issue. Please see the referenced advisory for further information.

Ubuntu Linux has released security advisory USN-212-1 addressing this issue. Users are advised to see the referenced update for further information on obtaining and applying the appropriate updates.

Mandriva has released advisory MDKSA-2005:203 to address this issue. Please see the attached advisory for details on obtaining and applying fixes.

Gentoo has released advisory GLSA 200511-01 to address these issues. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:

emerge --sync
emerge --ask --oneshot --verbose ">=gnome-extra/libgda-1.2.2-r1"

SUSE has released advisory SUSE-SR:2005:025 to address this, and other issues in various packages, in various SUSE products. The advisory states that there are pending fixes for this issue in SUSE products. Please see the referenced advisory for further information.

RedHat Fedora has released security advisory FEDORA-2005-1029 addressing this issue for Fedora Core 3. Users are advised to see the referenced advisory for details on obtaining and applying the appropriate updates.

SUSE Linux has released Security Summary Report SUSE-SR:2005:027 to address this, and other issues in various SUSE products. Please see the referenced advisory for further information.

--
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


Gnome-DB libgda 1.0.3

Gnome-DB libgda 1.0.4

Gnome-DB libgda 1.1.99

Gnome-DB libgda 1.2.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站