CVE-2005-2966
CVSS5.1
发布时间 :2005-10-05 17:02:00
修订时间 :2011-06-16 00:00:00
NMCOPS    

[原文]The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.


[CNNVD]DIA SVG 文件导入远程任意代码执行漏洞(CNNVD-200510-018)

        Dia是开放源码的流程图软件,是GNU计划的一部分。
        DIA 0.94及之前版本的Python SVG导入插件(diasvg_import.py)可以使用户协助的攻击者借助特制的SVG文件执行任意指令。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:dia:dia:0.93
cpe:/a:dia:dia:0.92.2
cpe:/a:dia:dia:0.91
cpe:/a:dia:dia:0.94

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2966
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2966
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-018
(官方数据源) CNNVD

- 其它链接及资源

http://www.vupen.com/english/advisories/2005/1950
(VENDOR_ADVISORY)  VUPEN  ADV-2005-1950
http://www.ubuntulinux.org/support/documentation/usn/usn-193-1
(VENDOR_ADVISORY)  UBUNTU  USN-193-1
http://www.securityfocus.com/bid/15000
(UNKNOWN)  BID  15000
http://www.novell.com/linux/security/advisories/2005_22_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:022
http://www.mandriva.com/security/advisories?name=MDKSA-2005:187
(UNKNOWN)  MANDRIVA  MDKSA-2005:187
http://www.gentoo.org/security/en/glsa/glsa-200510-06.xml
(UNKNOWN)  GENTOO  GLSA-200510-06
http://www.debian.org/security/2006/dsa-1025
(UNKNOWN)  DEBIAN  DSA-1025
http://www.debian.org/security/2005/dsa-847
(UNKNOWN)  DEBIAN  DSA-847
http://secunia.com/advisories/17108
(VENDOR_ADVISORY)  SECUNIA  17108
http://secunia.com/advisories/17095
(VENDOR_ADVISORY)  SECUNIA  17095
http://secunia.com/advisories/17083
(VENDOR_ADVISORY)  SECUNIA  17083
http://secunia.com/advisories/17059
(VENDOR_ADVISORY)  SECUNIA  17059
http://secunia.com/advisories/17047
(UNKNOWN)  SECUNIA  17047

- 漏洞信息

DIA SVG 文件导入远程任意代码执行漏洞
中危 输入验证
2005-10-05 00:00:00 2006-08-28 00:00:00
远程  
        Dia是开放源码的流程图软件,是GNU计划的一部分。
        DIA 0.94及之前版本的Python SVG导入插件(diasvg_import.py)可以使用户协助的攻击者借助特制的SVG文件执行任意指令。

- 公告与补丁

        暂无数据

- 漏洞信息 (F40519)

Debian Linux Security Advisory 847-1 (PacketStormID:F40519)
2005-10-08 00:00:00
Debian  security.debian.org
advisory,arbitrary,python
linux,debian
CVE-2005-2966
[点击下载]

Debian Security Advisory DSA 847-1 - Joxean Koret discovered that the Python SVG import plugin in dia, a vector-oriented diagram editor, does not properly sanitise data read from an SVG file and is hence vulnerable to execute arbitrary Python code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 847-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 8th, 2005                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : dia
Vulnerability  : missing input sanitising
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CAN-2005-2966
BugTraq ID     : 15000
Debian Bug     : 330890

Joxean Koret discovered that the Python SVG import plugin in dia, a
vector-oriented diagram editor, does not properly sanitise data read
from an SVG file and is hence vulnerable to execute arbitrary Python
code.

The old stable distribution (woody) is not affected by this problem.

For the stable distribution (sarge) this problem has been fixed in
version 0.94.0-7sarge1.

For the unstable distribution (sid) this problem has been fixed in
version 0.94.0-15.

We recommend that you upgrade your dia package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1.dsc
      Size/MD5 checksum:     1407 e852a784e57e6ccd455b4da297ae7c36
    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1.diff.gz
      Size/MD5 checksum:    15763 4704a9ac297063f937a27b669b4f9c7f
    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0.orig.tar.gz
      Size/MD5 checksum:  5241128 d2afdc10f55df29314250d98dbfd7a79

  Architecture independent components:

    http://security.debian.org/pool/updates/main/d/dia/dia-common_0.94.0-7sarge1_all.deb
      Size/MD5 checksum:  2148988 a6aaf3822ae0323890b29fa9059b0185

  Alpha architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_alpha.deb
      Size/MD5 checksum:   222846 e2a858944403aaf7e2be0b55213494a1
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_alpha.deb
      Size/MD5 checksum:   224378 49be5d481ac3b550c52422cdb1be6765
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_alpha.deb
      Size/MD5 checksum:   729796 3b24c04e39a7c8b416dd504f4470be15

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_amd64.deb
      Size/MD5 checksum:   193428 5d7b0041a851b5af1cb6273368551154
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_amd64.deb
      Size/MD5 checksum:   195070 2c20715651206e8aadc5d1215ae03462
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_amd64.deb
      Size/MD5 checksum:   659184 cd4ac2d216773979f2b03ec63976a6cb

  ARM architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_arm.deb
      Size/MD5 checksum:   173002 4c5d220bb555d014bd5dd5e6928f1493
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_arm.deb
      Size/MD5 checksum:   174468 0c31ec33766fac82bf005c43b5f6a9ac
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_arm.deb
      Size/MD5 checksum:   552166 a7aa7e3699ae090ab67ad9d3195755f3

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_i386.deb
      Size/MD5 checksum:   184330 4f69a644c2ac8f97a5a81fdf3e1146b5
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_i386.deb
      Size/MD5 checksum:   185734 fc75348b11fe90abb7568c95ee3ba333
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_i386.deb
      Size/MD5 checksum:   591844 06e9aad469c243ac472aac861ee98ef5

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_ia64.deb
      Size/MD5 checksum:   263706 173b29cc71d5f815a251cd0054898c1e
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_ia64.deb
      Size/MD5 checksum:   265022 91db1802a98dcb9c199bbe60c3c7a377
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_ia64.deb
      Size/MD5 checksum:   919608 0277be2023d768feb15e4b30941bc878

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_hppa.deb
      Size/MD5 checksum:   200672 7d122a717ef54af4dd7a96b8664ade44
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_hppa.deb
      Size/MD5 checksum:   202164 8215bf17aab46573dc1efec74610b4f4
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_hppa.deb
      Size/MD5 checksum:   774842 852b861d4d643e13394521a86adbb227

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_m68k.deb
      Size/MD5 checksum:   160638 78a7eba8343578b099b72339664017ab
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_m68k.deb
      Size/MD5 checksum:   162340 0af833a6b2696562061030bf15dbbb8e
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_m68k.deb
      Size/MD5 checksum:   583354 7e8ae3d03bcfff9ec1d0212ae95f9fdc

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_mips.deb
      Size/MD5 checksum:   177636 8f160d6fa015e2ddb784fbdcc94a9228
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_mips.deb
      Size/MD5 checksum:   179200 6e35a36fba03daf21da687705d409633
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_mips.deb
      Size/MD5 checksum:   642424 9769855484e5b221e5a78df2a70d4b7b

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_mipsel.deb
      Size/MD5 checksum:   176076 3166639d7c5a90468fcdc36602186278
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_mipsel.deb
      Size/MD5 checksum:   177640 7d88dcd6bebb103e4f49981896301505
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_mipsel.deb
      Size/MD5 checksum:   630812 a32265d64a09c7dae6d92f683e266a25

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_powerpc.deb
      Size/MD5 checksum:   183314 c2a98325c9b505d7dc05232d3872be2d
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_powerpc.deb
      Size/MD5 checksum:   184826 fc94a2ba1a9a9b6221134e92b549d239
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_powerpc.deb
      Size/MD5 checksum:   674766 ee38feb593a6d53d3e45f67a1164400b

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_s390.deb
      Size/MD5 checksum:   185236 ca4b69b30d59e32b435a41ac8159c89b
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_s390.deb
      Size/MD5 checksum:   187036 c9ecdde728a3abdab38e5f6ced018619
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_s390.deb
      Size/MD5 checksum:   649000 b6028520487207f11eafc65df0d40548

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/d/dia/dia_0.94.0-7sarge1_sparc.deb
      Size/MD5 checksum:   175274 276a178671668aa9d061202163e99576
    http://security.debian.org/pool/updates/main/d/dia/dia-gnome_0.94.0-7sarge1_sparc.deb
      Size/MD5 checksum:   176704 85851e8f38f05e527f67375868efa5bd
    http://security.debian.org/pool/updates/main/d/dia/dia-libs_0.94.0-7sarge1_sparc.deb
      Size/MD5 checksum:   610434 e18ecc88091f7b39c6edf906e9313f1c


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDR2vdW5ql+IAeqTIRAo73AJ9waojIIN+oZ8Qe4IrGwcBXMOdlrgCfWGNZ
Te+ZaXeTibMlT0+AfZqQNd0=
=uNUG
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F40483)

Gentoo Linux Security Advisory 200510-6 (PacketStormID:F40483)
2005-10-07 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-2966
[点击下载]

Gentoo Linux Security Advisory GLSA 200510-06 - Joxean Koret discovered that the SVG import plugin in Dia fails to properly sanitise data read from an SVG file. Versions less than 0.94-r3 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200510-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Dia: Arbitrary code execution through SVG import
      Date: October 06, 2005
      Bugs: #107916
        ID: 200510-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Improperly sanitised data in Dia allows remote attackers to execute
arbitrary code.

Background
==========

Dia is a gtk+ based diagram creation program released under the GPL
license.

Affected packages
=================

    -------------------------------------------------------------------
     Package         /  Vulnerable  /                       Unaffected
    -------------------------------------------------------------------
  1  app-office/dia      < 0.94-r3                          >= 0.94-r3

Description
===========

Joxean Koret discovered that the SVG import plugin in Dia fails to
properly sanitise data read from an SVG file.

Impact
======

An attacker could create a specially crafted SVG file, which, when
imported into Dia, could lead to the execution of arbitrary code.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Dia users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/dia-0.94-r3"

References
==========

  [ 1 ] CAN-2005-2966
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2966

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200510-06.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息 (F40443)

Ubuntu Security Notice 193-1 (PacketStormID:F40443)
2005-10-06 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary
linux,ubuntu
CVE-2005-2966
[点击下载]

Ubuntu Security Notice USN-193-1 - Joxean Koret discovered that the SVG import plugin did not properly sanitize data read from an SVG file. By tricking an user into opening a specially crafted SVG file, an attacker could exploit this to execute arbitrary code with the privileges of the user.

===========================================================
Ubuntu Security Notice USN-193-1	   October 04, 2005
dia vulnerability
CAN-2005-2966
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

dia-common

The problem can be corrected by upgrading the affected package to
version 0.94.0-5ubuntu1.1.  After a standard system upgrade you have
to restart dia to effect the necessary changes.

Details follow:

Joxean Koret discovered that the SVG import plugin did not properly
sanitise data read from an SVG file. By tricking an user into opening
a specially crafted SVG file, an attacker could exploit this to
execute arbitrary code with the privileges of the user.


  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.1.diff.gz
      Size/MD5:    14159 e9704dd46e24cb3cd11874a499692b6e
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0-5ubuntu1.1.dsc
      Size/MD5:     1408 9d47820c11fde0876377ec119bdd6a7e
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia_0.94.0.orig.tar.gz
      Size/MD5:  5241128 d2afdc10f55df29314250d98dbfd7a79

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-5ubuntu1.1_all.deb
      Size/MD5:  2148620 255d09ecefe04651433da82730b2b17d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.1_amd64.deb
      Size/MD5:   194718 c8d54ed3e5ac7a0cc006a951e08be9d0
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.1_amd64.deb
      Size/MD5:   658936 b80672bede2ca8081017f0a9dc70a483
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.1_amd64.deb
      Size/MD5:   193040 ed010c5c285236d0306f3faf1a31142d

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.1_i386.deb
      Size/MD5:   176774 dbfd08f4eb1a3ac2c03708f642e0b669
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.1_i386.deb
      Size/MD5:   579934 2f8e713d629000abccb740c17e108b01
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.1_i386.deb
      Size/MD5:   175298 2b760f4256be15ee369b300dc46d6d94

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ubuntu1.1_powerpc.deb
      Size/MD5:   184416 1f3ee515f8addd2716141de23dc66833
    http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubuntu1.1_powerpc.deb
      Size/MD5:   674436 7988c9c44120c67552248aedb5129b67
    http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubuntu1.1_powerpc.deb
      Size/MD5:   182920 411970ed6af036ebd895b7f8659f9944
    

- 漏洞信息

19822
Dia SVG File Import Arbitrary Code Execution
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-09-30 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

DIA SVG File Import Remote Arbitrary Code Execution Vulnerability
Input Validation Error 15000
Yes No
2005-10-03 12:00:00 2006-12-07 05:09:00
Discovery is credited to Joxean Koret <joxeankoret@yahoo.es>.

- 受影响的程序版本

S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. beagle 10.0
Gentoo Linux
DIA DIA 0.92.2
DIA DIA 0.94
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
+ Ubuntu Ubuntu Linux 5.0 4 amd64
DIA DIA 0.93
DIA DIA 0.91
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0

- 漏洞讨论

Dia is affected by an arbitrary code-execution vulnerability.

This vulnerability presents itself when the application handles a malicious Scalable Vector Graphics (SVG) file.

A successful attack can allow remote attackers to execute arbitrary Python code in the context of the application. This may facilitate a remote compromise.

All versions of Dia are suspected to be vulnerable at the moment.

- 漏洞利用

A proof of concept is available from the following location:

http://bugs.debian.org/cgi-bin/bugreport.cgi/exploit.svg?bug=330890;msg=5;att=1

- 解决方案



Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com

Please see the references for more information and vendor advisories.


DIA DIA 0.94

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站