CVE-2005-2971
CVSS7.5
发布时间 :2005-10-20 06:02:00
修订时间 :2008-09-10 15:44:25
NMCOPS    

[原文]Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file.


[CNNVD]KDE KOffice KWord RTF导入远程缓冲区溢出漏洞(CNNVD-200510-158)

        KOffice 本是一套适合KDE 桌面环境的集成办公软件。
        KOffice 1.2.0到1.4.1的KWord RTF importer存在堆缓冲区溢出, 远程攻击者可以借助特制的RTF文件执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:kde:koffice:1.3.3KDE KOffice 1.3.3
cpe:/a:kde:koffice:1.3.5KDE KOffice 1.3.5
cpe:/a:kde:koffice:1.3.4KDE KOffice 1.3.4
cpe:/a:kde:koffice:1.3_beta3
cpe:/a:kde:koffice:1.4.1KDE KOffice 1.4.1
cpe:/a:kde:koffice:1.3KDE KOffice 1.3
cpe:/a:kde:koffice:1.3.1KDE KOffice 1.3.1
cpe:/a:kde:koffice:1.3.2KDE KOffice 1.3.2
cpe:/a:kde:koffice:1.3_beta2
cpe:/a:kde:koffice:1.4KDE KOffice 1.4
cpe:/a:kde:koffice:1.2KDE KOffice 1.2
cpe:/a:kde:koffice:1.2.1KDE KOffice 1.2.1
cpe:/a:kde:koffice:1.3_beta1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2971
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2971
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-158
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/15060
(PATCH)  BID  15060
http://www.kde.org/info/security/advisory-20051011-1.txt
(VENDOR_ADVISORY)  CONFIRM  http://www.kde.org/info/security/advisory-20051011-1.txt
http://www.gentoo.org/security/en/glsa/glsa-200510-12.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200510-12
http://secunia.com/advisories/17145/
(VENDOR_ADVISORY)  SECUNIA  17145
http://xforce.iss.net/xforce/xfdb/22562
(UNKNOWN)  XF  koffice-kword-rtf-importer-bo(22562)
http://www.ubuntulinux.org/support/documentation/usn/usn-202-1
(VENDOR_ADVISORY)  UBUNTU  USN-202-1
http://scary.beasts.org/security/CESA-2005-005.txt
(VENDOR_ADVISORY)  MISC  http://scary.beasts.org/security/CESA-2005-005.txt
http://www.redhat.com/archives/fedora-announce-list/2005-October/msg00042.html
(UNKNOWN)  FEDORA  FEDORA-2005-984
http://www.novell.com/linux/security/advisories/2005_25_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:025
http://www.debian.org/security/2005/dsa-872
(UNKNOWN)  DEBIAN  DSA-872
http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.388487
(UNKNOWN)  SLACKWARE  SSA:2005-310-02
http://securitytracker.com/id?1015035
(UNKNOWN)  SECTRACK  1015035
http://secunia.com/advisories/17486
(UNKNOWN)  SECUNIA  17486
http://secunia.com/advisories/17480
(UNKNOWN)  SECUNIA  17480
http://secunia.com/advisories/17332
(UNKNOWN)  SECUNIA  17332
http://secunia.com/advisories/17212
(UNKNOWN)  SECUNIA  17212
http://secunia.com/advisories/17190
(UNKNOWN)  SECUNIA  17190
http://secunia.com/advisories/17171
(UNKNOWN)  SECUNIA  17171

- 漏洞信息

KDE KOffice KWord RTF导入远程缓冲区溢出漏洞
高危 缓冲区溢出
2005-10-20 00:00:00 2005-10-20 00:00:00
远程  
        KOffice 本是一套适合KDE 桌面环境的集成办公软件。
        KOffice 1.2.0到1.4.1的KWord RTF importer存在堆缓冲区溢出, 远程攻击者可以借助特制的RTF文件执行任意代码。

- 公告与补丁

        暂无数据

- 漏洞信息 (F40773)

Mandriva Linux Security Advisory 2005.185 (PacketStormID:F40773)
2005-10-18 00:00:00
Mandriva  mandriva.com
advisory,overflow,arbitrary
linux,mandriva
CVE-2005-2971
[点击下载]

Mandriva Linux Security Update Advisory - Chris Evans reported a heap based buffer overflow in the RTF importer of KWord. An attacker could provide a specially crafted RTF file, which when opened in KWord can cause execution of arbitrary code

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           koffice
 Advisory ID:            MDKSA-2005:185
 Date:                   October 14th, 2005

 Affected versions:	 10.2, 2006.0
 ______________________________________________________________________

 Problem Description:

 Chris Evans reported a heap based buffer overflow in the RTF importer 
 of KWord. An attacker could provide a specially crafted RTF file, which
 when opened in KWord can cause execution of abitrary code.
 
 The updated packages are patched to deal with these issues.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2971
 ______________________________________________________________________

 Updated Packages:
  
 Mandrivalinux 10.2:
 223e4790f52914f0cc5455af7fc6a2ac  10.2/RPMS/koffice-1.3.5-24.1.102mdk.i586.rpm
 121b35e202ffbc72fe1d7f38569c2ed8  10.2/RPMS/koffice-karbon-1.3.5-24.1.102mdk.i586.rpm
 50d7f534068fb2c6298f79d750a9f9e6  10.2/RPMS/koffice-kformula-1.3.5-24.1.102mdk.i586.rpm
 f4f49dfd0fc1f10e9cf411e67f03935d  10.2/RPMS/koffice-kivio-1.3.5-24.1.102mdk.i586.rpm
 5e8cc2c457581118a8903aede54e34dd  10.2/RPMS/koffice-koshell-1.3.5-24.1.102mdk.i586.rpm
 5be355a3a69a3dbc3c5496679e50d769  10.2/RPMS/koffice-kpresenter-1.3.5-24.1.102mdk.i586.rpm
 1dc7261ad3b75adb4e837c9043ed21d2  10.2/RPMS/koffice-kspread-1.3.5-24.1.102mdk.i586.rpm
 7c921e582b081ef42a2674a702504f8c  10.2/RPMS/koffice-kugar-1.3.5-24.1.102mdk.i586.rpm
 56b67aa98db4bd3950a169ac434715ef  10.2/RPMS/koffice-kword-1.3.5-24.1.102mdk.i586.rpm
 cd9e775bdc2375834ae392ab95a4c9c8  10.2/RPMS/koffice-progs-1.3.5-24.1.102mdk.i586.rpm
 fe55d1e21402323addf4a148f532a8d3  10.2/RPMS/libkoffice2-karbon-1.3.5-24.1.102mdk.i586.rpm
 05028989e9b05fd85384b2a8f14845bf  10.2/RPMS/libkoffice2-kformula-1.3.5-24.1.102mdk.i586.rpm
 51870740a76006e81b1579557779c45a  10.2/RPMS/libkoffice2-kivio-1.3.5-24.1.102mdk.i586.rpm
 0a8f52f04e4d30193614f58961cc63a0  10.2/RPMS/libkoffice2-koshell-1.3.5-24.1.102mdk.i586.rpm
 d293e5f31835b64baf437f4b2ee208ca  10.2/RPMS/libkoffice2-kpresenter-1.3.5-24.1.102mdk.i586.rpm
 527cb289d397a005ed6c7940e8e43eb5  10.2/RPMS/libkoffice2-kspread-1.3.5-24.1.102mdk.i586.rpm
 bf9662eaf4be252f6056f1921f0402b3  10.2/RPMS/libkoffice2-kspread-devel-1.3.5-24.1.102mdk.i586.rpm
 ac38281778a94521d5cab5ad6ceb02b4  10.2/RPMS/libkoffice2-kugar-1.3.5-24.1.102mdk.i586.rpm
 423bd6ff1616986410c765d3e0b9cc1b  10.2/RPMS/libkoffice2-kugar-devel-1.3.5-24.1.102mdk.i586.rpm
 b11a61fb69042d39e009a56815416e21  10.2/RPMS/libkoffice2-kword-1.3.5-24.1.102mdk.i586.rpm
 a05e950041fab68dd5776815a13b876e  10.2/RPMS/libkoffice2-kword-devel-1.3.5-24.1.102mdk.i586.rpm
 fa2e36e7f5aeec6f3d3ebdddac4345b3  10.2/RPMS/libkoffice2-progs-1.3.5-24.1.102mdk.i586.rpm
 497a9104efab7265062dc1072b1a6494  10.2/RPMS/libkoffice2-progs-devel-1.3.5-24.1.102mdk.i586.rpm
 e788111a2311e0d6d8610f6299a5c6c5  10.2/SRPMS/koffice-1.3.5-24.1.102mdk.src.rpm

 Mandrivalinux 10.2/X86_64:
 5baee5d8e03ac236048f9dc9ee1cae1d  x86_64/10.2/RPMS/koffice-1.3.5-24.1.102mdk.x86_64.rpm
 a4f07638fe92aaa6f63023eb37d4ac4f  x86_64/10.2/RPMS/koffice-karbon-1.3.5-24.1.102mdk.x86_64.rpm
 e20913a9fa595a854b59bc471446610f  x86_64/10.2/RPMS/koffice-kformula-1.3.5-24.1.102mdk.x86_64.rpm
 5bf36b1187c2763fce460b2f4561e387  x86_64/10.2/RPMS/koffice-kivio-1.3.5-24.1.102mdk.x86_64.rpm
 cf91c8560c3d9c71eee46d2274837cb8  x86_64/10.2/RPMS/koffice-koshell-1.3.5-24.1.102mdk.x86_64.rpm
 8e6d654638cb495cdf931b4111a2a3b8  x86_64/10.2/RPMS/koffice-kpresenter-1.3.5-24.1.102mdk.x86_64.rpm
 1cd80d061edbd873494ccb9c31e40230  x86_64/10.2/RPMS/koffice-kspread-1.3.5-24.1.102mdk.x86_64.rpm
 f69f673dc437b7bca22c156cd48faa72  x86_64/10.2/RPMS/koffice-kugar-1.3.5-24.1.102mdk.x86_64.rpm
 68b9e1f606cdba52f9c86266ae91592c  x86_64/10.2/RPMS/koffice-kword-1.3.5-24.1.102mdk.x86_64.rpm
 a83de88ba42e1e877ed0f174a07aaf5b  x86_64/10.2/RPMS/koffice-progs-1.3.5-24.1.102mdk.x86_64.rpm
 918d36fae713447e2c2b24e765430874  x86_64/10.2/RPMS/lib64koffice2-karbon-1.3.5-24.1.102mdk.x86_64.rpm
 93941be1c0a88b65667de2908bc802dc  x86_64/10.2/RPMS/lib64koffice2-kformula-1.3.5-24.1.102mdk.x86_64.rpm
 6b927db2d487e511501cfcfb7404a054  x86_64/10.2/RPMS/lib64koffice2-kivio-1.3.5-24.1.102mdk.x86_64.rpm
 d68a8723d5c2383b3cb6d6adbb291a90  x86_64/10.2/RPMS/lib64koffice2-koshell-1.3.5-24.1.102mdk.x86_64.rpm
 e4ad1b293524afd4166297fa8c67655e  x86_64/10.2/RPMS/lib64koffice2-kpresenter-1.3.5-24.1.102mdk.x86_64.rpm
 8dd80fc8e9f7a72547b39f71252891ce  x86_64/10.2/RPMS/lib64koffice2-kspread-1.3.5-24.1.102mdk.x86_64.rpm
 5b48cacbf33c325ab97289c94ce83ff1  x86_64/10.2/RPMS/lib64koffice2-kspread-devel-1.3.5-24.1.102mdk.x86_64.rpm
 02a6efb474d834b18fa0fc97061be2d0  x86_64/10.2/RPMS/lib64koffice2-kugar-1.3.5-24.1.102mdk.x86_64.rpm
 d7736cbc51b2349fc53b6a7e680fa028  x86_64/10.2/RPMS/lib64koffice2-kugar-devel-1.3.5-24.1.102mdk.x86_64.rpm
 7d603fb5454ef7da97074897802d8b1d  x86_64/10.2/RPMS/lib64koffice2-kword-1.3.5-24.1.102mdk.x86_64.rpm
 a88986c2cb93c9871a28b7a80d5862a5  x86_64/10.2/RPMS/lib64koffice2-kword-devel-1.3.5-24.1.102mdk.x86_64.rpm
 4bbcbf52172e3d376cc6a762e4b539dc  x86_64/10.2/RPMS/lib64koffice2-progs-1.3.5-24.1.102mdk.x86_64.rpm
 0f50e2a554eb09f08fe5b8fe393c84b0  x86_64/10.2/RPMS/lib64koffice2-progs-devel-1.3.5-24.1.102mdk.x86_64.rpm
 e788111a2311e0d6d8610f6299a5c6c5  x86_64/10.2/SRPMS/koffice-1.3.5-24.1.102mdk.src.rpm

 Mandrivalinux 2006.0:
 a6adc7c1d0f0d3344da723fe1800cd40  2006.0/RPMS/koffice-1.4.1-12.1.20060mdk.i586.rpm
 66727f9cc83c1942792897d14ce3cc0b  2006.0/RPMS/koffice-karbon-1.4.1-12.1.20060mdk.i586.rpm
 3dc838f82060a8744cf36930ee6c3b70  2006.0/RPMS/koffice-kexi-1.4.1-12.1.20060mdk.i586.rpm
 03e27871e30493c058c59d55b87c1624  2006.0/RPMS/koffice-kformula-1.4.1-12.1.20060mdk.i586.rpm
 344ae8075c600ed88158270ebedf90de  2006.0/RPMS/koffice-kivio-1.4.1-12.1.20060mdk.i586.rpm
 d0208c8db4b5c8c4bffbc809e1a3a35d  2006.0/RPMS/koffice-koshell-1.4.1-12.1.20060mdk.i586.rpm
 a78c7411b433b4c09698f945ab022f63  2006.0/RPMS/koffice-kpresenter-1.4.1-12.1.20060mdk.i586.rpm
 68d6e3e63e457a4f67c4b80f4ea523ca  2006.0/RPMS/koffice-krita-1.4.1-12.1.20060mdk.i586.rpm
 0b0171638e0a35c1a7333a3add72ceb4  2006.0/RPMS/koffice-kspread-1.4.1-12.1.20060mdk.i586.rpm
 25134234b10519d65436892831a9732c  2006.0/RPMS/koffice-kugar-1.4.1-12.1.20060mdk.i586.rpm
 1f5955cc745d3a2e7460f29348450589  2006.0/RPMS/koffice-kword-1.4.1-12.1.20060mdk.i586.rpm
 4f912465aedffbbc26771dd27635c30b  2006.0/RPMS/koffice-progs-1.4.1-12.1.20060mdk.i586.rpm
 22115fd5d2de0a12dc4a0aec0bdb9ccf  2006.0/RPMS/libkoffice2-karbon-1.4.1-12.1.20060mdk.i586.rpm
 5e0a1aa755b598e31d95fd67f0cf4e83  2006.0/RPMS/libkoffice2-karbon-devel-1.4.1-12.1.20060mdk.i586.rpm
 0b8fd754a106f71234242099890ab116  2006.0/RPMS/libkoffice2-kexi-1.4.1-12.1.20060mdk.i586.rpm
 585c2cdef7d1e7fc558c2c042f520799  2006.0/RPMS/libkoffice2-kexi-devel-1.4.1-12.1.20060mdk.i586.rpm
 c1b5b624767bf75d30207e6f678f90fd  2006.0/RPMS/libkoffice2-kformula-1.4.1-12.1.20060mdk.i586.rpm
 653e35fdc3a3b92829a9036284f1b47b  2006.0/RPMS/libkoffice2-kformula-devel-1.4.1-12.1.20060mdk.i586.rpm
 e3ad0ace4da1773eb7fe2aa8edd06ac3  2006.0/RPMS/libkoffice2-kivio-1.4.1-12.1.20060mdk.i586.rpm
 ce8f249f98e537e3c1fbd0e53f01e925  2006.0/RPMS/libkoffice2-kivio-devel-1.4.1-12.1.20060mdk.i586.rpm
 dc305d5eaac533eff0e1fb6659f71922  2006.0/RPMS/libkoffice2-koshell-1.4.1-12.1.20060mdk.i586.rpm
 2cbe3f3fc08ccfe4a1823da86d1e2ef3  2006.0/RPMS/libkoffice2-kpresenter-1.4.1-12.1.20060mdk.i586.rpm
 83770ce0d38d47f290bc82c60f3a3144  2006.0/RPMS/libkoffice2-krita-1.4.1-12.1.20060mdk.i586.rpm
 9a3ab0a5bb4e1f26de66ccc66453c60d  2006.0/RPMS/libkoffice2-krita-devel-1.4.1-12.1.20060mdk.i586.rpm
 284c0efc3c44c07e63496c8094f39b86  2006.0/RPMS/libkoffice2-kspread-1.4.1-12.1.20060mdk.i586.rpm
 a7cdc2f94616a09580dddc55341bdf22  2006.0/RPMS/libkoffice2-kspread-devel-1.4.1-12.1.20060mdk.i586.rpm
 ecc5355d212b8690e7b2545df729ac34  2006.0/RPMS/libkoffice2-kugar-1.4.1-12.1.20060mdk.i586.rpm
 00921bad62d2d1d4c3fa4fb9c51b0fa0  2006.0/RPMS/libkoffice2-kugar-devel-1.4.1-12.1.20060mdk.i586.rpm
 3c91e509b777d488c02af0508c0a9486  2006.0/RPMS/libkoffice2-kword-1.4.1-12.1.20060mdk.i586.rpm
 d5ffcdf3dae152d0fc27c123ad9a5f73  2006.0/RPMS/libkoffice2-kword-devel-1.4.1-12.1.20060mdk.i586.rpm
 1bf09822ee344a07113443e634809f93  2006.0/RPMS/libkoffice2-progs-1.4.1-12.1.20060mdk.i586.rpm
 bc3ae2f9dddd553b3fdc39a4eb36f330  2006.0/RPMS/libkoffice2-progs-devel-1.4.1-12.1.20060mdk.i586.rpm
 7dd1caa2baf31df5cb439de74b15a28e  2006.0/SRPMS/koffice-1.4.1-12.1.20060mdk.src.rpm

 Mandrivalinux 2006.0/X86_64:
 db74bf2f133367454ae55cd74996a698  x86_64/2006.0/RPMS/koffice-1.4.1-12.1.20060mdk.x86_64.rpm
 e3c073ce12af691c61230d1a6b01edda  x86_64/2006.0/RPMS/koffice-karbon-1.4.1-12.1.20060mdk.x86_64.rpm
 963d82b04f1d139becfae9d53b6aebb1  x86_64/2006.0/RPMS/koffice-kexi-1.4.1-12.1.20060mdk.x86_64.rpm
 218aa2684a5decfca72ff81557e095f8  x86_64/2006.0/RPMS/koffice-kformula-1.4.1-12.1.20060mdk.x86_64.rpm
 f47c698f2846ae9e0ea58e8593b392a4  x86_64/2006.0/RPMS/koffice-kivio-1.4.1-12.1.20060mdk.x86_64.rpm
 0a5fe8c2ac495d5312d9ddea51c7e738  x86_64/2006.0/RPMS/koffice-koshell-1.4.1-12.1.20060mdk.x86_64.rpm
 d0f3fe6d0ff9ba0d1a0d6e47600af266  x86_64/2006.0/RPMS/koffice-kpresenter-1.4.1-12.1.20060mdk.x86_64.rpm
 6dd1c14e5b7c3b1d8a51d0866d40b0e0  x86_64/2006.0/RPMS/koffice-krita-1.4.1-12.1.20060mdk.x86_64.rpm
 4484b0656be72570a065063e1464553e  x86_64/2006.0/RPMS/koffice-kspread-1.4.1-12.1.20060mdk.x86_64.rpm
 0504db4193723ae164aab6b5fa9842e0  x86_64/2006.0/RPMS/koffice-kugar-1.4.1-12.1.20060mdk.x86_64.rpm
 086e2aabda477597a3a6a6438423a8fb  x86_64/2006.0/RPMS/koffice-kword-1.4.1-12.1.20060mdk.x86_64.rpm
 cd74780d1af1cf4b2303723d87c58c84  x86_64/2006.0/RPMS/koffice-progs-1.4.1-12.1.20060mdk.x86_64.rpm
 717cdd1b1c25bdc1f44d3fd429c93a9d  x86_64/2006.0/RPMS/lib64koffice2-karbon-1.4.1-12.1.20060mdk.x86_64.rpm
 c9bbd4568ea4977d5617cd3e619c64e8  x86_64/2006.0/RPMS/lib64koffice2-karbon-devel-1.4.1-12.1.20060mdk.x86_64.rpm
 95b2a9d1450b7ba1d9deafa17f749286  x86_64/2006.0/RPMS/lib64koffice2-kexi-1.4.1-12.1.20060mdk.x86_64.rpm
 a74788f6baa147d8d5ca3405fe9a9ad1  x86_64/2006.0/RPMS/lib64koffice2-kexi-devel-1.4.1-12.1.20060mdk.x86_64.rpm
 772f6a8cbd689338ab7de587a47e3cf2  x86_64/2006.0/RPMS/lib64koffice2-kformula-1.4.1-12.1.20060mdk.x86_64.rpm
 1eb4e230bd7a58d8fe818afad7734966  x86_64/2006.0/RPMS/lib64koffice2-kformula-devel-1.4.1-12.1.20060mdk.x86_64.rpm
 734d78f80525f5486e4935554eddfe54  x86_64/2006.0/RPMS/lib64koffice2-kivio-1.4.1-12.1.20060mdk.x86_64.rpm
 5d0db7383f091405fecee6f1c464641b  x86_64/2006.0/RPMS/lib64koffice2-kivio-devel-1.4.1-12.1.20060mdk.x86_64.rpm
 0cff0b61127119f4d8b3bc5f66629d71  x86_64/2006.0/RPMS/lib64koffice2-koshell-1.4.1-12.1.20060mdk.x86_64.rpm
 a5d85f5d610fa8406870fd07dfdeb2b4  x86_64/2006.0/RPMS/lib64koffice2-kpresenter-1.4.1-12.1.20060mdk.x86_64.rpm
 d61cf7db80d6057b166fdd20f883b6ff  x86_64/2006.0/RPMS/lib64koffice2-krita-1.4.1-12.1.20060mdk.x86_64.rpm
 9ac9ac30946f68c8cec7bb5a89c813a5  x86_64/2006.0/RPMS/lib64koffice2-krita-devel-1.4.1-12.1.20060mdk.x86_64.rpm
 00598e66cc402e571b808584a4d8c336  x86_64/2006.0/RPMS/lib64koffice2-kspread-1.4.1-12.1.20060mdk.x86_64.rpm
 4ceb67f1c28b9ddf67ee8c71ec440892  x86_64/2006.0/RPMS/lib64koffice2-kspread-devel-1.4.1-12.1.20060mdk.x86_64.rpm
 cd209d72006ebb9bf73b8b0720f6dec5  x86_64/2006.0/RPMS/lib64koffice2-kugar-1.4.1-12.1.20060mdk.x86_64.rpm
 6dafddcacf4c22e7bdd923ea9e539dcf  x86_64/2006.0/RPMS/lib64koffice2-kugar-devel-1.4.1-12.1.20060mdk.x86_64.rpm
 a528f1fdf4b4e58509fbe66466120a47  x86_64/2006.0/RPMS/lib64koffice2-kword-1.4.1-12.1.20060mdk.x86_64.rpm
 7903be8ff2a65a3e2934f1aa08a974d3  x86_64/2006.0/RPMS/lib64koffice2-kword-devel-1.4.1-12.1.20060mdk.x86_64.rpm
 ac688ea6ab8372432714409c2f8da424  x86_64/2006.0/RPMS/lib64koffice2-progs-1.4.1-12.1.20060mdk.x86_64.rpm
 86c737e2fba85d3dcd4aab2bc769578c  x86_64/2006.0/RPMS/lib64koffice2-progs-devel-1.4.1-12.1.20060mdk.x86_64.rpm
 7dd1caa2baf31df5cb439de74b15a28e  x86_64/2006.0/SRPMS/koffice-1.4.1-12.1.20060mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDUCK3mqjQ0CJFipgRAnxkAJ9Sgfj4tI1dDGVSev8ePwLStDm/6wCgu07o
R0nwfpsi6L3cday2Z/pKShU=
=JQQS
-----END PGP SIGNATURE-----
    

- 漏洞信息 (F40767)

Gentoo Linux Security Advisory 200510-12 (PacketStormID:F40767)
2005-10-18 00:00:00
Gentoo  security.gentoo.org
advisory,overflow
linux,gentoo
CVE-2005-2971
[点击下载]

Gentoo Linux Security Advisory GLSA 200510-12 - Chris Evans discovered that the KWord RTF importer was vulnerable to a heap-based buffer overflow. Versions less than 1.4.1-r1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200510-12
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: KOffice, KWord: RTF import buffer overflow
      Date: October 14, 2005
      Bugs: #108411
        ID: 200510-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

KOffice and KWord are vulnerable to a buffer overflow in the RTF
importer, potentially resulting in the execution of arbitrary code.

Background
==========

KOffice is an integrated office suite for KDE. KWord is the KOffice
word processor.

Affected packages
=================

    -------------------------------------------------------------------
     Package             /  Vulnerable  /                   Unaffected
    -------------------------------------------------------------------
  1  app-office/koffice     < 1.4.1-r1                     >= 1.4.1-r1
  2  app-office/kword       < 1.4.1-r1                     >= 1.4.1-r1
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

Chris Evans discovered that the KWord RTF importer was vulnerable to a
heap-based buffer overflow.

Impact
======

An attacker could entice a user to open a specially-crafted RTF file,
potentially resulting in the execution of arbitrary code with the
rights of the user running the affected application.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All KOffice users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/koffice-1.4.1-r1"

All KWord users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/kword-1.4.1-r1"

References
==========

  [ 1 ] CAN-2005-2971
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2971
  [ 2 ] KDE Security Advisory: KWord RTF import buffer overflow
        http://www.kde.org/info/security/advisory-20051011-1.txt

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200510-12.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息 (F40681)

Ubuntu Security Notice 202-1 (PacketStormID:F40681)
2005-10-13 00:00:00
Ubuntu  security.ubuntu.com
advisory,overflow,arbitrary
linux,ubuntu
CVE-2005-2971
[点击下载]

Ubuntu Security Notice USN-202-1 - Chris Evans discovered a buffer overflow in the RTF import module of KOffice. By tricking a user into opening a specially-crafted RTF file, an attacker could exploit this to execute arbitrary code with the privileges of the AbiWord user.

--zCKi3GIZzVBPywwA
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

===========================================================
Ubuntu Security Notice USN-202-1	   October 12, 2005
koffice vulnerability
CAN-2005-2971
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

koffice-libs
kword

The problem can be corrected by upgrading the affected package to
version 1:1.3.5-2ubuntu1.1.  After a standard system upgrade you need
to restart all KOffice applications to effect the necessary changes.

Details follow:

Chris Evans discovered a buffer overflow in the RTF import module of
KOffice. By tricking a user into opening a specially-crafted RTF file,
an attacker could exploit this to execute arbitrary code with the
privileges of the AbiWord user.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5-2ubuntu1.1.diff.gz
      Size/MD5:     8816 85d465e2669a24b0019233221a0e15fd
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5-2ubuntu1.1.dsc
      Size/MD5:      999 2eaa86d2bee10bad8d0b34ed2e60d336
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5.orig.tar.gz
      Size/MD5: 13154501 2c9b45ecbf16a8c5d16ce9d2f51c2571

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio-data_1.3.5-2ubuntu1.1_all.deb
      Size/MD5:   615280 b84003db4ad4625b7266b479eaf1d50c
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-data_1.3.5-2ubuntu1.1_all.deb
      Size/MD5:   684630 3275891bff107e56d00e13687eea0e22
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-doc-html_1.3.5-2ubuntu1.1_all.deb
      Size/MD5:   305362 3edd7173b3597eec1b25a5308b509328
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice_1.3.5-2ubuntu1.1_all.deb
      Size/MD5:    13502 77d6fdda1ad2093ab9e0b45fcf5c8046

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/karbon_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:   854530 fbb920f93b00e7c84c789f514f24773a
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kchart_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:   673748 b7c436b6086dde8aaaed316bc52a607c
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kformula_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:   693330 f1cf7350e87e566692db888c75fcca14
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:   583362 ec86ad4dbf9edc7a04341d62639e5afd
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-dev_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:   147476 83ba665bb66e17484c3857c34001b3ec
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-libs_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:  2134962 cff8c010e89c59855294a53e9dca965c
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koshell_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:    51192 bce62ed710af795af1727d2f01b1d02d
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kpresenter_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:  2536672 3b9a038cd580d80fdf4cc046f77154cd
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kspread_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:  1754694 aab82c7ab4b5fb646dd26abfd730c9d9
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kugar_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:   551772 762fdef125636d9272ba1945d7f2ed85
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kword_1.3.5-2ubuntu1.1_amd64.deb
      Size/MD5:  3591006 cefbf03ef13b678400082e75786881d6

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/karbon_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:   778648 254467d67814c5ccf9cc1e3ebf65cb09
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kchart_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:   660210 019389de3b7e2d12b0618caccf49a3cb
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kformula_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:   689214 fe8b796c71500cfe3a51867ed7689ac7
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:   541344 1103a760575623d236a45f5d79ca4e6b
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-dev_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:   147474 d7641c10c832e4b6e92b86bb4202e058
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-libs_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:  1994548 72fadda393d3905eb81487c3e993e98f
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koshell_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:    48998 aae5d22d053d2fde95ee844262b5ae32
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kpresenter_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:  2503204 5114895616ae77175c1fad011a5da104
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kspread_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:  1668520 04f4ad391680010fc843f27faceacbff
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kugar_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:   533270 cc9ed083427380bac4a6dcff86933f24
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kword_1.3.5-2ubuntu1.1_i386.deb
      Size/MD5:  3452150 6dbb03a9966d8ccd975e4784acf46bd8

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/karbon_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:   826906 f7cbe8e0113ccf1b76e515a715f918a8
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kchart_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:   651168 655d47e3d8cabf6c54f51abaf3554a23
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kformula_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:   690552 cfe8035a78d467c60b435a95a31aed3b
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kivio_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:   554944 5ca771ac6b28b04e8519bc2c3b87e71b
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-dev_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:   147478 56ab71652516e78b4c98b496a33f5b52
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koffice-libs_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:  2022892 133bf90bb269bafb453d3da968e892eb
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/koshell_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:    51450 0024c535dafa26d19f417f8965154bc5
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kpresenter_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:  2479510 ebc3269b6416598a5425d11146ffcca2
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kspread_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:  1663382 9729c91b3c63d5ed36fe1523706a809d
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kugar_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:   533568 cc0dda08cb91cf0bc2d12f447072c803
    http://security.ubuntu.com/ubuntu/pool/universe/k/koffice/kword_1.3.5-2ubuntu1.1_powerpc.deb
      Size/MD5:  3491862 dcd9768e9ab6d04c28dbe7b5f987891b

--zCKi3GIZzVBPywwA
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDTLkiDecnbV4Fd/IRAmefAJ9tZ5xIn2WQbPq+A3H0KRG2oRVEEQCgngvu
tuEuCky/Ou4XCjeAsI/OY9Y=
=ITUJ
-----END PGP SIGNATURE-----

--zCKi3GIZzVBPywwA--
    

- 漏洞信息 (F40652)

KDE Security Advisory 2005-10-11.1 (PacketStormID:F40652)
2005-10-12 00:00:00
KDE Desktop  kde.org
advisory,overflow,arbitrary
CVE-2005-2971
[点击下载]

KDE Security Advisory: Chris Evans reported a heap based buffer overflow in the RTF importer of KWord. Opening specially crafted RTF files in KWord can cause execution of arbitrary code. Affected are all KOffice releases starting from KOffice 1.2.0 up to and including KOffice 1.4.1.

KDE Security Advisory: KWord RTF import buffer overflow
Original Release Date: 2005-10-11
URL: http://www.kde.org/info/security/advisory-20051011-1.txt

0. References

        CAN-2005-2971
        CESA-2005-005

1. Systems affected:

        All KOffice releases starting from KOffice 1.2.0 up to
        including KOffice 1.4.1.


2. Overview:

        Chris Evans reported a heap based buffer overflow in
        the RTF importer of KWord.

3. Impact:

        Opening specially crafted RTF files in KWord can cause
        execution of abitrary code.


4. Solution:

        Source code patches have been made available which fix these
        vulnerabilities. Contact your OS vendor / binary package provider
        for information about how to obtain updated binary packages.


5. Patch:

        Patch for KOffice 1.4.1 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        9f77b327119fd1db0752dab785e2a975  post-koffice-1.4.1-rtfimport.diff

        Patch for KOffice 1.3.5 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        71a1baa8244dbcc1bfc2bd3c3e3dd40f  post-koffice-1.3.5-rtfimport.diff

        Patch for KOffice 1.2.1 is available from 
        ftp://ftp.kde.org/pub/kde/security_patches :

        b36488a186aded0f5e812397af3c689a  post-koffice-1.2.1-rtfimport.diff



    

- 漏洞信息

19909
KOffice KWord RTF Importer Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-10-11 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

KDE KOffice KWord RTF Import Remote Buffer Overflow Vulnerability
Boundary Condition Error 15060
Yes No
2005-10-11 12:00:00 2009-07-12 05:07:00
The individual responsible for discovering this issue is unknown. The vendor disclosed this issue.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux -current
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
Red Hat Fedora Core3
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
KDE KOffice 1.4.1
KDE KOffice 1.4
KDE KOffice 1.3.5
KDE KOffice 1.3.4
KDE KOffice 1.3.3
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
KDE KOffice 1.3.2
KDE KOffice 1.3.1
KDE KOffice 1.3 beta3
KDE KOffice 1.3 beta2
KDE KOffice 1.3 beta1
KDE KOffice 1.3
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
KDE KOffice 1.2.1
KDE KOffice 1.2
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Conectiva Linux 10.0
KDE KOffice 1.4.2

- 不受影响的程序版本

KDE KOffice 1.4.2

- 漏洞讨论

KWord is prone to a remote buffer overflow vulnerability.

The vulnerability arises when the application handles a malformed RTF file.

A successful attack may result in arbitrary code execution facilitating remote unauthorized access in the context of the user running KWord.

KOffice versions 1.2.0 to 1.4.1 are vulnerable to this issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

KOffice 1.4.2 is not vulnerable to this issue. KDE has also released patches to address this issue in KOffice 1.4.1, 1.3.5 and 1.2.1.

Ubuntu has released advisory USN-202-1 to address this issue; please see the referenced advisory for further information.

Gentoo has released advisory GLSA 200510-12 to address this issue. Please see the referenceed advisory for further information. Gentoo users may carry out the following commands to update their computers:

All KOffice users:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/koffice-1.4.1-r1"

All KWord users:

# emerge --sync
# emerge --ask --oneshot --verbose ">=app-office/kword-1.4.1-r1"

RedHat Fedora has released advisory FEDORA-2005-984 to address this issue; please see the referenced advisory for further information.

Mandriva Linux security advisory MDKSA-2005:185 is available addressing this issue. Please see the referenced advisory for further information.

Debian has released advisory DSA 872-1 and fixes for this issue. Please see the referenced advisory for further information.

SUSE has released advisory SUSE-SR:2005:025 to address this, and other issues in various packages, in various SUSE products. Please see the referenced advisory for further information.

Slackware Linux has released advisory SSA:2005-310-02 to address this issue. Please see the referenced advisory for further information.

Conectiva Linux has released security advisory CLSA-2005:1042 addressing this issue. Please see the referenced advisory for details on obtaining and applying the appropriate updates.


KDE KOffice 1.2

KDE KOffice 1.2.1

KDE KOffice 1.3

KDE KOffice 1.3 beta3

KDE KOffice 1.3 beta1

KDE KOffice 1.3 beta2

KDE KOffice 1.3.1

KDE KOffice 1.3.2

KDE KOffice 1.3.5

KDE KOffice 1.4.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站