CVE-2005-3178
CVSS5.1
发布时间 :2005-10-07 14:02:00
修订时间 :2016-10-17 23:33:16
NMCOPS    

[原文]Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name in a NIFF file, which triggers the overflow during (1) zoom, (2) reduce, or (3) rotate operations.


[CNNVD]XloadImage 标题处理 远程溢出漏洞(CNNVD-200510-058)

        xloadimage是在X11服务器上显示各种格式图象的工具。
        xloadimage中存在多个远程可利用的溢出漏洞。在处理加载的图形时,xloadimage会创建一个新的Image对象然后将处理的图形写入该对象,同时将旧图形的标题拷贝到新创建的图形,但在处理完图形时zoom、reduce和rotate函数以固定长度的缓冲区创建新的标题名称。由于NIFF格式的标题名称长度各不相同,因此可能溢出缓冲区。 成功利用这个漏洞的攻击者可以在目标系统上执行任意代码。
        

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:xli:xli
cpe:/a:xloadimage:xloadimage:4.1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10590Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow user-assisted attackers to execute arbitrary code via a long title name ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3178
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3178
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-058
(官方数据源) CNNVD

- 其它链接及资源

ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.62/SCOSA-2005.62.txt
(UNKNOWN)  SCO  SCOSA-2005.62
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.56/SCOSA-2005.56.txt
(UNKNOWN)  SCO  SCOSA-2005.56
http://marc.info/?l=bugtraq&m=112862493918840&w=2
(UNKNOWN)  BUGTRAQ  20051005 xloadimage buffer overflow.
http://securitytracker.com/id?1015072
(UNKNOWN)  SECTRACK  1015072
http://support.avaya.com/elmodocs2/security/ASA-2006-013.htm
(UNKNOWN)  CONFIRM  http://support.avaya.com/elmodocs2/security/ASA-2006-013.htm
http://www.debian.org/security/2005/dsa-858
(VENDOR_ADVISORY)  DEBIAN  DSA-858
http://www.debian.org/security/2005/dsa-859
(VENDOR_ADVISORY)  DEBIAN  DSA-859
http://www.gentoo.org/security/en/glsa/glsa-200510-26.xml
(UNKNOWN)  GENTOO  GLSA-200510-26
http://www.mandriva.com/security/advisories?name=MDKSA-2005:192
(UNKNOWN)  MANDRIVA  MDKSA-2005:192
http://www.novell.com/linux/security/advisories/2005_24_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:024
http://www.redhat.com/support/errata/RHSA-2005-802.html
(UNKNOWN)  REDHAT  RHSA-2005:802
http://www.securityfocus.com/archive/1/archive/1/433935/30/5010/threaded
(UNKNOWN)  FEDORA  FLSA-2006:152923
http://www.securityfocus.com/bid/15051
(UNKNOWN)  BID  15051

- 漏洞信息

XloadImage 标题处理 远程溢出漏洞
中危 缓冲区溢出
2005-10-07 00:00:00 2006-08-28 00:00:00
远程  
        xloadimage是在X11服务器上显示各种格式图象的工具。
        xloadimage中存在多个远程可利用的溢出漏洞。在处理加载的图形时,xloadimage会创建一个新的Image对象然后将处理的图形写入该对象,同时将旧图形的标题拷贝到新创建的图形,但在处理完图形时zoom、reduce和rotate函数以固定长度的缓冲区创建新的标题名称。由于NIFF格式的标题名称长度各不相同,因此可能溢出缓冲区。 成功利用这个漏洞的攻击者可以在目标系统上执行任意代码。
        

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.debian.org/security/2005/dsa-858
        

- 漏洞信息 (F41080)

Gentoo Linux Security Advisory 200510-26 (PacketStormID:F41080)
2005-10-31 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-3178
[点击下载]

Gentoo Linux Security Advisory GLSA 200510-26 - When XLI or Xloadimage process an image, they create a new image object to contain the new image, copying the title from the old image to the newly created image. Ariel Berkman reported that the 'zoom', 'reduce', and 'rotate' functions use a fixed length buffer to contain the new title, which could be overwritten by the NIFF or XPM image processors. Versions less than 1.17.0-r2 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200510-26
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: XLI, Xloadimage: Buffer overflow
      Date: October 30, 2005
      Bugs: #108365
        ID: 200510-26

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

XLI and Xloadimage contain a vulnerability which could potentially
result in the execution of arbitrary code.

Background
==========

XLI and Xloadimage are X11 image manipulation utilities.

Affected packages
=================

    -------------------------------------------------------------------
     Package               /   Vulnerable   /               Unaffected
    -------------------------------------------------------------------
  1  media-gfx/xli             < 1.17.0-r2                >= 1.17.0-r2
  2  media-gfx/xloadimage       < 4.1-r4                     >= 4.1-r4
    -------------------------------------------------------------------
     2 affected packages on all of their supported architectures.
    -------------------------------------------------------------------

Description
===========

When XLI or Xloadimage process an image, they create a new image object
to contain the new image, copying the title from the old image to the
newly created image. Ariel Berkman reported that the 'zoom', 'reduce',
and 'rotate' functions use a fixed length buffer to contain the new
title, which could be overwritten by the NIFF or XPM image processors.

Impact
======

A malicious user could craft a malicious XPM or NIFF file and entice a
user to view it using XLI, or manipulate it using Xloadimage,
potentially resulting in the execution of arbitrary code with the
permissions of the user running XLI or Xloadimage.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All XLI users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/xli-1.17.0-r2"

All Xloadimage users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-gfx/xloadimage-4.1-r4"

References
==========

  [ 1 ] CAN-2005-3178
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3178

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200510-26.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息 (F40573)

Debian Linux Security Advisory 859-1 (PacketStormID:F40573)
2005-10-11 00:00:00
Debian  security.debian.org
advisory,overflow,arbitrary
linux,debian
CVE-2005-3178
[点击下载]

Debian Security Advisory DSA 859-1 - Ariel Berkman discovered several buffer overflows in xloadimage, which are also present in xli, a command line utility for viewing images in X11, and could be exploited via large image titles and cause the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 859-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 10th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : xli
Vulnerability  : buffer overflows
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CAN-2005-3178
Debian Bug     : 332524

Ariel Berkman discovered several buffer overflows in xloadimage, which
are also present in xli, a command line utility for viewing images in
X11, and could be exploited via large image titles and cause the
execution of arbitrary code.

For the old stable distribution (woody) these problems have been fixed in
version 1.17.0-11woody2.

For the stable distribution (sarge) these problems have been fixed in
version 1.17.0-18sarge1.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your xli package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2.dsc
      Size/MD5 checksum:      620 0276fa4de8addea1ba22891082860983
    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2.diff.gz
      Size/MD5 checksum:    17956 71eaa54284c5a94cd1da8eeb84640158
    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0.orig.tar.gz
      Size/MD5 checksum:   200070 504f916c9a7d062c8f856f1625634ba8

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_alpha.deb
      Size/MD5 checksum:   173180 ba2b9b41fa851741ea382df36b26ead5

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_arm.deb
      Size/MD5 checksum:   143240 bb55d1eb150836db14551c04cb0b15fc

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_i386.deb
      Size/MD5 checksum:   137188 17e8de575f30f20cbe8292d1ff899729

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_ia64.deb
      Size/MD5 checksum:   210274 622334c2eb4efa212fd78282a688f0e2

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_hppa.deb
      Size/MD5 checksum:   158510 7ab39258d6c4f55e98fe4d7fe7dc81dc

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_m68k.deb
      Size/MD5 checksum:   128356 42de21e615cd7a4b622e388b418ed2e3

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_mips.deb
      Size/MD5 checksum:   149176 0cea90548325feb1f50b2f28f35c200e

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_mipsel.deb
      Size/MD5 checksum:   149818 5a5d0f95b11da6a778ec98860e82cc4c

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_powerpc.deb
      Size/MD5 checksum:   143426 1e28cdcecad96ef5b829eaa95f259c40

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_s390.deb
      Size/MD5 checksum:   144772 7f44ced90c12a66de0a84e1788c72f38

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-11woody2_sparc.deb
      Size/MD5 checksum:   146070 a1fce9f8274de0e57fb4a2f450eb811f


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1.dsc
      Size/MD5 checksum:      634 a2fd32a5051dad8dc882897a615b9462
    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1.diff.gz
      Size/MD5 checksum:    20929 313416fd297acf9834132bdaff96f709
    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0.orig.tar.gz
      Size/MD5 checksum:   200070 504f916c9a7d062c8f856f1625634ba8

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_alpha.deb
      Size/MD5 checksum:   181518 16e84cff74982374df62cc98011df088

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_amd64.deb
      Size/MD5 checksum:   150698 8f92258dd675c00ea4c4c2eddb07f5b3

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_arm.deb
      Size/MD5 checksum:   148536 12dd6271ad28a1860423279dd7852259

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_i386.deb
      Size/MD5 checksum:   146218 33f60fadc36dbf592ffdd9a1a74bd3bf

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_ia64.deb
      Size/MD5 checksum:   209528 7fa18dbaaf15d0243704128f9b1cebf9

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_hppa.deb
      Size/MD5 checksum:   160864 61539793dedeae923155793af6c464eb

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_m68k.deb
      Size/MD5 checksum:   132676 a64f97b331a9e017b68315a2c2b58d36

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_mips.deb
      Size/MD5 checksum:   159334 f38217f9558ec4c103a0d1c9bfe02bf4

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_mipsel.deb
      Size/MD5 checksum:   160156 4b32d4438b1995a7cc24976758fb62f1

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_powerpc.deb
      Size/MD5 checksum:   153006 24b2ee9faa345b0ba56be739fba058da

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_s390.deb
      Size/MD5 checksum:   154356 7d2c1c3c0ddb85fa15e641f89a931584

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xli/xli_1.17.0-18sarge1_sparc.deb
      Size/MD5 checksum:   145736 3d10b9672a0f48b0b3d06d14060203d5


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDSq8sW5ql+IAeqTIRArkpAJ9foOWDTsb1As9Wx8nDanOIBuN2wgCdGl7F
HsRkpJZN1wyGoA//uvCUXqs=
=mIUJ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F40572)

Debian Linux Security Advisory 858-1 (PacketStormID:F40572)
2005-10-11 00:00:00
Debian  security.debian.org
advisory,overflow,arbitrary
linux,debian
CVE-2005-3178
[点击下载]

Debian Security Advisory DSA 858-1 - Ariel Berkman discovered several buffer overflows in xloadimage, a graphics file viewer for X11, that can be exploited via large image titles and cause the execution of arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 858-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
October 10th, 2005                      http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : xloadimage
Vulnerability  : buffer overflows
Problem type   : local (remote)
Debian-specific: no
CVE ID         : CAN-2005-3178
Debian Bug     : 332524

Ariel Berkman discovered several buffer overflows in xloadimage, a
graphics file viewer for X11, that can be exploited via large image
titles and cause the execution of arbitrary code.

For the old stable distribution (woody) these problems have been fixed in
version 4.1-10woody2.

For the stable distribution (sarge) these problems have been fixed in
version 4.1-14.3.

For the unstable distribution (sid) these problems have been fixed in
version 4.1-15.

We recommend that you upgrade your xloadimage package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2.dsc
      Size/MD5 checksum:      608 2b194d25f2cd86d8c1b1f2f5a467bcc9
    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2.diff.gz
      Size/MD5 checksum:    50186 53a9172758b709cf3f0e99936d47c4a4
    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1.orig.tar.gz
      Size/MD5 checksum:   596021 7331850fc04056ab8ae6b5725d1fb3d2

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_alpha.deb
      Size/MD5 checksum:   139088 7be358557b829074706d31d8e02482e6

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_arm.deb
      Size/MD5 checksum:   111128 6b7317be277325f505f73e15e4a2e5d1

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_i386.deb
      Size/MD5 checksum:   105382 0ab75115524b1bc8de2e6ef3f4a44eeb

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_ia64.deb
      Size/MD5 checksum:   169892 25d4ed26d2a77ef23e496daf5f7123e0

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_hppa.deb
      Size/MD5 checksum:   125956 92a18e4bfb850b4e0d45edd854241bef

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_m68k.deb
      Size/MD5 checksum:    99060 d8b7db59ee60184b1c6655d44ae9d8ab

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_mips.deb
      Size/MD5 checksum:   119736 3224dc48075eebeb2204e24f41a9be8b

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_mipsel.deb
      Size/MD5 checksum:   119622 0309e0d20f98b0baf6b9d464dc2f9c92

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_powerpc.deb
      Size/MD5 checksum:   112998 bb0d48772430bacf901f91413e58b8cb

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_s390.deb
      Size/MD5 checksum:   113296 7704a714f140c824f9a76a68bb0cf5fb

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-10woody2_sparc.deb
      Size/MD5 checksum:   115220 c42cc65553599e953baf2140c5f63365


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3.dsc
      Size/MD5 checksum:      613 c22e9b8a14b2e3cb09db7b0eaaceb74e
    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3.diff.gz
      Size/MD5 checksum:    66821 75afd2e1725f602ea7ee6c31677de491
    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1.orig.tar.gz
      Size/MD5 checksum:   596021 7331850fc04056ab8ae6b5725d1fb3d2

  Alpha architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_alpha.deb
      Size/MD5 checksum:   144484 b56080219d894c106d3930893e0c5efb

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_amd64.deb
      Size/MD5 checksum:   117762 f96ca8e4fd5c8181508cda671e250835

  ARM architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_arm.deb
      Size/MD5 checksum:   113260 6f70e2fd9b04aab3acb31e8f32d8004f

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_i386.deb
      Size/MD5 checksum:   112570 939143ec3b3c1a9de86a3d239c21dd9d

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_ia64.deb
      Size/MD5 checksum:   168800 ce97c7a1db1491382d7bec6388920098

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_hppa.deb
      Size/MD5 checksum:   127336 307fcd295e7f63204f21c3484dc07d84

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_m68k.deb
      Size/MD5 checksum:   102792 bd1d5a3337433499a89946f6377ac3c6

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_mips.deb
      Size/MD5 checksum:   124776 8bfe51681d7619d7850325ea00f87f5a

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_mipsel.deb
      Size/MD5 checksum:   125416 027a884f264f32c67b1d5cc0c9d48e98

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_powerpc.deb
      Size/MD5 checksum:   120466 3ed583a03a58367e6e26d99d1f30f050

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_s390.deb
      Size/MD5 checksum:   120484 3990984d86ef50845d894b57d0036f36

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/x/xloadimage/xloadimage_4.1-14.3_sparc.deb
      Size/MD5 checksum:   112758 d9d7f94f2722b0a9b1fd7ea09955e3e7


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDSqpZW5ql+IAeqTIRAnbUAKCfDSaDuklZfGVCbqXTTTvrYguOkQCfXyho
oHdjxiiFQXcOVyxXHFgAu5M=
=AfZ3
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

19882
Xloadimage / xli NIFF Image Title Field Overflow
Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-10-05 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

XLoadImage Multiple Remote Buffer Overflow Vulnerabilities
Boundary Condition Error 15051
Yes No
2005-10-10 12:00:00 2006-11-30 04:59:00
Discovery is credited to Ariel Berkman.

- 受影响的程序版本

xloadimage xloadimage 4.1
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Gentoo Linux
- Netscape Communicator 4.77
- Netscape Communicator 4.76
- Netscape Communicator 4.75
- Netscape Communicator 4.74
- Netscape Communicator 4.73
- Netscape Communicator 4.72
- Netscape Communicator 4.7
- RedHat PowerTools 6.2
+ Turbolinux Home
+ Turbolinux Turbolinux Desktop 10.0
+ Turbolinux Turbolinux Server 10.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
xli xli 1.17
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Gentoo Linux
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
- Mandriva Linux Mandrake 8.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SGI Advanced Linux Environment 3.0
SCO Unixware 7.1.4
SCO Unixware 7.1.3
SCO Open Server 6.0
SCO Open Server 5.0.7
SCO Open Server 5.0.6 a
SCO Open Server 5.0.6
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Red Hat Enterprise Linux AS 3
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Avaya Messaging Storage Server
Avaya Message Networking
Avaya Intuity LX
Avaya CVLAN

- 漏洞讨论

The xloadimage utility is affected by multiple remotely exploitable buffer-overflow vulnerabilities.

The problems present themselves when the application processes malformed image titles.

An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access.

- 漏洞利用


Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案


Please see the referenced advisories for more information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com


xli xli 1.17

xloadimage xloadimage 4.1

SCO Open Server 5.0.6

SCO Open Server 5.0.7

SCO Open Server 6.0

SCO Unixware 7.1.3

SCO Unixware 7.1.4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站