CVE-2005-3269
CVSS7.5
发布时间 :2005-10-20 19:02:00
修订时间 :2016-10-17 23:34:17
NMCOS    

[原文]Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges.


[CNNVD]多款目录服务器/证书服务器控制台栈溢出漏洞(CNNVD-200510-153)

        Sun Java System Directory Server 5.2 2003Q4, 2004Q2, 2005Q1, (2) Red Hat Directory Server (3) Certificate Server 7.1以前版本 SP1, (4) Sun ONE Directory Server 5.1 SP4 和早期版本(5) Sun ONE Administration Server 5.2 的HTTP administrative接口的help.cgi中存在缓冲区溢出漏洞,允许远程攻击者引发拒绝服务攻击或者本地攻击者获得root权限。
        Red Hat目录服务器是用于集中管理应用设置、组数据、策略等内容的基于LDAP的服务器。
        Red Hat目录服务器和证书服务器中存在缓冲区溢出漏洞,成功的攻击可以导致完全入侵服务器。
        此漏洞影响管理控制台的Admin页面。攻击者可以在某些环境下远程利用这个漏洞执行任意代码,本地用户也可以利用这个漏洞获得超级用户权限。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

cpe:/a:sun:java_system_directory_proxy_server:5.2:2003q4Sun Java System Directory Proxy Server 5.2 2003Q4
cpe:/a:sun:java_system_directory_server:5.2Sun Java System Directory Server 5.2
cpe:/a:sun:one_directory_server:5.0_sp2
cpe:/a:sun:java_system_directory_server:5.2:2003q4Sun Java System Directory Server 5.2 2003Q4
cpe:/a:sun:one_administration_server:5.2Sun Sun ONE Administration Server 5.2
cpe:/a:sun:one_directory_server:5.1Sun ONE Directory Server 5.1
cpe:/a:sun:one_directory_server:4.16:sp1Sun Sun ONE Directory Server 4.16 SP1
cpe:/a:sun:java_system_directory_server:5.2:2004q2Sun Java System Directory Server 5.2 2004Q2
cpe:/a:sun:java_system_directory_server:5.2:2005q1Sun Java System Directory Server 5.2 2005Q1
cpe:/a:sun:one_directory_server:5.1::x86
cpe:/a:sun:one_directory_server:5.1:sp3:x86Sun Sun ONE Directory Server 5.1 SP3 x86
cpe:/a:sun:one_directory_server:4.16Sun ONE Directory Server 4.16
cpe:/a:sun:one_directory_server:5.0Sun ONE Directory Server 5.0
cpe:/a:sun:one_directory_server:5.1:sp4Sun Sun ONE Directory Server 5.1 SP4
cpe:/a:sun:one_directory_server:5.1:sp3Sun Sun ONE Directory Server 5.1 SP3
cpe:/a:sun:one_directory_server:5.1:sp2Sun ONE Directory Server 5.1 SP2
cpe:/a:sun:one_directory_server:5.1:sp1Sun ONE Directory Server 5.1 SP1
cpe:/a:sun:java_system_directory_proxy_server:5.2:2004q2Sun Java System Directory Proxy Server 5.2 2004Q2
cpe:/a:sun:java_system_directory_proxy_server:5.2:2005q1Sun Java System Directory Proxy Server 5.2 2005Q1
cpe:/a:sun:one_directory_server:5.0:sp1Sun ONE Directory Server 5.0 SP1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3269
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3269
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-153
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=112862037500012&w=2
(UNKNOWN)  BUGTRAQ  20051006 High Risk Vulnerability in Sun Directory Server
http://marc.info/?l=bugtraq&m=113815459026080&w=2
(UNKNOWN)  BUGTRAQ  20060122 High Risk Vulnerability in Red Hat Directory Server and Red Hat Certificate Server
http://securityreason.com/securityalert/367
(UNKNOWN)  SREASON  367
http://securityreason.com/securityalert/51
(UNKNOWN)  SREASON  51
http://securitytracker.com/id?1015014
(UNKNOWN)  SECTRACK  1015014
http://securitytracker.com/id?1015536
(UNKNOWN)  SECTRACK  1015536
http://securitytracker.com/id?1015537
(UNKNOWN)  SECTRACK  1015537
http://securitytracker.com/id?1015538
(UNKNOWN)  SECTRACK  1015538
http://sunsolve.sun.com/search/document.do?assetkey=1-21-117665-03-1
(PATCH)  CONFIRM  http://sunsolve.sun.com/search/document.do?assetkey=1-21-117665-03-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102002-1
(UNKNOWN)  SUNALERT  102002
http://sunsolve.sun.com/search/document.do?assetkey=1-66-228419-1
(UNKNOWN)  SUNALERT  228419
http://www.securityfocus.com/bid/15013
(UNKNOWN)  BID  15013
http://www.securityfocus.com/bid/16345
(UNKNOWN)  BID  16345
http://www.vupen.com/english/advisories/2005/1988
(VENDOR_ADVISORY)  VUPEN  ADV-2005-1988
http://xforce.iss.net/xforce/xfdb/24311
(UNKNOWN)  XF  redhat-directory-admin-bo(24311)

- 漏洞信息

多款目录服务器/证书服务器控制台栈溢出漏洞
高危 缓冲区溢出
2005-10-20 00:00:00 2006-06-13 00:00:00
远程※本地  
        Sun Java System Directory Server 5.2 2003Q4, 2004Q2, 2005Q1, (2) Red Hat Directory Server (3) Certificate Server 7.1以前版本 SP1, (4) Sun ONE Directory Server 5.1 SP4 和早期版本(5) Sun ONE Administration Server 5.2 的HTTP administrative接口的help.cgi中存在缓冲区溢出漏洞,允许远程攻击者引发拒绝服务攻击或者本地攻击者获得root权限。
        Red Hat目录服务器是用于集中管理应用设置、组数据、策略等内容的基于LDAP的服务器。
        Red Hat目录服务器和证书服务器中存在缓冲区溢出漏洞,成功的攻击可以导致完全入侵服务器。
        此漏洞影响管理控制台的Admin页面。攻击者可以在某些环境下远程利用这个漏洞执行任意代码,本地用户也可以利用这个漏洞获得超级用户权限。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.redhat.com/apps/support/errata/index.html

- 漏洞信息

19881
Sun Java System Directory Server Unspecified HTTP Admin Interface Issue

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-10-06 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Sun ONE Directory Server Unspecified Remote Arbitrary Command Execution Vulnerability
Unknown 15013
Yes No
2005-10-06 12:00:00 2008-03-18 12:30:00
Discovery is credited to Peter Winter-Smith of NGSSoftware.

- 受影响的程序版本

Sun ONE Directory Server 5.2 patch 3
Sun ONE Directory Server 5.2
Sun ONE Directory Server 5.1 SP4
Sun ONE Directory Server 5.1 x86
Sun ONE Directory Server 5.1 SP3 x86
Sun ONE Directory Server 5.1 SP3
Sun ONE Directory Server 5.1 SP2
Sun ONE Directory Server 5.1 SP1
Sun ONE Directory Server 5.1
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- RedHat Linux 7.2
- Sun Linux 5.0.3
- Sun Linux 5.0
+ Sun Solaris 9_x86
+ Sun Solaris 9
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
Sun ONE Directory Server 5.0 SP2
Sun ONE Directory Server 5.0 SP1
Sun ONE Directory Server 5.0
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- RedHat Linux 7.2
- Sun Linux 5.0.3
- Sun Linux 5.0
- Sun Solaris 9_x86
- Sun Solaris 9
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
Sun ONE Directory Server 4.16 SP1
Sun ONE Directory Server 4.16
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6a
- RedHat Linux 7.2
- Sun Linux 5.0.3
- Sun Linux 5.0
- Sun Solaris 9_x86
- Sun Solaris 9
- Sun Solaris 8_x86
- Sun Solaris 8_sparc
Sun ONE Administration Server 5.2
Sun Java System Directory Server 5.2 2005Q1
Sun Java System Directory Server 5.2 2004Q2
Sun Java System Directory Server 5.2 2003Q4
Sun Java System Directory Server 5.2
Sun Java System Directory Proxy Server 5.2 2005Q1
Sun Java System Directory Proxy Server 5.2 2004Q2
Sun Java System Directory Proxy Server 5.2 2003Q4
Sun ONE Directory Server 5.2 patch 4

- 不受影响的程序版本

Sun ONE Directory Server 5.2 patch 4

- 漏洞讨论

Sun ONE Directory Server is prone to an unspecified vulnerability that allows remote attackers to execute arbitrary commands with superuser privileges, facilitating the complete compromise of affected computers.

The cause of this issue was not specified.

Very few technical details are currently available. We will update this BID as more information emerges.

- 漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Sun has released Sun Alert ID 102002 along with patches to address this issue. Please see the referenced advisory for more information.


Sun Java System Directory Server 5.2 2004Q2

Sun Java System Directory Server 5.2 2005Q1

Sun Java System Directory Server 5.2

Sun Java System Directory Server 5.2 2003Q4

Sun Java System Directory Proxy Server 5.2 2004Q2

Sun ONE Administration Server 5.2

Sun Java System Directory Proxy Server 5.2 2005Q1

Sun ONE Directory Server 5.2

Sun ONE Directory Server 5.2 patch 3

Sun Java System Directory Proxy Server 5.2 2003Q4

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站