CVE-2005-3424
CVSS4.3
发布时间 :2005-11-01 17:02:00
修订时间 :2011-03-07 21:26:30
NMCOPS    

[原文]Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.


[CNNVD]GNU gnump3d错误页面跨站脚本漏洞(CNNVD-200511-007)

        GNUMP3d 是一款小巧易用的流体服务器。
        GNUMP3D 2.9.5之前版本中的跨站脚本攻击(XSS)漏洞可让远程攻击者通过404错误页面注入任意Web脚本或HTML,它是与CVE-2005-3425不同的漏洞。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:gnu:gnump3d:2.9.3GNU GNUMP3D 2.9.3
cpe:/a:gnu:gnump3d:2.9.2GNU GNUMP3D 2.9.2
cpe:/a:gnu:gnump3d:2.5GNU GNUMP3D 2.5
cpe:/a:gnu:gnump3d:2.6GNU GNUMP3D 2.6
cpe:/a:gnu:gnump3d:2.9GNU GNUMP3D 2.9
cpe:/a:gnu:gnump3d:2.1GNU GNUMP3D 2.1
cpe:/a:gnu:gnump3d:2.3GNU GNUMP3D 2.3
cpe:/a:gnu:gnump3d:2.5bGNU GNUMP3D 2.5b
cpe:/a:gnu:gnump3d:2.2GNU GNUMP3D 2.2
cpe:/a:gnu:gnump3d:2.8GNU GNUMP3D 2.8
cpe:/a:gnu:gnump3d:2.7GNU GNUMP3D 2.7
cpe:/a:gnu:gnump3d:2.9.1GNU GNUMP3D 2.9.1
cpe:/a:gnu:gnump3d:2.9.4GNU GNUMP3D 2.9.4
cpe:/a:gnu:gnump3d:2.4GNU GNUMP3D 2.4
cpe:/a:gnu:gnump3d:2.0GNU GNUMP3D 2.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3424
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3424
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-007
(官方数据源) CNNVD

- 其它链接及资源

http://www.osvdb.org/20359
(PATCH)  OSVDB  20359
http://www.debian.org/security/2005/dsa-877
(VENDOR_ADVISORY)  DEBIAN  DSA-877
http://secunia.com/advisories/17351
(VENDOR_ADVISORY)  SECUNIA  17351
http://lists.gnu.org/archive/html/gnump3d-users/2005-10/msg00013.html
(PATCH)  MLIST  [Gnump3d-users] 20051028 New release - security fixes.
http://www.vupen.com/english/advisories/2005/2242
(UNKNOWN)  VUPEN  ADV-2005-2242
http://www.gnu.org/software/gnump3d/ChangeLog
(UNKNOWN)  CONFIRM  http://www.gnu.org/software/gnump3d/ChangeLog
http://www.securityfocus.com/bid/15226
(UNKNOWN)  BID  15226
http://www.novell.com/linux/security/advisories/2005_28_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:028

- 漏洞信息

GNU gnump3d错误页面跨站脚本漏洞
中危 跨站脚本
2005-11-01 00:00:00 2005-11-15 00:00:00
远程  
        GNUMP3d 是一款小巧易用的流体服务器。
        GNUMP3D 2.9.5之前版本中的跨站脚本攻击(XSS)漏洞可让远程攻击者通过404错误页面注入任意Web脚本或HTML,它是与CVE-2005-3425不同的漏洞。

- 公告与补丁

        暂无数据

- 漏洞信息 (F41359)

Gentoo Linux Security Advisory 200511-5 (PacketStormID:F41359)
2005-11-08 00:00:00
Gentoo  security.gentoo.org
advisory,xss
linux,gentoo
CVE-2005-3424,CVE-2005-3425,CVE-2005-3123
[点击下载]

Gentoo Linux Security Advisory GLSA 200511-05 - Steve Kemp reported about two cross-site scripting attacks that are related to the handling of files. Also reported is a directory traversal vulnerability which comes from the attempt to sanitize input paths. Versions less than 2.9.7 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200511-05
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: GNUMP3d: Directory traversal and XSS vulnerabilities
      Date: November 06, 2005
      Bugs: #109667
        ID: 200511-05

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

GNUMP3d is vulnerable to directory traversal and cross-site scripting
attacks that may result in information disclosure or the compromise of
a browser.

Background
==========

GNUMP3d is a streaming server for MP3s, OGG vorbis files, movies and
other media formats.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /  Vulnerable  /                  Unaffected
    -------------------------------------------------------------------
  1  media-sound/gnump3d       < 2.9.7                        >= 2.9.7

Description
===========

Steve Kemp reported about two cross-site scripting attacks that are
related to the handling of files (CVE-2005-3424, CVE-2005-3425). Also
reported is a directory traversal vulnerability which comes from the
attempt to sanitize input paths (CVE-2005-3123).

Impact
======

A remote attacker could exploit this to disclose sensitive information
or inject and execute malicious script code, potentially compromising
the victim's browser.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All GNUMP3d users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-sound/gnump3d-2.9.7"

References
==========

  [ 1 ] CVE-2005-3123
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3123
  [ 2 ] CVE-2005-3424
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3424
  [ 3 ] CVE-2005-3425
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3425

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200511-05.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息

20359
GNUMP3d Error Page XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

GNUMP3d contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate URLs before returning them in a 404 error page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2005-10-28 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.9.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

GNU gnump3d Error Page Cross-Site Scripting Vulnerability
Input Validation Error 15226
Yes No
2005-10-28 12:00:00 2005-10-28 12:00:00
Discovery credited to Steve Kemp.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
GNU gnump3d 2.9.5
+ Gentoo Linux
GNU gnump3d 2.9.4
GNU gnump3d 2.9.3
GNU gnump3d 2.9.2
GNU gnump3d 2.9.1
GNU gnump3d 2.9
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
GNU gnump3d 2.9.6

- 不受影响的程序版本

GNU gnump3d 2.9.6

- 漏洞讨论

GNU gnump3d is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

- 漏洞利用

An exploit is not required.

- 解决方案

Debian has released advisory DSA 877-1 and fixes to address this issue. Please see the referenced advisory for further information.

SUSE has released advisory SUSE-SR:2005:025 to address this, and other issues in various packages, in various SUSE products. The advisory states that there are pending fixes for this issue in SUSE products. Please see the referenced advisory for further information.

Gentoo has released advisory GLSA 200511-05 to address this issue. Gentoo updates may be applied by running the following commands as the superuser:

emerge --sync
emerge --ask --oneshot --verbose ">=media-sound/gnump3d-2.9.7"

SUSE has released advisory SUSE-SR:2005:027 to address this, and other issues in various packages, in various SUSE products. The advisory states that there are pending fixes for this issue in SUSE products. Please see the referenced advisory for further information.

SUSE advisory SUSE-SR:2005:028 is available to address various issues. Please see the referenced advisory for more information.

A fix is available:


GNU gnump3d 2.9

GNU gnump3d 2.9.1

GNU gnump3d 2.9.2

GNU gnump3d 2.9.3

GNU gnump3d 2.9.4

GNU gnump3d 2.9.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站