CVE-2005-3863
CVSS7.5
发布时间 :2005-11-29 06:03:00
修订时间 :2011-08-04 00:00:00
NMCOPS    

[原文]Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro.


[CNNVD]Ktools kkstrtext.h远程缓冲区溢出漏洞(CNNVD-200511-447)

        ktools是用于提供各种文本模式用户界面控制的函数库。
        ktools的kkstrtext.h中存在缓冲区溢出漏洞:
        #define VGETSTRING(c, fmt)
        {
        va_list vgs__ap; char vgs__buf[1024];
        va_start(vgs__ap, fmt);
        vsprintf(vgs__buf, fmt, vgs__ap); c = vgs__buf;
        va_end(vgs__ap);
        }
        攻击者可以通过发送超长字符串导致执行任意代码。例如,在centericq中攻击者可以以超过1024个字符的字段编辑联系人信息导致溢出,获得非授权访问。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-119 [内存缓冲区边界内操作的限制不恰当]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3863
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3863
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-447
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2006/dsa-1088
(VENDOR_ADVISORY)  DEBIAN  DSA-1088
http://www.debian.org/security/2006/dsa-1083
(VENDOR_ADVISORY)  DEBIAN  DSA-1083
http://secunia.com/advisories/20446
(VENDOR_ADVISORY)  SECUNIA  20446
http://secunia.com/advisories/20368
(VENDOR_ADVISORY)  SECUNIA  20368
http://secunia.com/advisories/18081
(VENDOR_ADVISORY)  SECUNIA  18081
http://xforce.iss.net/xforce/xfdb/23233
(UNKNOWN)  XF  ktools-kkstrtext-bo(23233)
http://www.zone-h.org/en/advisories/read/id=8480/
(VENDOR_ADVISORY)  MISC  http://www.zone-h.org/en/advisories/read/id=8480/
http://www.vupen.com/english/advisories/2006/2062
(VENDOR_ADVISORY)  VUPEN  ADV-2006-2062
http://www.vupen.com/english/advisories/2005/2605
(VENDOR_ADVISORY)  VUPEN  ADV-2005-2605
http://www.securityfocus.com/bid/15600
(UNKNOWN)  BID  15600
http://www.securityfocus.com/archive/1/archive/1/417906/100/0/threaded
(UNKNOWN)  BUGTRAQ  20051127 ZRCSA-200503 - ktools Buffer Overflow Vulnerability
http://www.osvdb.org/21161
(UNKNOWN)  OSVDB  21161
http://security.gentoo.org/glsa/glsa-200608-27.xml
(UNKNOWN)  GENTOO  GLSA-200608-27
http://security.gentoo.org/glsa/glsa-200512-11.xml
(UNKNOWN)  GENTOO  GLSA-200512-11
http://secunia.com/advisories/21684
(VENDOR_ADVISORY)  SECUNIA  21684
http://secunia.com/advisories/20329
(VENDOR_ADVISORY)  SECUNIA  20329
http://secunia.com/advisories/17768
(VENDOR_ADVISORY)  SECUNIA  17768

- 漏洞信息

Ktools kkstrtext.h远程缓冲区溢出漏洞
高危 缓冲区溢出
2005-11-29 00:00:00 2006-06-12 00:00:00
远程  
        ktools是用于提供各种文本模式用户界面控制的函数库。
        ktools的kkstrtext.h中存在缓冲区溢出漏洞:
        #define VGETSTRING(c, fmt)
        {
        va_list vgs__ap; char vgs__buf[1024];
        va_start(vgs__ap, fmt);
        vsprintf(vgs__buf, fmt, vgs__ap); c = vgs__buf;
        va_end(vgs__ap);
        }
        攻击者可以通过发送超长字符串导致执行任意代码。例如,在centericq中攻击者可以以超过1024个字符的字段编辑联系人信息导致溢出,获得非授权访问。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://konst.org.ua/ktools

- 漏洞信息 (F47019)

Debian Linux Security Advisory 1088-1 (PacketStormID:F47019)
2006-06-05 00:00:00
Debian  debian.org
advisory,remote,overflow,arbitrary,local,protocol
linux,debian
CVE-2005-3863
[点击下载]

Debian Security Advisory 1088-1 - Mehdi Oudad and Kevin Fernandez discovered a buffer overflow in the ktools library which is used in centericq, a text-mode multi-protocol instant messenger client, which may lead local or remote attackers to execute arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1088-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
June 3rd, 2006                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : centericq
Vulnerability  : buffer overflow
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2005-3863
BugTraq ID     : 15600
Debian Bug     : 340959

Mehdi Oudad and Kevin Fernandez discovered a buffer overflow in the
ktools library which is used in centericq, a text-mode multi-protocol
instant messenger client, which may lead local or remote attackers to
execute arbitrary code.

For the old stable distribution (woody) this problem has been fixed in
version 4.5.1-1.1woody2.

For the stable distribution (sarge) this problem has been fixed in
version 4.20.0-1sarge4.

For the unstable distribution (sid) this problem has been fixed in
version 4.21.0-6.

We recommend that you upgrade your centericq package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2.dsc
      Size/MD5 checksum:      603 792e9548d8f6d540c26fa0fdbdd1df57
    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2.diff.gz
      Size/MD5 checksum:     3827 dc51504b36a05b003de1d22c2c879223
    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1.orig.tar.gz
      Size/MD5 checksum:   680625 e50121ea43a54140939b7bec8efdefe0

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_alpha.deb
      Size/MD5 checksum:   868742 1e533bd67111dbaca069ec6a7e9122ec

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_arm.deb
      Size/MD5 checksum:   809068 400376da91c99a970032220e39de0c73

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_i386.deb
      Size/MD5 checksum:   648950 4b30966a06e54085bbb8db33f03beeca

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_ia64.deb
      Size/MD5 checksum:   930922 f8aaa7129fb4ffc5de2468662166db5f

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_hppa.deb
      Size/MD5 checksum:   821294 79ffab208975e12fb264cbb4ef36c6b3

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_m68k.deb
      Size/MD5 checksum:   612174 969fff39d5249b24d5c711cc312a92d4

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_mips.deb
      Size/MD5 checksum:   649086 11f73ccf6f59687b0e9f4eb2d939fc93

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_mipsel.deb
      Size/MD5 checksum:   634462 2a54c83a7a9f5a47495e7d608d2705bd

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_powerpc.deb
      Size/MD5 checksum:   633210 21767275a156aa5309d2febe03e395db

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_s390.deb
      Size/MD5 checksum:   534764 483dda7f47f832ef50ae50a721164e62

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.5.1-1.1woody2_sparc.deb
      Size/MD5 checksum:   617338 1eeee2554ee66d37458909aea51e0b18


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4.dsc
      Size/MD5 checksum:      851 347a8183b403014c403f1757f353e436
    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4.diff.gz
      Size/MD5 checksum:   106308 ee5a0e2b155ab6ee35c7be04941cb574
    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0.orig.tar.gz
      Size/MD5 checksum:  1796894 874165f4fbd40e3be677bdd1696cee9d

  Alpha architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_alpha.deb
      Size/MD5 checksum:  1650570 6addf20af3c5fce5003cfcd998c88dad
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_alpha.deb
      Size/MD5 checksum:   336024 cabf30b626c0b1ffc7adc474e650b0da
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_alpha.deb
      Size/MD5 checksum:  1651594 c9b361454f6ed7546d6b7fcfb417c420
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_alpha.deb
      Size/MD5 checksum:  1650632 414f32a3fee64fcfe7b98365d64486f1

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_amd64.deb
      Size/MD5 checksum:  1355518 6bc3845c82740d0b089337dd3068078e
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_amd64.deb
      Size/MD5 checksum:   336006 6eee21ecd6ee4600813192d98ca172e7
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_amd64.deb
      Size/MD5 checksum:  1355798 226ae854f90219c9cc8c662b9be2e903
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_amd64.deb
      Size/MD5 checksum:  1355566 27d8db8b20503f0527e558846b20ebbb

  ARM architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_arm.deb
      Size/MD5 checksum:  2185394 bf00243e825f49f26585f547cec1f404
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_arm.deb
      Size/MD5 checksum:   336028 ce7a340b924cb1ab7a571fdc0c301945
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_arm.deb
      Size/MD5 checksum:  2186140 adf229a4553875379348b1688f910678
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_arm.deb
      Size/MD5 checksum:  2185460 7375a4503258d1fcb9d4f03d34b54cf4

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_i386.deb
      Size/MD5 checksum:  1348826 1f8a99153aa93509805a95eedfb1e493
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_i386.deb
      Size/MD5 checksum:   335880 51caf40c0a4cb709ed257453e46fcc74
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_i386.deb
      Size/MD5 checksum:  1349608 2b46f86353b8b1323e6776c23c434750
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_i386.deb
      Size/MD5 checksum:  1348924 608dd61bfbb98d99867eefabcccbbbae

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_ia64.deb
      Size/MD5 checksum:  1881388 88f88e10e529a68cfb6ebd2d9ce76fb2
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_ia64.deb
      Size/MD5 checksum:   335984 577780bd2cf3fffd54f985dfe71c9b28
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_ia64.deb
      Size/MD5 checksum:  1882292 9d43ae3452ed00c896882a40f4e2b21f
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_ia64.deb
      Size/MD5 checksum:  1881456 a5350a5fe409bfc0545ce0d3b6201e99

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_hppa.deb
      Size/MD5 checksum:  1812604 ba840154c90fa7fd5c5d27f629a4e7d0
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_hppa.deb
      Size/MD5 checksum:   336684 49cbe7f7dacb8774e60cde1c436647eb
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_hppa.deb
      Size/MD5 checksum:  1813616 3a3358848c14c28e63a317a87111bcf5
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_hppa.deb
      Size/MD5 checksum:  1812646 d4d53c94a0670042863ba66bf822c8af

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_m68k.deb
      Size/MD5 checksum:  1399506 050350f784fa16edc990a0af9094d360
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_m68k.deb
      Size/MD5 checksum:   336772 ff95d538d955d3f3a29c2b1b76b1629b
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_m68k.deb
      Size/MD5 checksum:  1400204 6787c44b90c3e24a2e550661f2070024
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_m68k.deb
      Size/MD5 checksum:  1399546 960a182de7c92c96153f95f7858288b6

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_mips.deb
      Size/MD5 checksum:  1493242 45baa39468c703cebbb3e7135992fe08
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_mips.deb
      Size/MD5 checksum:   336704 aa4c66a0022918403b8b5725f888f1f9
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_mips.deb
      Size/MD5 checksum:  1493744 7758a3e4853e9735bddceecdde402a37
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_mips.deb
      Size/MD5 checksum:  1493310 3b92ec1941f96ba976c7c98824231566

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_mipsel.deb
      Size/MD5 checksum:  1483388 bf669f331a7becc56851b41c70f0dbcf
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_mipsel.deb
      Size/MD5 checksum:   336048 7a7ecf280bc1d03e79af0cfa794ddb9a
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_mipsel.deb
      Size/MD5 checksum:  1483970 c3cd579d088ad124053bd73a2633a470
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_mipsel.deb
      Size/MD5 checksum:  1483438 7d1493bfa167fd7f7644232e215fad7f

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_powerpc.deb
      Size/MD5 checksum:  1386192 92d2bce7027d47f82e68f50a2a54892f
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_powerpc.deb
      Size/MD5 checksum:   336702 8cab14ba1f096f2e2588120b5cf06e97
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_powerpc.deb
      Size/MD5 checksum:  1386680 58e198a5b828b1abb309630ecf966bf7
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_powerpc.deb
      Size/MD5 checksum:  1386242 8e54c9ce0432cebc1c9f95001d6edb15

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_s390.deb
      Size/MD5 checksum:  1194054 20c8220d71c45fc511d363fd434e88eb
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_s390.deb
      Size/MD5 checksum:   336668 078e0cf4a6ba1e74668f7f8cf04adb0d
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_s390.deb
      Size/MD5 checksum:  1194422 49ac26d59e6c572f38dfdd061945fa36
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_s390.deb
      Size/MD5 checksum:  1194088 5eb550e0f1d026c258ad84f7ef7f680e

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/c/centericq/centericq_4.20.0-1sarge4_sparc.deb
      Size/MD5 checksum:  1326004 a7db40a610eb3b6dcfe96a5909cc8313
    http://security.debian.org/pool/updates/main/c/centericq/centericq-common_4.20.0-1sarge4_sparc.deb
      Size/MD5 checksum:   336682 f28c264b6cedbf41aaf46e32f7bb7c12
    http://security.debian.org/pool/updates/main/c/centericq/centericq-fribidi_4.20.0-1sarge4_sparc.deb
      Size/MD5 checksum:  1327028 044779001762380ee8a32bcc1193ea12
    http://security.debian.org/pool/updates/main/c/centericq/centericq-utf8_4.20.0-1sarge4_sparc.deb
      Size/MD5 checksum:  1326022 3084bf7ba7146a24608d84796a9c50eb


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEgVrDW5ql+IAeqTIRAtIcAJ4+BQphYGBEYIdt1yHM1gtTIRvqAACfeD0J
/iIK+wH3787jC5ldRs9JDQQ=
=Cy0Z
-----END PGP SIGNATURE-----

    

- 漏洞信息

21161
ktools VGETSTRING Function Overflow
Local Access Required Input Manipulation
Loss of Integrity

- 漏洞描述

A local overflow exists in ktools. The 'VGETSTRING()' function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2005-11-26 2005-11-18
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

KTools Remote Buffer Overflow Vulnerability
Boundary Condition Error 15600
Yes No
2005-11-28 12:00:00 2006-11-28 07:15:00
Discovery is credited to Mehdi Oudad "deepfear" and Kevin Fernandez "Siegfried" from the Zone-H Research Team.

- 受影响的程序版本

Motor Motor 3.4
Motor Motor 3.2.2
ktools ktools 0.3
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Centericq Centericq 4.21
Centericq Centericq 4.20
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
Centericq Centericq 4.5.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0

- 漏洞讨论

The ktools library is prone to a remote buffer-overflow vulnerability.

An attacker may execute arbitrary code with the privileges of the application and gain unauthorized remote access.

Version 0.3 (and prior) of ktools is vulnerable to this issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfos.commailto:vuldb@securityfos.com.

Please see the references for vendor advisories and fixes.


Motor Motor 3.2.2

Motor Motor 3.4

Centericq Centericq 4.20

Centericq Centericq 4.5.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站