CVE-2005-3912
CVSS7.5
发布时间 :2005-11-30 06:03:00
修订时间 :2011-03-07 21:27:21
NMCOPS    

[原文]Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl.


[CNNVD]Perl Webmin miniserv.pl格式化字符串漏洞(CNNVD-200511-503)

        Perl是一种免费且功能强大的编程语言。
        在Webmin 1.250以前版本,和Usermin 1.180以前版本的Perl Web Server中,其miniserv.pl存在格式化字符串漏洞,这允许远程攻击者通过提供给登录窗体的username参数(这个参数最终会被syslog函数使用)来发起拒绝服务攻击,并可以执行任意的代码。
        注意:这些代码执行可能与perl的问题有关系。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:webmin:webmin:1.1.60
cpe:/a:webmin:webmin:1.2.40

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3912
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200511-503
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/archive/1/archive/1/418093/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20051129 Webmin miniserv.pl format string vulnerability
http://www.dyadsecurity.com/webmin-0001.html
(VENDOR_ADVISORY)  MISC  http://www.dyadsecurity.com/webmin-0001.html
http://secunia.com/advisories/17749
(VENDOR_ADVISORY)  SECUNIA  17749
http://lists.immunitysec.com/pipermail/dailydave/2005-November/002685.html
(VENDOR_ADVISORY)  MLIST  [Dailydave] 20051129 Webmin miniserv.pl format string vulnerability
http://www.webmin.com/uchanges-1.180.html
(UNKNOWN)  CONFIRM  http://www.webmin.com/uchanges-1.180.html
http://www.webmin.com/security.html
(UNKNOWN)  CONFIRM  http://www.webmin.com/security.html
http://www.webmin.com/changes-1.250.html
(UNKNOWN)  CONFIRM  http://www.webmin.com/changes-1.250.html
http://www.vupen.com/english/advisories/2005/2660
(UNKNOWN)  VUPEN  ADV-2005-2660
http://www.novell.com/linux/security/advisories/2005_30_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:030
http://www.gentoo.org/security/en/glsa/glsa-200512-02.xml
(UNKNOWN)  GENTOO  GLSA-200512-02
http://www.debian.org/security/2006/dsa-1199
(UNKNOWN)  DEBIAN  DSA-1199
http://secunia.com/advisories/22556
(VENDOR_ADVISORY)  SECUNIA  22556
http://secunia.com/advisories/18101
(VENDOR_ADVISORY)  SECUNIA  18101
http://secunia.com/advisories/17942
(VENDOR_ADVISORY)  SECUNIA  17942
http://secunia.com/advisories/17878
(VENDOR_ADVISORY)  SECUNIA  17878
http://secunia.com/advisories/17817
(UNKNOWN)  SECUNIA  17817
http://www.mandriva.com/security/advisories?name=MDKSA-2005:223
(UNKNOWN)  MANDRIVA  MDKSA-2005:223

- 漏洞信息

Perl Webmin miniserv.pl格式化字符串漏洞
高危 格式化字符串
2005-11-30 00:00:00 2007-05-22 00:00:00
远程※本地  
        Perl是一种免费且功能强大的编程语言。
        在Webmin 1.250以前版本,和Usermin 1.180以前版本的Perl Web Server中,其miniserv.pl存在格式化字符串漏洞,这允许远程攻击者通过提供给登录窗体的username参数(这个参数最终会被syslog函数使用)来发起拒绝服务攻击,并可以执行任意的代码。
        注意:这些代码执行可能与perl的问题有关系。
        

- 公告与补丁

        暂无数据

- 漏洞信息 (F42048)

Mandriva Linux Security Advisory 2005.223 (PacketStormID:F42048)
2005-12-03 00:00:00
Mandriva  mandriva.com
advisory,remote,web,denial of service,arbitrary,perl
linux,mandriva
CVE-2005-3912
[点击下载]

Mandriva Linux Security Advisory - Jack Louis discovered a format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled. This can allow remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2005:223
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : webmin
 Date    : December 2, 2005
 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Jack Louis discovered a format string vulnerability in miniserv.pl 
 Perl web server in Webmin before 1.250 and Usermin before 1.180, 
 with syslog logging enabled. This can allow remote attackers to cause 
 a denial of service (crash or memory consumption) and possibly execute 
 arbitrary code via format string specifiers in the username parameter 
 to the login form, which is ultimately used in a syslog call.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3912
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 10.1:
 1c75e57f72de9b9eb187d18de15d9a0b  10.1/RPMS/webmin-1.150-3.2.101mdk.noarch.rpm
 fb3f30131577c5e7e799ee58264055aa  10.1/SRPMS/webmin-1.150-3.2.101mdk.src.rpm

 Mandriva Linux 10.1/X86_64:
 39782b6c2fe898596023ad384cd2d5ce  x86_64/10.1/RPMS/webmin-1.150-3.2.101mdk.noarch.rpm
 fb3f30131577c5e7e799ee58264055aa  x86_64/10.1/SRPMS/webmin-1.150-3.2.101mdk.src.rpm

 Mandriva Linux 10.2:
 5ff784b1c60b7cc2fbc39487c22b6b78  10.2/RPMS/webmin-1.180-1.2.102mdk.noarch.rpm
 060c31856652e82003997150f9403021  10.2/SRPMS/webmin-1.180-1.2.102mdk.src.rpm

 Mandriva Linux 10.2/X86_64:
 a268a1aa09cf68c7727aa7f0f479c8ac  x86_64/10.2/RPMS/webmin-1.180-1.2.102mdk.noarch.rpm
 060c31856652e82003997150f9403021  x86_64/10.2/SRPMS/webmin-1.180-1.2.102mdk.src.rpm

 Mandriva Linux 2006.0:
 25b784d8c69c42f5f816272f47528156  2006.0/RPMS/webmin-1.220-9.2.20060mdk.noarch.rpm
 64772a0268b55e2d2650f4c43f4fe0b2  2006.0/SRPMS/webmin-1.220-9.2.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 bab0f651f140671b4bb01f65b9799de9  x86_64/2006.0/RPMS/webmin-1.220-9.2.20060mdk.noarch.rpm
 64772a0268b55e2d2650f4c43f4fe0b2  x86_64/2006.0/SRPMS/webmin-1.220-9.2.20060mdk.src.rpm

 Corporate Server 2.1:
 303bd86b1156ea7ff6d08654fe824707  corporate/2.1/RPMS/webmin-0.990-6.6.C21mdk.noarch.rpm
 0141850dc79c0ef041bd077264213dc9  corporate/2.1/SRPMS/webmin-0.990-6.6.C21mdk.src.rpm

 Corporate Server 2.1/X86_64:
 8bb1b1dd0afea4178626fd6d8470b730  x86_64/corporate/2.1/RPMS/webmin-0.990-6.6.C21mdk.noarch.rpm
 0141850dc79c0ef041bd077264213dc9  x86_64/corporate/2.1/SRPMS/webmin-0.990-6.6.C21mdk.src.rpm

 Corporate 3.0:
 5826c5c5fea5793c594d4fa46cae6338  corporate/3.0/RPMS/webmin-1.121-4.5.C30mdk.noarch.rpm
 d38cdd7a15e0340ca4e5aa95e8a5b5ec  corporate/3.0/SRPMS/webmin-1.121-4.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 abd80f852fa1c5628da3613623a1f1c1  x86_64/corporate/3.0/RPMS/webmin-1.121-4.5.C30mdk.noarch.rpm
 d38cdd7a15e0340ca4e5aa95e8a5b5ec  x86_64/corporate/3.0/SRPMS/webmin-1.121-4.5.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDkKSNmqjQ0CJFipgRAv02AJ9jK/zjwWYPUmxU+eLOPHfHcknTDgCg1wxA
OjWMSwu8XOcyXiJlYfhP3eI=
=fmDq
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息

21222
Webmin/Usermin miniserv.pl Format String Remote Code Execution
Remote / Network Access, Local / Remote, Context Dependent Input Manipulation
Loss of Integrity
Exploit Commercial

- 漏洞描述

- 时间线

2005-11-29 2005-09-23
Unknow Unknow

- 解决方案

Upgrade to Webmin version 1.250, Usermin version 1.180 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Perl Perl_sv_vcatpvfn Format String Integer Wrap Vulnerability
Input Validation Error 15629
Yes Yes
2005-11-29 12:00:00 2008-07-24 11:18:00
Jack Louis of Dyad Security discovered this vulnerability. Previous research into Perl format string vulnerabilities is credited to Steven M. Christey, Jean-loup Gailly, and Arjan de Vet.

- 受影响的程序版本

Webmin Webmin 1.240
Webmin Webmin 1.230
Webmin Webmin 1.220
Webmin Webmin 1.210
Webmin Webmin 1.200
Webmin Webmin 1.190
Webmin Webmin 1.180
Webmin Webmin 1.170
Webmin Webmin 1.160
Webmin Webmin 1.150
Webmin Webmin 1.140
Webmin Webmin 1.130
Webmin Webmin 1.121
Webmin Webmin 1.110
Webmin Webmin 1.100
Webmin Webmin 1.0 90
Webmin Webmin 1.0 80
Webmin Webmin 1.0 70
+ HP Apache-Based Web Server 1.3.27 .01
+ HP Apache-Based Web Server 1.3.27 .01
+ HP Webmin-Based Admin 1.0.1 .01
+ HP Webmin-Based Admin 1.0.1 .01
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
Webmin Webmin 1.0 60
Webmin Webmin 1.0 50
Webmin Webmin 1.0 20
Webmin Webmin 1.0 00
Webmin Webmin 0.990
Webmin Webmin 0.980
Webmin Webmin 0.970
Webmin Webmin 0.960
Webmin Webmin 0.950
Webmin Webmin 0.94
Webmin Webmin 0.93
Webmin Webmin 0.92 -1
Webmin Webmin 0.92
Webmin Webmin 0.91
Webmin Webmin 0.89
Webmin Webmin 0.88
Webmin Webmin 0.85
Webmin Webmin 0.80
Webmin Webmin 0.79
Webmin Webmin 0.78
Webmin Webmin 0.77
Webmin Webmin 0.76
Webmin Webmin 0.51
Webmin Webmin 0.42
Webmin Webmin 0.41
Webmin Webmin 0.31
Webmin Webmin 0.22
Webmin Webmin 0.21
Webmin Webmin 0.8.5 Red Hat
+ RedHat Linux 7.0
Webmin Webmin 0.8.4
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux Desktop 2.3
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.1
- SCO eDesktop 2.4
- SCO eDesktop 2.4
- SCO eServer 2.3.1
Webmin Webmin 0.8.3
- Caldera OpenLinux 2.4
- Caldera OpenLinux 2.4
- Caldera OpenLinux 2.3
- Caldera OpenLinux 2.3
- MandrakeSoft Corporate Server 1.0.1
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.1
Webmin Webmin 0.7
Webmin Webmin 0.6
Webmin Webmin 0.5 x
Webmin Webmin 0.5
Webmin Webmin 0.4
Webmin Webmin 0.3
Webmin Webmin 0.2
Webmin Webmin 0.1
Webmin Usermin 1.170
Webmin Usermin 1.160
Webmin Usermin 1.150
Webmin Usermin 1.140
Webmin Usermin 1.130
Webmin Usermin 1.120
Webmin Usermin 1.110
Webmin Usermin 1.0
Webmin Usermin 1.0
Webmin Usermin 0.99
+ Mandriva Linux Mandrake 9.0
Webmin Usermin 0.98
Webmin Usermin 0.97
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
Webmin Usermin 0.96
Webmin Usermin 0.95
Webmin Usermin 0.94
Webmin Usermin 0.93
Webmin Usermin 0.92
Webmin Usermin 0.91
Webmin Usermin 0.9
Webmin Usermin 0.8
Webmin Usermin 0.7
Webmin Usermin 0.6
Webmin Usermin 0.5
Webmin Usermin 0.4
Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
Sun Solaris 10.0_x86
Sun Solaris 10
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
RedHat Linux 9.0 i386
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
OpenPKG OpenPKG 2.5
OpenPKG OpenPKG 2.4
OpenPKG OpenPKG 2.3
OpenPKG OpenPKG Current
OpenBSD OpenBSD 3.8
OpenBSD OpenBSD 3.7
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Larry Wall Perl 5.9.2
Larry Wall Perl 5.8.7
Larry Wall Perl 5.8.6
Larry Wall Perl 5.8.5
+ Turbolinux Turbolinux Server 10.0
Larry Wall Perl 5.8.4 -5
Larry Wall Perl 5.8.4 -4
Larry Wall Perl 5.8.4 -3
Larry Wall Perl 5.8.4 -2.3
Larry Wall Perl 5.8.4 -2
Larry Wall Perl 5.8.4 -1
Larry Wall Perl 5.8.4
Larry Wall Perl 5.8.3
Larry Wall Perl 5.8.1
Larry Wall Perl 5.8 .0-88.3
Larry Wall Perl 5.8
Larry Wall Perl 5.6.1
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ Turbolinux Turbolinux Server 8.0
+ Turbolinux Turbolinux Server 7.0
+ Turbolinux Turbolinux Workstation 8.0
+ Turbolinux Turbolinux Workstation 7.0
Larry Wall Perl 5.6
Larry Wall Perl 5.0 05_003
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2
+ Debian Linux 2.1 sparc
+ Debian Linux 2.1 alpha
+ Debian Linux 2.1 68k
+ Debian Linux 2.1
+ Mandriva Linux Mandrake 7.0
+ Mandriva Linux Mandrake 6.1
+ Mandriva Linux Mandrake 6.0
+ RedHat Linux 6.2 E sparc
+ RedHat Linux 6.2 E i386
+ RedHat Linux 6.2 E alpha
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ RedHat Linux 6.1 sparc
+ RedHat Linux 6.1 i386
+ RedHat Linux 6.1 alpha
+ RedHat Linux 6.0 sparc
+ RedHat Linux 6.0 alpha
+ RedHat Linux 6.0
+ SCO eDesktop 2.4
+ SCO eServer 2.3
+ Trustix Trustix Secure Linux 1.1
+ Turbolinux Turbolinux 6.0.4
+ Turbolinux Turbolinux 6.0.3
+ Turbolinux Turbolinux 6.0.2
+ Turbolinux Turbolinux 6.0.1
+ Turbolinux Turbolinux 6.0
+ Turbolinux Turbolinux 4.4
+ Turbolinux Turbolinux 4.2
+ Turbolinux Turbolinux 4.0
Larry Wall Perl 5.0 05
Larry Wall Perl 5.0 04_05
+ RedHat Linux 5.2 sparc
+ RedHat Linux 5.2 i386
+ RedHat Linux 5.2 alpha
+ RedHat Linux 5.1
+ RedHat Linux 5.0
Larry Wall Perl 5.0 04_04
Larry Wall Perl 5.0 04
Larry Wall Perl 5.0 03
IPCop IPCop 1.4.20
HP Tru64 5.1 B-3
HP Tru64 5.1 B-2 PK4 (BL25)
HP Tru64 5.1 B-2 PK4
HP Tru64 5.1 A PK6 (BL24)
HP Tru64 5.1 A PK6
HP Internet Express 6.4
HP Internet Express 6.3
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Curtis Hawthorne TN3270RG 1.1 .0
Curtis Hawthorne TN3270RG 1.0.1
Curtis Hawthorne TN3270RG 1.0 .0
Conectiva Linux 10.0
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.3.9
Webmin Webmin 1.250
Webmin Usermin 1.180
IPCop IPCop 1.4.21
Curtis Hawthorne TN3270RG 1.1.1

- 不受影响的程序版本

Webmin Webmin 1.250
Webmin Usermin 1.180
IPCop IPCop 1.4.21
Curtis Hawthorne TN3270RG 1.1.1

- 漏洞讨论

Perl is prone to a format-string vulnerability because it fails to properly handle format specifiers in formatted-printing functions.

An attacker may leverage this issue to write to arbitrary process memory, facilitating code execution in the context of the Perl interpreter process. This can result in unauthorized remote access.

Developers should treat the formatted-printing functions in Perl as equivalently vulnerable to exploits as the C library versions and should properly sanitize all data passed in the format-specifier argument.

All applications that use formatted-printing functions in an unsafe manner should be considered exploitable.

- 漏洞利用

An exploit against Webmin is available to members of the Immunity Partner's program.

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

- 解决方案

Webmin has released updated versions of Webmin and Usermin to fix the insecure usage of the formatted-printing functions.

Please see the referenced vendor advisories for more information.


Sun Solaris 10

Webmin Webmin 0.2

Webmin Webmin 0.42

Webmin Webmin 0.5 x

Webmin Webmin 0.5

Webmin Webmin 0.6

Webmin Usermin 0.7

Webmin Webmin 0.76

Webmin Webmin 0.78

Webmin Webmin 0.8.3

Webmin Webmin 0.8.4

Webmin Webmin 0.8.5 Red Hat

Webmin Usermin 0.9

Webmin Webmin 0.91

Webmin Usermin 0.92

Webmin Webmin 0.92

Webmin Webmin 0.93

Webmin Usermin 0.95

Webmin Webmin 0.950

Webmin Webmin 0.960

Webmin Usermin 0.97

Webmin Webmin 0.970

Webmin Usermin 0.99

Webmin Webmin 0.990

Curtis Hawthorne TN3270RG 1.0 .0

Webmin Webmin 1.0 80

Webmin Webmin 1.0 20

Webmin Webmin 1.0 00

Webmin Webmin 1.0 70

Webmin Webmin 1.100

Webmin Usermin 1.130

Webmin Usermin 1.150

Webmin Webmin 1.160

Webmin Usermin 1.170

Webmin Webmin 1.190

Webmin Webmin 1.220

Webmin Webmin 1.230

Webmin Webmin 1.240

Larry Wall Perl 5.8.4 -2

Larry Wall Perl 5.8.5

Larry Wall Perl 5.8.7

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站