CVE-2005-3964
CVSS7.5
发布时间 :2005-12-02 06:03:00
修订时间 :2016-10-17 23:38:00
NMCOS    

[原文]Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.


[CNNVD]Open Motif libUil open_source_file()文件名扩展缓冲区溢出漏洞(CNNVD-200512-035)

        Open Motif是开放源码版本的Motif,为很多软件和硬件提供工业标准图形用户界面。
        Open Motif的用户界面语言(libUil)中存在缓冲区溢出漏洞,攻击者可能利用漏洞提升权限。
        在Clients/uil/UilSrcSrc.c文件中:
         620 status
         621 open_source_file( XmConst char *c_file_name,
         622 uil_fcb_type *az_fcb,
         623 src_source_buffer_type *az_source_buffer )
         624 {
         625
         626 static unsigned short main_dir_len = 0;
         627 boolean main_file;
         628 int i; /* loop index through
        include files */
         629 char buffer[256];
         630
         631
         632 /* place the file name in the expanded_name buffer */
         633
         634 strcpy(buffer, c_file_name);
         635
         636 /* Determine if this is the main file or an include file. */
         637
         638 main_file = (main_fcb == NULL);
         639
        在634行如果用户提供了超长数据的话,调用strcpy就会导致缓冲区溢出,允许攻击者执行代码或获得权限提升。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9393Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3964
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3964
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-035
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=full-disclosure&m=113349242925897&w=2
(UNKNOWN)  FULLDISC  20051201 [xfocus-SD-051202]openMotif-libUil-Multiple_vulnerability
http://securitytracker.com/id?1015303
(UNKNOWN)  SECTRACK  1015303
http://www.redhat.com/support/errata/RHSA-2006-0272.html
(UNKNOWN)  REDHAT  RHSA-2006:0272
http://www.redhat.com/support/errata/RHSA-2008-0261.html
(UNKNOWN)  REDHAT  RHSA-2008:0261
http://www.securityfocus.com/archive/1/archive/1/418459/100/0/threaded
(UNKNOWN)  BUGTRAQ  20051202 [xfocus-SD-051202]openMotif libUil Multiple vulnerability
http://www.securityfocus.com/bid/15684
(UNKNOWN)  BID  15684
http://www.securityfocus.com/bid/15686
(UNKNOWN)  BID  15686
http://www.vupen.com/english/advisories/2005/2709
(UNKNOWN)  VUPEN  ADV-2005-2709
http://xforce.iss.net/xforce/xfdb/23388
(UNKNOWN)  XF  openmotif-diagissuediagnostic-bo(23388)
http://xforce.iss.net/xforce/xfdb/23389
(UNKNOWN)  XF  openmotif-opensourcefile-bo(23389)

- 漏洞信息

Open Motif libUil open_source_file()文件名扩展缓冲区溢出漏洞
高危 缓冲区溢出
2005-12-02 00:00:00 2005-12-02 00:00:00
远程※本地  
        Open Motif是开放源码版本的Motif,为很多软件和硬件提供工业标准图形用户界面。
        Open Motif的用户界面语言(libUil)中存在缓冲区溢出漏洞,攻击者可能利用漏洞提升权限。
        在Clients/uil/UilSrcSrc.c文件中:
         620 status
         621 open_source_file( XmConst char *c_file_name,
         622 uil_fcb_type *az_fcb,
         623 src_source_buffer_type *az_source_buffer )
         624 {
         625
         626 static unsigned short main_dir_len = 0;
         627 boolean main_file;
         628 int i; /* loop index through
        include files */
         629 char buffer[256];
         630
         631
         632 /* place the file name in the expanded_name buffer */
         633
         634 strcpy(buffer, c_file_name);
         635
         636 /* Determine if this is the main file or an include file. */
         637
         638 main_file = (main_fcb == NULL);
         639
        在634行如果用户提供了超长数据的话,调用strcpy就会导致缓冲区溢出,允许攻击者执行代码或获得权限提升。

- 公告与补丁

        

- 漏洞信息

21493
openMotif libUil UilDiags.c diag_issue_diagnostic Function Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-12-02 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Open Motif libUil Open_source_file Buffer Overflow Vulnerability
Boundary Condition Error 15686
Yes Yes
2005-12-02 12:00:00 2008-07-02 08:00:00
Reported by <alert7@xfocus.org>.

- 受影响的程序版本

RedHat Network Satellite (for RHEL 4) 4.2
Red Hat Red Hat Network Satellite Server 4.2
Red Hat Network Satellite (for RHEL 3) 4.2
Open Motif Open Motif 2.2.3

- 漏洞讨论

A buffer-overflow vulnerability affects libUil (User Interface Language) and can leave applications that link to the library vulnerable.

Successful exploits may result in a remote compromise or local privilege escalation, depending on the affected application linked to the library.

Open Motif is derived from the original Motif code maintained by the Open Group. Motif is likely also vulnerable.

NOTE: This issue was originally reported in BID 15678 (Open Motif libUil Buffer Overflow Vulnerabilities); it is now being assigned a new record.

- 漏洞利用

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 解决方案

Fixes are available. Please see the references for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站