CVE-2005-4470
CVSS7.5
发布时间 :2005-12-21 19:03:00
修订时间 :2011-03-07 21:28:21
NMCOP    

[原文]Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.


[CNNVD]Blender BlenLoader文件处理整数溢出漏洞(CNNVD-200512-507)

        Blender BlenLoader 2.0至2.40pre版本中的readfile.c的get_bhead函数存在栈缓冲区溢出,远程攻击者可以通过一个带有负 bhead.len值的.blend文件导致可能由于整数溢出而引起的内存分配少于期望值,从而发起拒绝服务攻击(应用程序崩溃)并可能执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:blender:blenloader:2.26
cpe:/a:blender:blenloader:2.31a
cpe:/a:blender:blenloader:2.33a
cpe:/a:blender:blenloader:2.0
cpe:/a:blender:blenloader:2.34
cpe:/a:blender:blenloader:2.40_pre
cpe:/a:blender:blenloader:2.28a
cpe:/a:blender:blenloader:2.37
cpe:/a:blender:blenloader:2.27
cpe:/a:blender:blenloader:2.30
cpe:/a:blender:blenloader:2.33
cpe:/a:blender:blenloader:2.35
cpe:/a:blender:blenloader:2.32
cpe:/a:blender:blenloader:2.39
cpe:/a:blender:blenloader:2.04
cpe:/a:blender:blenloader:2.25
cpe:/a:blender:blenloader:2.28c
cpe:/a:blender:blenloader:2.28
cpe:/a:blender:blenloader:2.37a
cpe:/a:blender:blenloader:2.40_alpha

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4470
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-4470
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200512-507
(官方数据源) CNNVD

- 其它链接及资源

http://www.vupen.com/english/advisories/2005/3032
(UNKNOWN)  VUPEN  ADV-2005-3032
http://www.securityfocus.com/bid/15981
(UNKNOWN)  BID  15981
http://www.securityfocus.com/archive/1/archive/1/419907/100/0/threaded
(UNKNOWN)  BUGTRAQ  20051220 [Overflow.pl] Blender BlenLoader Integer Overflow
http://www.overflow.pl/adv/blenderinteger.txt
(UNKNOWN)  MISC  http://www.overflow.pl/adv/blenderinteger.txt
http://secunia.com/advisories/18176
(VENDOR_ADVISORY)  SECUNIA  18176
http://www.ubuntulinux.org/support/documentation/usn/usn-238-2
(UNKNOWN)  UBUNTU  USN-238-2
http://www.gentoo.org/security/en/glsa/glsa-200601-08.xml
(UNKNOWN)  GENTOO  GLSA-200601-08
http://www.debian.org/security/2006/dsa-1039
(UNKNOWN)  DEBIAN  DSA-1039
http://secunia.com/advisories/19754
(UNKNOWN)  SECUNIA  19754
http://secunia.com/advisories/18452
(UNKNOWN)  SECUNIA  18452
http://secunia.com/advisories/18178
(UNKNOWN)  SECUNIA  18178

- 漏洞信息

Blender BlenLoader文件处理整数溢出漏洞
高危 缓冲区溢出
2005-12-21 00:00:00 2005-12-28 00:00:00
远程  
        Blender BlenLoader 2.0至2.40pre版本中的readfile.c的get_bhead函数存在栈缓冲区溢出,远程攻击者可以通过一个带有负 bhead.len值的.blend文件导致可能由于整数溢出而引起的内存分配少于期望值,从而发起拒绝服务攻击(应用程序崩溃)并可能执行任意代码。

- 公告与补丁

        

- 漏洞信息 (F42871)

Ubuntu Security Notice 238-2 (PacketStormID:F42871)
2006-01-08 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary
linux,ubuntu
CVE-2005-4470
[点击下载]

Ubuntu Security Notice USN-238-2 - Damian Put discovered that Blender did not properly validate a length value in .blend files. Negative values led to an insufficiently sized memory allocation. By tricking a user into opening a specially crafted .blend file, this could be exploited to execute arbitrary code with the privileges of the Blender user.

===========================================================
Ubuntu Security Notice USN-238-2	   January 06, 2006
blender vulnerability
CVE-2005-4470
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

blender

The problem can be corrected by upgrading the affected package to
version 2.37a-1ubuntu1.1.  In general, a standard system upgrade is
sufficient to effect the necessary changes.

The original advisory in USN-238-1 accidentially contained a wrong CVE
number and advisory text. We apologize for this error.

Details follow:

Damian Put discovered that Blender did not properly validate a
'length' value in .blend files. Negative values led to an
insufficiently sized memory allocation. By tricking a user into
opening a specially crafted .blend file, this could be exploited to
execute arbitrary code with the privileges of the Blender user.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1.diff.gz
      Size/MD5:    11607 282c2bc853abdd9fcadeb94fd42d293f
    http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1.dsc
      Size/MD5:      759 f6d6c5fe8bba50202cb60db85a1f3240
    http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a.orig.tar.gz
      Size/MD5:  7885589 2af6afdb01c1d297c43602982d9a919c

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_amd64.deb
      Size/MD5:  4791610 926553266642bd9f625e1b27dccd23ff

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_i386.deb
      Size/MD5:  4113452 ee9f2a301ed054d9c56dd2412757465b

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/b/blender/blender_2.37a-1ubuntu1.1_powerpc.deb
      Size/MD5:  4641056 8b75ee14b6ce089d7172c88343a1b821
    

- 漏洞信息

22011
Blender BlenLoader get_bhead() Function Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-12-20 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站