CVE-2006-0236
CVSS5.1
发布时间 :2006-01-17 20:07:00
修订时间 :2011-03-07 00:00:00
NMCOS    

[原文]GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment.


[CNNVD]Mozilla Thunderbird文件附件欺骗漏洞(CNNVD-200601-170)

        Mozilla Thunderbird 1.0.2、1.0.6和1.0.7中的GUI显示截断漏洞,可让需要用户协助的攻击者使用文件名中包含大量空格并以Thunderbird未显示的危险扩展名结尾的附件,以及可用来欺骗用户通过拖动或保存附件下载危险内容的不一致Content-Type(内容类型)头来执行任意代码。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-94 [对生成代码的控制不恰当(代码注入)]

- CPE (受影响的平台与产品)

cpe:/a:mozilla:thunderbird:1.0.5Mozilla Thunderbird 1.0.5
cpe:/a:mozilla:thunderbird:1.0.1Mozilla Thunderbird 1.0.1
cpe:/a:mozilla:thunderbird:1.0.7Mozilla Thunderbird 1.0.7
cpe:/a:mozilla:thunderbird:1.0Mozilla Thunderbird 1.0
cpe:/a:mozilla:thunderbird:1.0.6Mozilla Thunderbird 1.0.6
cpe:/a:mozilla:thunderbird:1.0.2Mozilla Thunderbird 1.0.2
cpe:/a:mozilla:thunderbird:1.5:beta2Mozilla Thunderbird 1.5 Beta 2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0236
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0236
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200601-170
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/16271
(PATCH)  BID  16271
http://www.securityfocus.com/archive/1/archive/1/422148/100/0/threaded
(VENDOR_ADVISORY)  BUGTRAQ  20060117 Secunia Research: Mozilla Thunderbird Attachment SpoofingVulnerability
http://secunia.com/secunia_research/2005-22/advisory
(VENDOR_ADVISORY)  MISC  http://secunia.com/secunia_research/2005-22/advisory
http://secunia.com/advisories/15907
(VENDOR_ADVISORY)  SECUNIA  15907
https://bugzilla.mozilla.org/show_bug.cgi?id=300246
(UNKNOWN)  CONFIRM  https://bugzilla.mozilla.org/show_bug.cgi?id=300246
http://xforce.iss.net/xforce/xfdb/24164
(UNKNOWN)  XF  thunderbird-attachment-ext-spoofing(24164)
http://www.vupen.com/english/advisories/2006/0230
(VENDOR_ADVISORY)  VUPEN  ADV-2006-0230
http://www.mandriva.com/security/advisories?name=MDKSA-2006:021
(UNKNOWN)  MANDRIVA  MDKSA-2006:021

- 漏洞信息

Mozilla Thunderbird文件附件欺骗漏洞
中危 设计错误
2006-01-17 00:00:00 2006-08-28 00:00:00
远程  
        Mozilla Thunderbird 1.0.2、1.0.6和1.0.7中的GUI显示截断漏洞,可让需要用户协助的攻击者使用文件名中包含大量空格并以Thunderbird未显示的危险扩展名结尾的附件,以及可用来欺骗用户通过拖动或保存附件下载危险内容的不一致Content-Type(内容类型)头来执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Mozilla Thunderbird 1.0
        Mozilla Thunderbird 1.5.x
        http://www.mozilla.com/thunderbird/
        Mozilla Thunderbird 1.0.1
        Mozilla Thunderbird 1.5.x
        http://www.mozilla.com/thunderbird/
        Mozilla Thunderbird 1.0.2
        Mozilla Thunderbird 1.5.x
        http://www.mozilla.com/thunderbird/
        Mozilla Thunderbird 1.0.5
        Mozilla Thunderbird 1.5.x
        http://www.mozilla.com/thunderbird/
        Mozilla Thunderbird 1.0.6
        Mozilla Thunderbird 1.5.x
        http://www.mozilla.com/thunderbird/
        Mozilla Thunderbird 1.0.7
        Mozilla Thunderbird 1.5.x
        http://www.mozilla.com/thunderbird/
        Mozilla Thunderbird 1.5 beta 2
        Mozilla Thunderbird 1.5.x
        http://www.mozilla.com/thunderbird/
        

- 漏洞信息

22510
Mozilla Thunderbird Attachment Extension Spoofing
Remote / Network Access
Loss of Integrity Upgrade
Exploit Unknown Vendor Verified

- 漏洞描述

Mozilla Thunderbird contains a flaw related to the way it handles attachment file names that may allow an attacker to trick a user into downloading dangerous content.

- 时间线

2006-01-17 2005-07-01
Unknow Unknow

- 解决方案

Upgrade to version 1.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Mozilla Thunderbird File Attachment Spoofing Vulnerability
Design Error 16271
Yes No
2006-01-17 12:00:00 2006-12-20 09:32:00
Discovered by Andreas Sandblad, Secunia Research.

- 受影响的程序版本

Mozilla Thunderbird 1.5 beta 2
Mozilla Thunderbird 1.0.7
Mozilla Thunderbird 1.0.6
Mozilla Thunderbird 1.0.5
Mozilla Thunderbird 1.0.2
Mozilla Thunderbird 1.0.1
Mozilla Thunderbird 1.0
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mozilla Thunderbird 1.5

- 不受影响的程序版本

Mozilla Thunderbird 1.5

- 漏洞讨论

Mozilla Thunderbird is prone to a file-attachment spoofing vulnerability.

Successful exploitation may allow attackers to place malicious files on a user's computer by tricking users into saving seemingly safe attachments. If the user subsequently opens the file, this vulnerability may facilitate arbitrary code execution in the context of the user.

Thunderbird versions prior to 1.5 are affected.

- 漏洞利用

An exploit is not required.

- 解决方案

Mozilla Thunderbird 1.5 has been released to address this issue.

Mandriva has released advisory MDKSA-2006:021, along with fixes to address this issue. Please see the referenced advisory for further information.


Mozilla Thunderbird 1.0

Mozilla Thunderbird 1.0.1

Mozilla Thunderbird 1.0.2

Mozilla Thunderbird 1.0.5

Mozilla Thunderbird 1.0.6

Mozilla Thunderbird 1.0.7

Mozilla Thunderbird 1.5 beta 2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站