CVE-2006-2083
CVSS7.5
发布时间 :2006-04-28 17:02:00
修订时间 :2011-03-07 21:35:12
NMCOS    

[原文]Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.


[CNNVD]rsync receive_xattr()函数 整数溢出漏洞(CNNVD-200604-542)

        rsync是一款对网站进行镜像备份的程序。
        rsync在应用了xattrs.diff补丁后receive_xattr()函数中存在整数溢出漏洞。攻击者可以通过特制的扩展属性触发缓冲区溢出,导致执行任意代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:andrew_tridgell:rsync:2.6.6
cpe:/a:andrew_tridgell:rsync:2.6.4
cpe:/a:andrew_tridgell:rsync:2.6.5
cpe:/a:andrew_tridgell:rsync:2.6.3
cpe:/a:andrew_tridgell:rsync:2.6.7
cpe:/a:andrew_tridgell:rsync:2.6.2
cpe:/a:andrew_tridgell:rsync:2.6.1
cpe:/a:andrew_tridgell:rsync:2.6.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2083
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2083
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200604-542
(官方数据源) CNNVD

- 其它链接及资源

http://www.vupen.com/english/advisories/2006/1606
(UNKNOWN)  VUPEN  ADV-2006-1606
http://www.trustix.org/errata/2006/0024
(UNKNOWN)  TRUSTIX  2006-0024
http://www.securityfocus.com/bid/17788
(UNKNOWN)  BID  17788
http://www.gentoo.org/security/en/glsa/glsa-200605-05.xml
(UNKNOWN)  GENTOO  GLSA-200605-05
http://secunia.com/advisories/20011
(UNKNOWN)  SECUNIA  20011
http://secunia.com/advisories/19964
(UNKNOWN)  SECUNIA  19964
http://secunia.com/advisories/19920
(UNKNOWN)  SECUNIA  19920
http://samba.anu.edu.au/ftp/rsync/rsync-2.6.8-NEWS
(UNKNOWN)  CONFIRM  http://samba.anu.edu.au/ftp/rsync/rsync-2.6.8-NEWS
http://xforce.iss.net/xforce/xfdb/26208
(UNKNOWN)  XF  rsync-xattr-overflow(26208)

- 漏洞信息

rsync receive_xattr()函数 整数溢出漏洞
高危 缓冲区溢出
2006-04-28 00:00:00 2006-08-22 00:00:00
远程  
        rsync是一款对网站进行镜像备份的程序。
        rsync在应用了xattrs.diff补丁后receive_xattr()函数中存在整数溢出漏洞。攻击者可以通过特制的扩展属性触发缓冲区溢出,导致执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://samba.anu.edu.au/rsync/download.html
        http://security.gentoo.org/glsa/glsa-200605-05.xml

- 漏洞信息

25159
rsync xattrs.diff Patch receive_xattr() Function Overflow
Input Manipulation
Loss of Integrity
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2006-04-22 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.6.8 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

RSync Receive_XATTR Integer Overflow Vulnerability
Boundary Condition Error 17788
Yes No
2006-05-02 12:00:00 2006-05-08 05:14:00
This issue was disclosed by the vendor.

- 受影响的程序版本

Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
rsync rsync 2.6.7
rsync rsync 2.6.6
+ Ubuntu Ubuntu Linux 6.06 LTS sparc
+ Ubuntu Ubuntu Linux 6.06 LTS powerpc
+ Ubuntu Ubuntu Linux 6.06 LTS i386
+ Ubuntu Ubuntu Linux 6.06 LTS amd64
rsync rsync 2.6.5
rsync rsync 2.6.5
rsync rsync 2.6.2
+ OpenPKG OpenPKG 2.1
rsync rsync 2.6.1
rsync rsync 2.6
+ OpenPKG OpenPKG 2.0
rsync rsync 2.5.7
rsync rsync 2.5.6
+ Mandriva Linux Mandrake 9.2
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ OpenBSD OpenBSD 3.4
+ OpenBSD OpenBSD 3.3
+ OpenBSD OpenBSD 3.2
+ OpenBSD OpenBSD 3.1
+ OpenBSD OpenBSD 3.0
+ OpenPKG OpenPKG 1.3
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG Current
+ Red Hat Fedora Core1
+ S.u.S.E. Linux Personal 9.0
+ S.u.S.E. Linux Personal 8.2
+ Slackware Linux 9.1
+ Slackware Linux 9.0
rsync rsync 2.5.5
+ Conectiva Linux 9.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Mandriva Linux Mandrake 9.0
+ S.u.S.E. Linux 8.1
+ Slackware Linux 8.1
rsync rsync 2.5.4
+ Immunix Immunix OS 7.3
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Multi Network Firewall 2.0
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
rsync rsync 2.5.3
rsync rsync 2.5.2
+ Immunix Immunix OS 7+
rsync rsync 2.5.1
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.1
rsync rsync 2.5 .0
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.1
rsync rsync 2.4.8
rsync rsync 2.4.6
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ EnGarde Secure Linux 1.0.1
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ S.u.S.E. Linux 8.0
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
rsync rsync 2.4.5
rsync rsync 2.4.4
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
rsync rsync 2.4.3
+ Caldera OpenLinux 3.1 -IA64
+ Caldera OpenLinux 2.3
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1
+ Trustix Secure Linux 1.1
rsync rsync 2.4.1
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ Trustix Secure Linux 1.0 1
rsync rsync 2.4 .0
rsync rsync 2.3.2 -1.3
rsync rsync 2.3.2 -1.2 sparc
+ Debian Linux 2.2 sparc
rsync rsync 2.3.2 -1.2 PPC
+ Debian Linux 2.2 powerpc
rsync rsync 2.3.2 -1.2 m68k
+ Debian Linux 2.2 68k
rsync rsync 2.3.2 -1.2 intel
+ Debian Linux 2.2 IA-32
rsync rsync 2.3.2 -1.2 ARM
+ Debian Linux 2.2 arm
rsync rsync 2.3.2 -1.2 alpha
+ Debian Linux 2.2 alpha
rsync rsync 2.3.2
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4 alpha
rsync rsync 2.3.1
+ Caldera OpenLinux eBuilder 3.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ SCO eDesktop 2.4
+ SCO eServer 2.3.1
rsync rsync 2.6.8
+ Ubuntu Ubuntu Linux 6.10 sparc
+ Ubuntu Ubuntu Linux 6.10 powerpc
+ Ubuntu Ubuntu Linux 6.10 i386
+ Ubuntu Ubuntu Linux 6.10 amd64

- 不受影响的程序版本

rsync rsync 2.6.8
+ Ubuntu Ubuntu Linux 6.10 sparc
+ Ubuntu Ubuntu Linux 6.10 powerpc
+ Ubuntu Ubuntu Linux 6.10 i386
+ Ubuntu Ubuntu Linux 6.10 amd64

- 漏洞讨论

The rsync utility is susceptible to a remote integer-overflow vulnerability. This issue is due to the application's failure to properly ensure that user-supplied input doesn't overflow integer values. This may result in user-supplied data being copied past the end of a memory buffer.

Attackers may exploit this issue to execute arbitrary machine code in the context of the affected application, facilitating in the compromise of affected computers.

Versions of rsync prior to 2.6.8 that have had the 'xattrs.diff' patch applied are vulnerable to this issue.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

The vendor has released version 2.6.8 of rsync, which includes a fixed version of the 'xattrs.diff' patch to address this issue.

Please see the referenced vendor advisories for further information.


rsync rsync 2.3.1

rsync rsync 2.3.2 -1.2 sparc

rsync rsync 2.3.2

rsync rsync 2.3.2 -1.2 ARM

rsync rsync 2.3.2 -1.2 m68k

rsync rsync 2.3.2 -1.3

rsync rsync 2.3.2 -1.2 alpha

rsync rsync 2.3.2 -1.2 PPC

rsync rsync 2.3.2 -1.2 intel

rsync rsync 2.4 .0

rsync rsync 2.4.1

rsync rsync 2.4.3

rsync rsync 2.4.4

rsync rsync 2.4.5

rsync rsync 2.4.6

rsync rsync 2.4.8

rsync rsync 2.5 .0

rsync rsync 2.5.1

rsync rsync 2.5.2

rsync rsync 2.5.3

rsync rsync 2.5.4

rsync rsync 2.5.5

rsync rsync 2.5.6

rsync rsync 2.5.7

rsync rsync 2.6

rsync rsync 2.6.1

rsync rsync 2.6.2

rsync rsync 2.6.5

rsync rsync 2.6.5

rsync rsync 2.6.6

rsync rsync 2.6.7

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站