CVE-2006-3125
CVSS7.5
发布时间 :2006-08-31 17:04:00
修订时间 :2008-09-05 17:06:18
NMCOPS    

[原文]Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows remote attackers to execute arbitrary code via a packet specifying a negative number of players, which is used as an array index.


[CNNVD]GTetrinet tetrinet.c程序数组索引错误漏洞(CNNVD-200608-505)

        gtetrinet 0.7.8及早期版本的tetrinet.c程序存在数组索引错误,远程攻击者可借助将玩家数指定为负数的数据包来执行任意代码。而玩家数会被用于数组索引。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3125
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3125
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200608-505
(官方数据源) CNNVD

- 其它链接及资源

http://www.debian.org/security/2006/dsa-1163
(PATCH)  DEBIAN  DSA-1163
http://security.gentoo.org/glsa/glsa-200609-02.xml
(PATCH)  GENTOO  GLSA-200609-02
http://secunia.com/advisories/21800
(VENDOR_ADVISORY)  SECUNIA  21800
http://secunia.com/advisories/21704
(VENDOR_ADVISORY)  SECUNIA  21704
http://xforce.iss.net/xforce/xfdb/28683
(UNKNOWN)  XF  gtetrinet-array-indexing-code-execution(28683)
http://www.securityfocus.com/bid/19766
(UNKNOWN)  BID  19766
http://www.novell.com/linux/security/advisories/2006_21_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:021
http://secunia.com/advisories/21691
(VENDOR_ADVISORY)  SECUNIA  21691
http://www.osvdb.org/28269
(UNKNOWN)  OSVDB  28269
http://secunia.com/advisories/21749
(UNKNOWN)  SECUNIA  21749

- 漏洞信息

GTetrinet tetrinet.c程序数组索引错误漏洞
高危 资料不足
2006-08-31 00:00:00 2006-09-15 00:00:00
远程  
        gtetrinet 0.7.8及早期版本的tetrinet.c程序存在数组索引错误,远程攻击者可借助将玩家数指定为负数的数据包来执行任意代码。而玩家数会被用于数组索引。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        GTetrinet GTetrinet 0.7.8
        Debian gtetrinet_0.7.8-1sarge2_alpha.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_alpha.deb
        Debian gtetrinet_0.7.8-1sarge2_amd64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_amd64.deb
        Debian gtetrinet_0.7.8-1sarge2_arm.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_arm.deb
        Debian gtetrinet_0.7.8-1sarge2_hppa.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_hppa.deb
        Debian gtetrinet_0.7.8-1sarge2_i386.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_i386.deb
        Debian gtetrinet_0.7.8-1sarge2_ia64.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_ia64.deb
        Debian gtetrinet_0.7.8-1sarge2_m68k.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_m68k.deb
        Debian gtetrinet_0.7.8-1sarge2_mips.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_mips.deb
        Debian gtetrinet_0.7.8-1sarge2_mipsel.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_mipsel.deb
        Debian gtetrinet_0.7.8-1sarge2_powerpc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_powerpc.deb
        Debian gtetrinet_0.7.8-1sarge2_s390.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_s390.deb
        Debian gtetrinet_0.7.8-1sarge2_sparc.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7 .8-1sarge2_sparc.deb
        

- 漏洞信息 (F49685)

Debian Linux Security Advisory 1163-1 (PacketStormID:F49685)
2006-09-07 00:00:00
Debian  debian.org
advisory,arbitrary
linux,debian
CVE-2006-3125
[点击下载]

Debian Security Advisory 1163-1 - Michael Gehring discovered several potential out-of-bounds index accesses in gtetrinet, a multiplayer Tetris-like game, which may allow a remove server to execute arbitrary code.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1163-1                    security@debian.org
http://www.debian.org/security/                             Martin Schulze
August 30th, 2006                       http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gtetrinet
Vulnerability  : programming error
Problem type   : remote
Debian-specific: no
CVE ID         : CVE-2006-3125

Michael Gehring discovered several potential out-of-bounds index
accesses in gtetrinet, a multiplayer Tetris-like game, which may allow
a remove server to execute arbitrary code.

For the stable distribution (sarge) these problems have been fixed in
version 0.7.8-1sarge2.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your gtetrinet package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given at the end of this advisory:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2.dsc
      Size/MD5 checksum:     1458 f0e79e08b32da17b7fec81953058bfd6
    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2.diff.gz
      Size/MD5 checksum:     6536 8e5ec47971abaefe25c81eddbd08df03
    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8.orig.tar.gz
      Size/MD5 checksum:   513790 bff5b52ead863ac2ac859880abbab2c4

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_alpha.deb
      Size/MD5 checksum:   305500 ada4429dedbe5c2a6481e2a0a7c2b8aa

  AMD64 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_amd64.deb
      Size/MD5 checksum:   295034 657a0a323a479444ed04becdd494726d

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_arm.deb
      Size/MD5 checksum:   289166 7fceb7b8fd84d2e4e4792222e1ea74bf

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_i386.deb
      Size/MD5 checksum:   291430 8e395773c184dfdb379342fc3805e9ce

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_ia64.deb
      Size/MD5 checksum:   316198 76659d5ee5072dfb30c58d9967239936

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_hppa.deb
      Size/MD5 checksum:   297686 c55008b4d7d679311a41a331cd3fc437

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_m68k.deb
      Size/MD5 checksum:   284212 9b70187f40dac186929be12f38c900dc

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_mips.deb
      Size/MD5 checksum:   291736 9a30091ac2ab35a65bb4f0689dca0705

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_mipsel.deb
      Size/MD5 checksum:   290484 1fc68ebb2e3ea41326500e6394c41a6e

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_powerpc.deb
      Size/MD5 checksum:   293458 8b005ce2049acc89205c9aa74dd3fc4f

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_s390.deb
      Size/MD5 checksum:   295194 2fc0597edcad6cc1af5d7b08c734ae08

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gtetrinet/gtetrinet_0.7.8-1sarge2_sparc.deb
      Size/MD5 checksum:   289322 e944d44ed1aa2e9ae32d9d8571affd33


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE9aDTW5ql+IAeqTIRAsueAKCY2HDPMsy7JRPI6QsBZBEJDDoD0QCfblE2
jQ1NIFLKDlHpIpdBCxxa3RE=
=WMbc
-----END PGP SIGNATURE-----

    

- 漏洞信息

28269
GTetrinet pnum Multiple Array Indexing Remote Code Execution
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

GTetrinet contains multiple flaws related to out-of-bounds array indexing that may allow an attacker to execute arbitrary code. The flaw exists in tetrinet.c, where a remote attacker may specify a negative number of players, which is used as an array index.

- 时间线

2006-08-30 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.7.10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

GTetrinet Index Out of Bounds Unspecified Remote Code Execution Vulnerability
Unknown 19766
Yes No
2006-08-30 12:00:00 2006-10-24 06:53:00
Michael Gehring is credited with discovering this vulnerability.

- 受影响的程序版本

SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise Desktop 10
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Office Server
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Database Server 0
S.u.S.E. Linux Connectivity Server
GTetrinet GTetrinet 0.7.8
GTetrinet GTetrinet 0.4.4
GTetrinet GTetrinet 0.4.3
GTetrinet GTetrinet 0.4.2
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
GTetrinet GTetrinet 0.4.1
+ Debian Linux 3.0
GTetrinet GTetrinet 0.4
Gentoo Linux
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1

- 漏洞讨论

GTetrinet is prone to an unspecified remote vulnerability. This issue is reportedly due to multiple out-of-bounds index-access flaws.

A remote attacker may exploit this issue to execute arbitrary machine code on the affected computer with the privileges of the user running the vulnerable application.

Very little information is currently available on this vulnerability. This BID will be updated as more information becomes available.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com

- 解决方案

mailto:vuldb@securityfocus.comThird-party vendor security updates have been released to address this issue. Please see the referenced advisories for more information.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.


GTetrinet GTetrinet 0.7.8

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站