正文

RedHat Linux ping缓冲区溢出漏洞

admin
admin V管理员 /0 评论 /10 阅读
1230
此篇文章发布距今已超过1239天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

RedHat Linux ping缓冲区溢出漏洞

  • CNNVD编号:CNNVD-200010-004
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2000-1214
  • 漏洞类型: 缓冲区溢出
  • 发布时间: 2000-10-18
  • 威胁类型: 本地
  • 更新时间: 2006-09-15
  • 厂        商: redhat
  • 漏洞来源: This was first pub...

漏洞简介

分配在Red Hat Linux 6.2至7J和其他操作系统中iputils 20001010之前版本的(1)outpack或者(2)buf多变的ping存在缓冲区溢出漏洞。本地用户利用该漏洞提升特权。

漏洞公告

RedHat has released fixed packages. Trustix recently released several updated packages: iputils: Fixes serveral problems in ping including a buffer overflow. gnupg: Fixed a serious bug which could lead to false signature verification results when more than one signature is fed to gpg. ypbind: Local root exploit. Linux ypbind Users of TSL 1.0x and 1.1 that worry about local security should definitely upgrade. MD5sums: 9e2bbf3ddd728da4cbab3ece1ba390b7 gnupg-1.0.4-2tr.i586.rpm 43d503eb306f202c794ca064980574ad iputils-20001011-1tr.i586.rpm 8625657f6edea52b88e0cff1dfff4bb4 ypbind-3.3-29tr.i586.rpm Get them at: ftp://ftp.trustix.com/pub/Trustix/updates/1.1/RPMS/ or http://www.trustix.net/download/Trustix/updates/1.1/RPMS/ Wirex has also released an upgrade to fix this problem for Immunix OS 6.2. RedHat iputils-20000418-6.i386.rpm

  • Red Hat Inc. 7.0 i386 iputils-20001010-1.i386.rpm ftp://updates.redhat.com/7.0/i386/iputils-20001010-1.i386.rpm
RedHat iputils-20000121-2.i386.rpm
  • Red Hat Inc. 6.2 i386 iputils-20001010-1.6x.i386.rpm ftp://updates.redhat.com/6.2/i386/iputils-20001010-1.6x.i386.rpm
RedHat Linux 6.2 sparc
  • Red Hat Inc. 6.2 sparc iputils-20001010-1.6x.sparc.rpm ftp://updates.redhat.com/6.2/sparc/iputils-20001010-1.6x.sparc.rpm
RedHat Linux 6.2 i386
  • Red Hat Inc. 6.2 i386 iputils-20001010-1.6x.i386.rpm ftp://updates.redhat.com/6.2/i386/iputils-20001010-1.6x.i386.rpm
RedHat Linux 6.2 alpha
  • Red Hat Inc. 6.2 alpha iputils-20001010-1.6x.alpha.rpm ftp://updates.redhat.com/6.2/alpha/iputils-20001010-1.6x.alpha.rpm
RedHat Linux 7.0
  • Red Hat Inc. 7.0 i386 iputils-20001010-1.i386.rpm ftp://updates.redhat.com/7.0/i386/iputils-20001010-1.i386.rpm

参考网址

来源: REDHAT 名称: RHSA-2000:087 链接:http://www.redhat.com/support/errata/RHSA-2000-087.html 来源: XF 名称: ping-buf-bo(5431) 链接:http://www.iss.net/security_center/static/5431.php 来源: BUGTRAQ 名称: 20001025 Immunix OS Security Update for ping package 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=97249980727834&w=2 来源: BID 名称: 1813 链接:http://www.securityfocus.com/bid/1813 来源: BUGTRAQ 名称: 20001020 Re: [RHSA-2000:087-02] Potential security problems in ping fixed. 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=97208562830613&w=2 来源: BUGTRAQ 名称: 20001030 Trustix Security Advisory - ping gnupg ypbind 链接:http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html

受影响实体

  • Redhat Linux:7.0  
    <!--
    2000-1-1
    -->
  • Redhat Linux:6.2:Sparc  
    <!--
    2000-1-1
    -->
  • Redhat Linux:6.2:I386  
    <!--
    2000-1-1
    -->
  • Redhat Linux:6.2:Alpha  
    <!--
    2000-1-1
    -->

补丁

    暂无