CVE编号
CVE-2008-1720利用情况
暂无补丁情况
没有补丁披露时间
2008-04-11漏洞描述
启用扩展属性(xattr)支持的rsync 2.6.9至3.0.1中的缓冲区溢出,可能允许远程攻击者通过未知向量执行任意代码。解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
参考链接 |
|
|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html | |
| http://marc.info/?l=bugtraq&m=125017764422557&w=2 | |
| http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff | |
| http://samba.anu.edu.au/rsync/security.html#s3_0_2 | |
| http://secunia.com/advisories/29668 | |
| http://secunia.com/advisories/29770 | |
| http://secunia.com/advisories/29777 | |
| http://secunia.com/advisories/29781 | |
| http://secunia.com/advisories/29788 | |
| http://secunia.com/advisories/29856 | |
| http://secunia.com/advisories/29861 | |
| http://security.gentoo.org/glsa/glsa-200804-16.xml | |
| http://sourceforge.net/project/shownotes.php?release_id=591462&group_id=69227 | |
| http://www.debian.org/security/2008/dsa-1545 | |
| http://www.mail-archive.com/[email protected]/msg00057.html | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:084 | |
| http://www.osvdb.org/44368 | |
| http://www.osvdb.org/44369 | |
| http://www.securityfocus.com/bid/28726 | |
| http://www.securitytracker.com/id?1019835 | |
| http://www.vupen.com/english/advisories/2008/1191/references | |
| http://www.vupen.com/english/advisories/2008/1215/references | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/41766 | |
| https://usn.ubuntu.com/600-1/ | |
| https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00237.html | |
| https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00247.html |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.6.9 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.7.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.7.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.7.2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.7.3 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.7.4 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.7.5 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.7.6 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.7.7 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.7.8 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.7.9 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.8.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.8.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.8.2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.8.3 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.8.4 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.8.5 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.8.6 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.8.7 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.8.8 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.8.9 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.9.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.9.1 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.9.2 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.9.3 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.9.4 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.9.5 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.9.6 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.9.7 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.9.8 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 2.9.9 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 3.0.0 | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | samba | rsync | 3.0.1 | - | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_4.0 | rsync | * |
Up to (excluding) 2.6.9-2etch2 |
|||||
- 攻击路径 远程
- 攻击复杂度 N/A
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 没有补丁
- 数据保密性 N/A
- 数据完整性 传输被破坏
- 服务器危害 无影响
- 全网数量 N/A
还没有评论,来说两句吧...