正文

windowmaker 缓冲区溢出代码执行漏洞

admin
admin V管理员 /0 评论 /6 阅读
0413
此篇文章发布距今已超过1165天,您需要注意文章的内容或图片是否可用!

CVE编号

CVE-2002-1277

利用情况

暂无

补丁情况

官方补丁

披露时间

2002-11-12
漏洞描述
Window Maker(wmaker)0.80.0及更早版本中的缓冲区溢出可能允许远程攻击者通过某个图像文件执行任意代码,当Window Maker使用宽度和高度信息来分配缓冲区时,该文件未正确处理。
解决建议
Conectiva---------Conectiva已经为此发布了一个安全公告(CLA-2002:548)以及相应补丁:CLA-2002:548:windowmaker链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548补丁下载:ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/WindowMaker-0.62.1-13U60_2cl.src.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/WindowMaker-0.62.1-13U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/6.0/RPMS/WindowMaker-devel-0.62.1-13U60_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/SRPMS/WindowMaker-0.65.1-2U70_2cl.src.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-0.65.1-2U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-devel-0.65.1-2U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-devel-static-0.65.1-2U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-doc-0.65.1-2U70_2cl.i386.rpmftp://atualizacoes.conectiva.com.br/8/SRPMS/WindowMaker-0.80.0-3U80_1cl.src.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-0.80.0-3U80_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-devel-0.80.0-3U80_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-devel-static-0.80.0-3U80_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-doc-0.80.0-3U80_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-2.2.0-13U80_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-devel-2.2.0-13U80_1cl.i386.rpmftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-devel-static-2.2.0-13U80_1cl.i386.rpmConectiva Linux version 6.0及以上版本的用户可以使用apt进行RPM包的更新:- 把以下的文本行加入到/etc/apt/sources.list文件中:rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates(如果你不是使用6.0版本,用合适的版本号代替上面的6.0)- 执行: apt-get update- 更新以后,再执行: apt-get upgradeDebian------Debian已经为此发布了一个安全公告(DSA-190-1)以及相应补丁:DSA-190-1:buffer overflow in Window Maker链接:http://www.debian.org/security/2002/dsa-190补丁下载:Source archives:http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0.orig.tar.gzSize/MD5 checksum: 2452207 0768a12edff35cba82e769fcbc8de430http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.diff.gzSize/MD5 checksum: 323198 c1a49502d07e18044d2e1b579c7144fbhttp://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.dscSize/MD5 checksum: 1463 81ac44a6b0ea1dedc49834f35e5bfb51alpha architecture (DEC Alphahttp://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_alpha.debSize/MD5 checksum: 2292278 015fa329febee7722ace1d233989c5b0http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_alpha.debSize/MD5 checksum: 448638 642310838f93352e6461ba73d28ad178http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_alpha.debSize/MD5 checksum: 124220 7614f26566c44ce413e5ca05e8f3e146http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_alpha.debSize/MD5 checksum: 60026 e74d2e084ac969d1ea7d349140d2721ehttp://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_alpha.debSize/MD5 checksum: 108778 400114e0b4d35b37d573efee840e6e73arm architecture (ARMhttp://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_arm.debSize/MD5 checksum: 340944 9d611e16b7b35ed5985f037a4f8f5635http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_arm.debSize/MD5 checksum: 107852 23a35885f237a23b733ef105438761aahttp://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_arm.debSize/MD5 checksum: 2068456 aa0f4630de38323faf835cf4f965b7fehttp://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_arm.debSize/MD5 checksum: 59220 e334af4dad5edcc5cd1c1ac4e8cbefebhttp://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_arm.debSize/MD5 checksum: 95684 3a468466a4223b14b8f3b43acab410dehppa architecture (HP PA RISChttp://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_hppa.debSize/MD5 checksum: 2189302 ef8befcc5bba64f0599f082569d56958http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_hppa.debSize/MD5 checksum: 117434 10303109fd46a2e3b0dc54e422d73bc8http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_hppa.debSize/MD5 checksum: 104508 e7d881619da171e82a796aede8d71dbahttp://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_hppa.debSize/MD5 checksum: 59880 26a96fa9a6422861ec56f2207e40dd92http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_hppa.debSize/MD5 checksum: 395706 9ca65c6d9892555c3b169e9fe96af82bi386 architecture (Intel ia32http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_i386.debSize/MD5 checksum: 58934 1e1ea0a1dbc7fbf0110aa729e98dd8adhttp://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_i386.debSize/MD5 checksum: 100986 982412044d618f6d93e8b60f48016329http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_i386.debSize/MD5 checksum: 2035984 0677927edc56824f2d38237c875ec76ahttp://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_i386.debSize/MD5 checksum: 93466 c7ff10540e773703762acc2c4b69a338http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_i386.debSize/MD5 checksum: 305248 91159acc6ae18dbb5e53c3ac3cbfe765ia64 architecture (Intel ia64http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_ia64.debSize/MD5 checksum: 133780 08e0e30df9f399ade6f6c6774b03069chttp://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_ia64.debSize/MD5 checksum: 2557644 91951626efc89ffc244391bd1d11256ehttp://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_ia64.debSize/MD5 checksum: 61228 bd1adfd645260243a4ba046f61045534http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_ia64.debSize/MD5 checksum: 122830 0d7b69562e8c700f5ee78a1fed0047echttp://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_ia64.debSize/MD5 checksum: 494558 e41935522601cc2e90e39d7393c346c9m68k architecture (Motorola Mc680x0http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_m68k.debSize/MD5 checksum: 91402 1165b0a8fadf4e457df9e2603b01b98fhttp://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_m68k.debSize/MD5 checksum: 293348 f07a355b3bb9c861c85fa748031e4ecehttp://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_m68k.debSize/MD5 checksum: 58924 20fed2a566ffc90e1153a2140aafa1b6http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_m68k.debSize/MD5 checksum: 97888 bec514f995c629145171f6002399b18fhttp://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_m68k.debSize/MD5 checksum: 1977478 b502aacb81c5a368cd1b506168758357mips architecture (MIPS (Big Endianhttp://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_mips.debSize/MD5 checksum: 386242 f74242056c3371b73040b2e4f0ede9a4http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_mips.debSize/MD5 checksum: 97494 1c3e38459edb247524ab8af00fbf46bdhttp://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_mips.debSize/MD5 checksum: 2169890 d42c7f5bf61b2a4f7972b5f2daf3ccb2http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_mips.debSize/MD5 checksum: 113006 ec763a7c2f7122a8664ac316ec90a25bhttp://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_mips.debSize/MD5 checksum: 59998 0b046f3d3dc66851eb06dce2b39eeeafpowerpc architecture (PowerPChttp://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_powerpc.debSize/MD5 checksum: 110198 b048be171736c11d8460c5cb8bd70d9fhttp://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_powerpc.debSize/MD5 checksum: 2080496 9bc6d5cd6dc38cf4d807b7f19806120fhttp://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_powerpc.debSize/MD5 checksum: 59360 1bd0d211921282ce8b92b339b6a9c82fhttp://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_powerpc.debSize/MD5 checksum: 349716 97360ccc35c0ac9381408ba11171e480http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_powerpc.debSize/MD5 checksum: 97058 45798aab8fd1548886971c9e1de8e986s390 architecture (IBM S/390http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_s390.debSize/MD5 checksum: 2054012 ea1f2c7c787421b75350253dfc02d204http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0补丁安装方法:1. 手工安装补丁包:首先,使用下面的命令来下载补丁软件:# wget url (url是补丁下载链接地址然后,使用下面的命令来安装补丁:# dpkg -i file.deb (file是相应的补丁名2. 使用apt-get自动安装补丁包:首先,使用下面的命令更新内部数据库:# apt-get update然后,使用下面的命令安装更新软件包:# apt-get upgrade
参考链接
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548
http://www.debian.org/security/2002/dsa-190
http://www.iss.net/security_center/static/10560.php
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-085.php
http://www.redhat.com/support/errata/RHSA-2003-009.html
http://www.redhat.com/support/errata/RHSA-2003-043.html
http://www.securityfocus.com/bid/6119
受影响软件情况
# 类型 厂商 产品 版本 影响面
1
运行在以下环境
应用 windowmaker windowmaker 0.20.1.3 -
运行在以下环境
应用 windowmaker windowmaker 0.52.2 -
运行在以下环境
应用 windowmaker windowmaker 0.53 -
运行在以下环境
应用 windowmaker windowmaker 0.61 -
运行在以下环境
应用 windowmaker windowmaker 0.61.1 -
运行在以下环境
应用 windowmaker windowmaker 0.62 -
运行在以下环境
应用 windowmaker windowmaker 0.62.1 -
运行在以下环境
应用 windowmaker windowmaker 0.63 -
运行在以下环境
应用 windowmaker windowmaker 0.63.1 -
运行在以下环境
应用 windowmaker windowmaker 0.64 -
运行在以下环境
应用 windowmaker windowmaker 0.65 -
运行在以下环境
应用 windowmaker windowmaker 0.80 -
运行在以下环境
系统 debian_3.0 wmaker * Up to
(excluding)
0.80.0-4.1
阿里云评分 3.6
  • 攻击路径 远程
  • 攻击复杂度 容易
  • 权限要求 无需权限
  • 影响范围 有限影响
  • EXP成熟度 未验证
  • 补丁情况 官方补丁
  • 数据保密性 无影响
  • 数据完整性 传输被破坏
  • 服务器危害 无影响
  • 全网数量 N/A
CWE-ID 漏洞类型 NVD-CWE-Other