FreeBSD 'telnetd'守护进程远程缓冲区溢出漏洞

CVE编号

CVE-2011-4862

利用情况

暂无

补丁情况

官方补丁

披露时间

2011-12-25

漏洞描述

FreeBSD是一款基于BSD的操作系统。FreeBSD Telnet协议有一个对数据流进行加密的机制(但其加密性不强，不能在任何关键性安全应用上使用)。当通过TELNET协议提供加密密钥时，在拷贝密钥到固定缓冲区时没有对其长度进行校验，可触发缓冲区溢出。能连接telnetd守护程序的攻击者可以以守护进程上下文执行任意代码。

解决建议

用户可参考如下供应商提供的安全公告获得补丁：http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc

参考链接
http://archives.neohapsis.com/archives/bugtraq/2011-12/0172.html
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=665f1e73cdd9b38e2d2...
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006117.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006118.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006119.html
http://lists.freebsd.org/pipermail/freebsd-security/2011-December/006120.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html
http://osvdb.org/78020
http://secunia.com/advisories/46239
http://secunia.com/advisories/47341
http://secunia.com/advisories/47348
http://secunia.com/advisories/47357
http://secunia.com/advisories/47359
http://secunia.com/advisories/47373
http://secunia.com/advisories/47374
http://secunia.com/advisories/47397
http://secunia.com/advisories/47399
http://secunia.com/advisories/47441
http://security.freebsd.org/advisories/FreeBSD-SA-11:08.telnetd.asc
http://security.freebsd.org/patches/SA-11:08/telnetd.patch
http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2011-008.txt
http://www.debian.org/security/2011/dsa-2372
http://www.debian.org/security/2011/dsa-2373
http://www.debian.org/security/2011/dsa-2375
http://www.exploit-db.com/exploits/18280/
http://www.mandriva.com/security/advisories?name=MDVSA-2011:195
http://www.redhat.com/support/errata/RHSA-2011-1851.html
http://www.redhat.com/support/errata/RHSA-2011-1852.html
http://www.redhat.com/support/errata/RHSA-2011-1853.html
http://www.redhat.com/support/errata/RHSA-2011-1854.html
http://www.securitytracker.com/id?1026460
http://www.securitytracker.com/id?1026463
https://exchange.xforce.ibmcloud.com/vulnerabilities/71970

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	h5l	heimdal	*		Up to (including) 1.5.1
	运行在以下环境
	应用	mit	krb5-appl	*		Up to (including) 1.02
	运行在以下环境
	系统	centos_5	heimdal	*		Up to (excluding) 1.6.1-63.el5_7
	运行在以下环境
	系统	centos_5	inetutils	*		Up to (excluding) 1.6.1-63.el5_7
	运行在以下环境
	系统	centos_5	krb5	*		Up to (excluding) 1.6.1-63.el5_7
	运行在以下环境
	系统	centos_6	heimdal	*		Up to (excluding) 1.0.1-7.el6_2
	运行在以下环境
	系统	centos_6	inetutils	*		Up to (excluding) 1.0.1-7.el6_2
	运行在以下环境
	系统	centos_6	krb5	*		Up to (excluding) 1.0.1-7.el6_2
	运行在以下环境
	系统	debian_5.0	heimdal	*		Up to (excluding) 1.2.dfsg.1-2.1+lenny1
	运行在以下环境
	系统	debian_5.0	inetutils	*		Up to (excluding) 1.2.dfsg.1-2.1+lenny1
	运行在以下环境
	系统	debian_5.0	krb5	*		Up to (excluding) 1.2.dfsg.1-2.1+lenny1
	运行在以下环境
	系统	debian_6	heimdal	*		Up to (excluding) 1.4.0~git20100726.dfsg.1-2+squeeze1
	运行在以下环境
	系统	debian_6	inetutils	*		Up to (excluding) 1.4.0~git20100726.dfsg.1-2+squeeze1
	运行在以下环境
	系统	debian_6	krb5	*		Up to (excluding) 1.4.0~git20100726.dfsg.1-2+squeeze1
	运行在以下环境
	系统	opensuse_11.3	heimdal	*		Up to (excluding) 1.0-4.5.1
	运行在以下环境
	系统	opensuse_11.3	inetutils	*		Up to (excluding) 1.0-4.5.1
	运行在以下环境
	系统	opensuse_11.3	krb5	*		Up to (excluding) 1.0-4.5.1
	运行在以下环境
	系统	opensuse_11.4	heimdal	*		Up to (excluding) 1.0-7.12.1
	运行在以下环境
	系统	opensuse_11.4	inetutils	*		Up to (excluding) 1.0-7.12.1
	运行在以下环境
	系统	opensuse_11.4	krb5	*		Up to (excluding) 1.0-7.12.1
	运行在以下环境
	系统	oracle_5	heimdal	*		Up to (excluding) 1.6.1-63.el5_7
	运行在以下环境
	系统	oracle_5	inetutils	*		Up to (excluding) 1.6.1-63.el5_7
	运行在以下环境
	系统	oracle_5	krb5	*		Up to (excluding) 1.6.1-63.el5_7
	运行在以下环境
	系统	oracle_6	heimdal	*		Up to (excluding) 1.0.1-7.el6_2
	运行在以下环境
	系统	oracle_6	inetutils	*		Up to (excluding) 1.0.1-7.el6_2
	运行在以下环境
	系统	oracle_6	krb5	*		Up to (excluding) 1.0.1-7.el6_2

攻击路径远程
攻击复杂度复杂
权限要求无需权限
影响范围有限影响
EXP成熟度未验证
补丁情况官方补丁
数据保密性数据泄露
数据完整性传输被破坏
服务器危害服务器失陷
全网数量 N/A

CWE-ID 漏洞类型 CWE-119 内存缓冲区边界内操作的限制不恰当 CWE-120 未进行输入大小检查的缓冲区拷贝（传统缓冲区溢出）

正文

FreeBSD 'telnetd'守护进程远程缓冲区溢出漏洞

漏洞描述

解决建议

参考链接

受影响软件情况

相关阅读

IBM Jazz Reporting Service-Rational-CLM安全绕过管理任务执行漏洞

IBM Tivoli Federated Identity Manager up to 6.2.2 FP15 跨站脚本攻击

IBM WebSphere MQ Light拒绝服务漏洞

IBM Security Network Protection GSKit信息泄露漏洞

发表评论取消回复

还没有评论，来说两句吧...

目录[+]