正文

Midnight Commander释放未分配内存拒绝服务漏洞

admin
admin V管理员 /0 评论 /8 阅读
1231
此篇文章发布距今已超过1275天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Midnight Commander释放未分配内存拒绝服务漏洞

  • CNNVD编号:CNNVD-200504-041
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2004-1092
  • 漏洞类型: 资料不足
  • 发布时间: 2005-04-14
  • 威胁类型: 远程
  • 更新时间: 2005-10-20
  • 厂        商: turbolinux
  • 漏洞来源: Discovery is credi...

漏洞简介

Midnight Commander 是 Unix系统上流行的文件管理工具,类似MS-DOS里的PcTools。 Midnight commander (mc) 4.5.55及之前版本使得远程攻击者可以通过致使mc释放未分配内容从而发起拒绝服务攻击。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Debian Linux 3.0 s/390 Debian gmc_4.5.55-1.2woody5_s390.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _s390.deb Debian mc-common_4.5.55-1.2woody5_s390.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_s390.deb Debian mc_4.5.55-1.2woody5_s390.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ s390.deb Debian Linux 3.0 alpha Debian gmc_4.5.55-1.2woody5_alpha.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _alpha.deb Debian mc-common_4.5.55-1.2woody5_alpha.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_alpha.deb Debian mc_4.5.55-1.2woody5_alpha.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ alpha.deb Debian Linux 3.0 mips Debian gmc_4.5.55-1.2woody5_mips.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _mips.deb Debian mc-common_4.5.55-1.2woody5_mips.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_mips.deb Debian mc_4.5.55-1.2woody5_mips.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ mips.deb Debian Linux 3.0 mipsel Debian gmc_4.5.55-1.2woody5_mipsel.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _mipsel.deb Debian mc-common_4.5.55-1.2woody5_mipsel.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_mipsel.deb Debian mc_4.5.55-1.2woody5_mipsel.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ mipsel.deb Debian Linux 3.0 m68k Debian gmc_4.5.55-1.2woody5_m68k.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _m68k.deb Debian mc-common_4.5.55-1.2woody5_m68k.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_m68k.deb Debian mc_4.5.55-1.2woody5_m68k.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ m68k.deb Debian Linux 3.0 hppa Debian gmc_4.5.55-1.2woody5_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _hppa.deb Debian mc-common_4.5.55-1.2woody5_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_hppa.deb Debian mc_4.5.55-1.2woody5_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ hppa.deb Debian Linux 3.0 arm Debian gmc_4.5.55-1.2woody5_arm.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _arm.deb Debian mc-common_4.5.55-1.2woody5_arm.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_arm.deb Debian mc_4.5.55-1.2woody5_arm.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ arm.deb Debian Linux 3.0 sparc Debian gmc_4.5.55-1.2woody5_sparc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _sparc.deb Debian mc-common_4.5.55-1.2woody5_sparc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_sparc.deb Debian mc_4.5.55-1.2woody5_sparc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ sparc.deb Debian Linux 3.0 ia-64 Debian gmc_4.5.55-1.2woody5_ia64.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _ia64.deb Debian mc-common_4.5.55-1.2woody5_ia64.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_ia64.deb Debian mc_4.5.55-1.2woody5_ia64.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ ia64.deb Debian Linux 3.0 ppc Debian gmc_4.5.55-1.2woody5_powerpc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _powerpc.deb Debian mc-common_4.5.55-1.2woody5_powerpc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_powerpc.deb Debian mc_4.5.55-1.2woody5_powerpc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ powerpc.deb Debian Linux 3.0 ia-32 Debian gmc_4.5.55-1.2woody5_i386.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _i386.deb Debian mc-common_4.5.55-1.2woody5_i386.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_i386.deb Debian mc_4.5.55-1.2woody5_i386.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ i386.deb Midnight Commander Midnight Commander 4.5.54 TurboLinux mc-4.5.54-7.i586.rpm ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/mc-4.5.54-7.i586.rpm TurboLinux mc-4.5.54-7.i586.rpm ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/mc-4.5.54-7.i586.rpm TurboLinux mc-4.5.54-7.i586.rpm ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/mc-4.5.54-7.i586.rpm TurboLinux mc-4.5.54-7.i586.rpm ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/mc-4.5.54-7.i586.rpm Midnight Commander Midnight Commander 4.5.55 SuSE mc-4.5.55-762.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mc-4.5.55-762.i58 6.rpm Midnight Commander Midnight Commander 4.6 SuSE mc-4.6.0-324.10.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mc-4.6.0-324.10.i 586.rpm SuSE mc-4.6.0-324.10.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mc-4.6.0-324. 10.x86_64.rpm SuSE mc-4.6.0-332.2.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mc-4.6.0-332.2.i5 86.rpm SuSE mc-4.6.0-332.2.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/mc-4.6.0-332. 2.x86_64.rpm SuSE mc-4.6.0-336.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mc-4.6.0-336.i586 .rpm SuSE mc-4.6.0-336.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mc-4.6.0-336. x86_64.rpm

参考网址

来源: DEBIAN 名称: DSA-639 链接:http://www.debian.org/security/2005/dsa-639 来源: SECUNIA 名称: 13863 链接:http://secunia.com/advisories/13863/ 来源: XF 名称: midnight-commander-memory-allocation(18904) 链接:http://xforce.iss.net/xforce/xfdb/18904 来源: GENTOO 名称: GLSA-200502-24 链接:http://www.gentoo.org/security/en/glsa/glsa-200502-24.xml

受影响实体

  • Turbolinux Turbolinux_workstation:8.0  
    <!--
    2000-1-1
    -->
  • Turbolinux Turbolinux_workstation:7.0  
    <!--
    2000-1-1
    -->
  • Turbolinux Turbolinux_server:8.0  
    <!--
    2000-1-1
    -->
  • Turbolinux Turbolinux_server:7.0  
    <!--
    2000-1-1
    -->

补丁

    暂无