正文

bzip2 资源管理错误漏洞

admin
admin V管理员 /0 评论 /4 阅读
1231
此篇文章发布距今已超过1284天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

bzip2 资源管理错误漏洞

  • CNNVD编号:CNNVD-200505-1122
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2005-1260
  • 漏洞类型: 资源管理错误
  • 发布时间: 2005-04-01
  • 威胁类型: 远程
  • 更新时间: 2020-11-17
  • 厂        商: ubuntu
  • 漏洞来源: The discoverer of ...

漏洞简介

bzip2是一款开源的压缩/解压缩应用程序。

bzip2 存在资源管理错误漏洞,该漏洞允许远程攻击者通过一个可造成无限循环的特制bzip2文件发起拒绝服务攻击(硬盘损耗),(又称为\"解压炸弹\")。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Sun Solaris 10.0

Sun Solaris 10 SPARC platform patch 126868-01

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -126868-01-1

Turbolinux Appliance Server 1.0 Workgroup Edition

Turbolinux bzip2-1.0.2-8.i586.rpm

Turbolinux Appliance Server 1.0 Workgroup Edition

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux bzip2-devel-1.0.2-8.i586.rpm

Turbolinux Appliance Server 1.0 Workgroup Edition

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

IPCop IPCop 1.4.1

IPCop IPCop 1.4.8

http://sourceforge.net/project/showfiles.php?group_id=40604&package_id =35093&release_id=351848

MandrakeSoft Linux Mandrake 10.0 AMD64

Mandriva bzip2-1.0.2-17.1.100mdk.amd64.rpm

Mandrakelinux 10.0/AMD64:

http://www.mandriva.com/en/download

Mandriva bzip2-1.0.2-17.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:

http://www.mandriva.com/en/download

Mandriva lib64bzip2_1-1.0.2-17.1.100mdk.amd64.rpm

Mandrakelinux 10.0/AMD64:

http://www.mandriva.com/en/download

Mandriva lib64bzip2_1-devel-1.0.2-17.1.100mdk.amd64.rpm

Mandrakelinux 10.0/AMD64:

http://www.mandriva.com/en/download

Turbolinux Turbolinux Server 10.0

Turbolinux bzip2-1.0.2-8.i586.rpm

Turbolinux 10 Server

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/bzip2-1.0.2-8.i586.rpm

Turbolinux bzip2-devel-1.0.2-8.i586.rpm

Turbolinux 10 Server

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/bzip2-devel-1.0.2-8.i586.rpm

Turbolinux Turbolinux Desktop 10.0

Turbolinux bzip2-1.0.2-8.i586.rpm

Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/bzip2-1.0.2-8.i586.rpm

Turbolinux bzip2-devel-1.0.2-8.i586.rpm

Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/bzip2-devel-1.0.2-8.i586.rpm

MandrakeSoft Linux Mandrake 10.1 x86_64

Mandriva bzip2-1.0.2-20.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:

http://www.mandriva.com/en/download

Mandriva bzip2-1.0.2-20.1.101mdk.x86_64.rpm

Mandrakelinux 10.1/X86_64:

http://www.mandriva.com/en/download

Mandriva lib64bzip2_1-1.0.2-20.1.101mdk.x86_64.rpm

Mandrakelinux 10.1/X86_64:

http://www.mandriva.com/en/download

Mandriva lib64bzip2_1-devel-1.0.2-20.1.101mdk.x86_64.rpm

Mandrakelinux 10.1/X86_64:

http://www.mandriva.com/en/download

Apple Mac OS X 10.4.10

Apple Mac OS X 10.4.11 Combo Update (Intel)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

Apple Mac OS X 10.4.2

Apple Mac OS X 10.4.11 Combo Update (Intel)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

Apple Mac OS X 10.4.3

Apple Mac OS X 10.4.11 Combo Update (Intel)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

Apple Mac OS X 10.4.4

Apple Mac OS X 10.4.11 Combo Update (Intel)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

MandrakeSoft Corporate Server 3.0

Mandriva bzip2-1.0.2-17.1.C30mdk.i586.rpm

Corporate 3.0:

http://www.mandriva.com/en/download

Mandriva bzip2-1.0.2-17.1.C30mdk.src.rpm

Corporate 3.0:

参考网址

来源:SUNALERT

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1

来源:SUNALERT

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1

来源:FEDORA

链接:http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749

来源:BID

链接:https://www.securityfocus.com/bid/26444

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2005-474.html

来源:CONFIRM

链接:http://docs.info.apple.com/article.html?artnum=307041

来源:SECUNIA

链接:http://secunia.com/advisories/19183

来源:BID

链接:https://www.securityfocus.com/bid/13657

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2007/3525

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2007/3868

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700

来源:UBUNTU

链接:https://usn.ubuntu.com/127-1/

来源:SECUNIA

链接:http://secunia.com/advisories/15447

来源:CERT

链接:http://www.us-cert.gov/cas/techalerts/TA07-319A.html

来源:DEBIAN

链接:https://www.debian.org/security/2005/dsa-741

来源:SECUNIA

链接:http://secunia.com/advisories/27643

来源:APPLE

链接:http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

来源:SECUNIA

链接:http://secunia.com/advisories/27274

受影响实体

  • Ubuntu Ubuntu_linux:5.04  
    <!--
    2000-1-1
    -->
  • Ubuntu Ubuntu_linux:4.10  
    <!--
    2000-1-1
    -->

补丁

    暂无