漏洞信息详情
CVS多次Entry已被修改或未被修改标记插入操作堆溢出漏洞
- CNNVD编号:CNNVD-200406-041 <!--
- 危害等级: 高危-->
- 危害等级: 高危
- CVE编号: CVE-2004-0396
- 漏洞类型: 边界条件错误
- 发布时间: 2004-05-19
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: cvs
- 漏洞来源: Stefan Esser※ s.es...
-
漏洞简介
Concurrent Versions System (CVS)是一款使用极为广泛的开放源代码的版本控制软件。 CVS服务器在处理用户提交的给Entry数据打上已被修改或未被修改标记的Is-modified和Unchanged命令时存在问题,远程攻击者可以利用这个漏洞对CVS服务程序进行基于堆的溢出攻击,精心构建提交数据可能以进程权限在系统上执行任意指令。 当客户端发送一条Entry行给服务器,会额外增加字节来标记Entry是否为已被修改的或未被修改的。CVS服务器在处理标记粘附的操作逻辑上存在问题,导致允许插入任意多个\'\'M\'\'字符到用于存放Entry数据的堆缓冲区中。利用malloc() off-by-one利用技术可以触发缓冲区溢出,可能以CVS进程权限在系统上执行任意指令。
漏洞公告
厂商补丁: CVS --- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
CVS Upgrade cvs-1.11.16.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&dlID=489
CVS Upgrade cvs-1.12.8.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&dlID=491 Debian ------ Debian已经为此发布了一个安全公告(DSA-505-1)以及相应补丁:
DSA-505-1:New cvs packages fix remote exploit
链接: http://www.debian.org/security/2002/dsa-505
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4.dsc
Size/MD5 checksum: 693 c4580daf3d02e68bf271c3fc2fa9fe8c
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4.diff.gz
Size/MD5 checksum: 52212 a44f53ccf950679f3257a2f3487220b7
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
Size/MD5 checksum: 2621658 500965ab9702b31605f8c58aa21a6205
Alpha architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_alpha.deb
Size/MD5 checksum: 1178736 503ab302999d5fec9c4cb41f735bc2ab
ARM architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_arm.deb
Size/MD5 checksum: 1105276 8b2536e975a3272b5d10590bd768b6c7
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_i386.deb
Size/MD5 checksum: 1085994 195aa822dbd450bbb3321f17442b3644
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_ia64.deb
Size/MD5 checksum: 1270986 2adee3e24f61234e0c597c55983257df
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_hppa.deb
Size/MD5 checksum: 1147338 e1a7eec47c9f6ca11d342c7a680abd93
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_m68k.deb
Size/MD5 checksum: 1065866 5238933fe0b1d9a9e7e2506cc39d8411
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_mips.deb
Size/MD5 checksum: 1129740 c6e9a932c2bdabbfee51c792d813a439
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_mipsel.deb
Size/MD5 checksum: 1131106 05424d6056d0c9123c88b7e7f6b27f7d
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_powerpc.deb
Size/MD5 checksum: 1116184 1fe49f6356a160087cf669f7afc12700
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_s390.deb
Size/MD5 checksum: 1097006 6e98ead7e926fc07203cf43e84b1152d
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_sparc.deb
Size/MD5 checksum: 1107284 47f8dad7b309c9c19542bf1fc9502f77
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade FreeBSD ------- FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-04:10)以及相应补丁:
FreeBSD-SA-04:10:CVS pserver protocol parser errors
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc
补丁下载:
执行以下步骤之一:
1) 将有漏洞的系统升级到4-STABLE,或修订日期后的_5_2,RELENG_4_9或RELENG_4_8
安全版本。
2) 为当前系统打补丁:
已验证下列补丁可应用于FreeBSD 4.7, 4.8, 4.9, 4.10, 5.0, 5.1和5.2系统。
a) 从以下位置下载相关补丁,并使用PGP工具验证附带的PGP签名。
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:10/cvs.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:10/cvs.patch.asc
b) 以root执行以下命令:
# cd /usr/src
# patch
# cd /usr/src/gnu/usr.bin/cvs
# make obj && make depend && make && make install
VI. 更新细节
下面列出了已修正的FreeBSD版本中每个被修改文件的 MandrakeSoft ------------ http://www.debian.org/security/2004/dsa-505 S.u.S.E. -------- S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2004:013)以及相应补丁:
SuSE-SA:2004:013:cvs
链接:
补丁下载:
CVS CVS 1.11.1 p1:
SuSE Upgrade cvs-1.11.1p1-329.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cvs-1.11.1p1-329.i586.rpm
SuSE Upgrade cvs-1.11.1p1-329.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cvs-1.11.1p1-329.i586.patch.rpm
SuSE Upgrade cvs-1.11.1p1-329.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/cvs-1.11.1p1-329.i386.rpm
SuSE Upgrade cvs-1.11.1p1-329.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/cvs-1.11.1p1-329.i386.patch.rpm
CVS CVS 1.11.5:
SuSE Upgrade cvs-1.11.5-112.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cvs-1.11.5-112.i586.rpm
SuSE Upgrade cvs-1.11.5-112.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cvs-1.11.5-112.i586.patch.rpm
CVS Upgrade cvs-1.11.16.tar.gz
参考网址
来源:US-CERT Vulnerability Note: VU#192038 名称: VU#192038 链接:http://www.kb.cert.org/vuls/id/192038 来源:US-CERT Technical Alert: TA04-147A 名称: TA04-147A 链接:http://www.us-cert.gov/cas/techalerts/TA04-147A.html 来源: REDHAT 名称: RHSA-2004:190 链接:http://www.redhat.com/support/errata/RHSA-2004-190.html 来源: DEBIAN 名称: DSA-505 链接:http://www.debian.org/security/2004/dsa-505 来源: BUGTRAQ 名称: 20040519 Advisory 07/2004: CVS remote vulnerability 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108498454829020&w=2 来源: GENTOO 名称: GLSA-200405-12 链接:http://security.gentoo.org/glsa/glsa-200405-12.xml 来源: security.e-matters.de 链接:http://security.e-matters.de/advisories/072004.html 来源: OVAL 名称: oval:org.mitre.oval:def:9058 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9058 来源: SUSE 名称: SuSE-SA:2004:013 链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html 来源: NETBSD 名称: NetBSD-SA2004-008 链接:ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc 来源: FREEBSD 名称: FreeBSD-SA-04:10 链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc 来源: XF 名称: cvs-entry-line-bo(16193) 链接:http://xforce.iss.net/xforce/xfdb/16193 来源: SLACKWARE 名称: SSA:2004-140-01 链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865 来源: BID 名称: 10384 链接:http://www.securityfocus.com/bid/10384 来源: OSVDB 名称: 6305 链接:http://www.osvdb.org/6305 来源: MANDRAKE 名称: MDKSA-2004:048 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:048 来源: CIAC 名称: O-147 链接:http://www.ciac.org/ciac/bulletins/o-147.shtml 来源: SECUNIA 名称: 11674 链接:http://secunia.com/advisories/11674 来源: SECUNIA 名称: 11652 链接:http://secunia.com/advisories/11652 来源: SECUNIA 名称: 11651 链接:http://secunia.com/advisories/11651 来源: SECUNIA 名称: 11647 链接:http://secunia.com/advisories/11647 来源: SECUNIA 名称: 11641 链接:http://secunia.com/advisories/11641 来源: OPENBSD 名称: 20040520 cvs server buffer overflow vulnerability 链接:http://marc.theaimsgroup.com/?l=openbsd-security-announce&m=108508894405639&w=2 来源: FEDORA 名称: FEDORA-2004-1620 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108636445031613&w=2 来源: BUGTRAQ 名称: 20040519 [OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108500040719512&w=2 来源: BUGTRAQ 名称: 20040519 Advisory 07/2004: CVS remote vulnerability 链接:http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html 来源: FULLDISC 名称: 20040519 Advisory 07/2004: CVS remote vulnerability 链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html 来源: US Government Resource: oval:org.mitre.oval:def:970 名称: oval:org.mitre.oval:def:970 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:970
受影响实体
- Cvs Cvs:1.11<!--2000-1-1-->
- Cvs Cvs:1.12<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...