漏洞信息详情
Eterm LibAST Library缓冲区溢出漏洞
- CNNVD编号:CNNVD-200601-305 <!--
- 危害等级: 中危-->
- 危害等级: 中危
- CVE编号: CVE-2006-0224
- 漏洞类型: 缓冲区溢出
- 发布时间: 2006-01-24
- 威胁类型: 本地
- 更新时间: 2006-01-31
- 厂 商: libast
- 漏洞来源: Discovered by John...
-
漏洞简介
Library of Assorted Spiffy Things (LibAST) 0.6.1及更早版本中的缓冲区溢出漏洞(用在Eterm和可能的其他软件中),可让本地用户通过长-X命令行参数(备用配置文件名)作为utmp用户执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
LibAST LibAST 0.6
Debian libast2-dev_0.6-0pre2003010606sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0 .6-0pre2003010606sarge1_alpha.deb
Debian libast2-dev_0.6-0pre2003010606sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0 .6-0pre2003010606sarge1_amd64.deb
Debian libast2-dev_0.6-0pre2003010606sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0 .6-0pre2003010606sarge1_arm.deb
Debian libast2-dev_0.6-0pre2003010606sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0 .6-0pre2003010606sarge1_hppa.deb
Debian libast2-dev_0.6-0pre2003010606sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0 .6-0pre2003010606sarge1_i386.deb
Debian libast2-dev_0.6-0pre2003010606sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0 .6-0pre2003010606sarge1_ia64.deb
Debian libast2-dev_0.6-0pre2003010606sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0 .6-0pre2003010606sarge1_m68k.deb
Debian libast2-dev_0.6-0pre2003010606sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0 .6-0pre2003010606sarge1_mips.deb
Debian libast2-dev_0.6-0pre2003010606sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0 .6-0pre2003010606sarge1_mipsel.deb
Debian libast2-dev_0.6-0pre2003010606sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0 .6-0pre2003010606sarge1_powerpc.deb
Debian libast2-dev_0.6-0pre2003010606sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0 .6-0pre2003010606sarge1_s390.deb
Debian libast2-dev_0.6-0pre2003010606sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2-dev_0 .6-0pre2003010606sarge1_sparc.deb
Debian libast2_0.6-0pre2003010606sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0 pre2003010606sarge1_alpha.deb
Debian libast2_0.6-0pre2003010606sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0 pre2003010606sarge1_amd64.deb
Debian libast2_0.6-0pre2003010606sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0 pre2003010606sarge1_arm.deb
Debian libast2_0.6-0pre2003010606sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0 pre2003010606sarge1_hppa.deb
Debian libast2_0.6-0pre2003010606sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0 pre2003010606sarge1_i386.deb
Debian libast2_0.6-0pre2003010606sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0 pre2003010606sarge1_ia64.deb
Debian libast2_0.6-0pre2003010606sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0 pre2003010606sarge1_m68k.deb
Debian libast2_0.6-0pre2003010606sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0 pre2003010606sarge1_mips.deb
Debian libast2_0.6-0pre2003010606sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/liba/libast/libast2_0.6-0 pre2003010606sarge1_mipsel.deb
Debian libast2_0.6-0pre2003010606sarge1_powe
参考网址
来源: BUGTRAQ
名称: 20060123 [ Rosiello Security ] Eterm-LibAST Advisory
链接:http://www.securityfocus.com/archive/1/archive/1/423207/100/0/threaded
来源: BUGTRAQ
名称: 20060125 Rosiello Security - Eterm-LibAST Advisory
链接:http://www.securityfocus.com/archive/1/archive/1/423088/100/0/threaded
来源: MISC
链接:http://www.rosiello.org/en/read_bugs.php?id=25
来源: VUPEN
名称: ADV-2006-0314
链接:http://www.frsirt.com/english/advisories/2006/0314
来源: BID
名称: 16350
链接:http://www.securityfocus.com/bid/16350
来源: BUGTRAQ
名称: 20060123 LibAST 0.7 Release Fixes Security Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/423366/100/0/threaded
来源: freshmeat.net
链接:http://freshmeat.net/projects/libast/?branch_id=17907&release_id=217840
来源: freshmeat.net
链接:http://freshmeat.net/projects/libast/?branch_id=17907&release_id=217840
来源: XF
名称: eterm-libast-filename-bo(24303)
链接:http://xforce.iss.net/xforce/xfdb/24303
来源: OSVDB
名称: 22735
链接:http://www.osvdb.org/22735
来源: MANDRIVA
名称: MDKSA-2006:029
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:029
来源: GENTOO
名称: GLSA-200601-14
链接:http://www.gentoo.org/security/en/glsa/glsa-200601-14.xml
来源: DEBIAN
名称: DSA-976
链接:http://www.debian.org/security/2006/dsa-976
来源: SREASON
名称: 373
链接:http://securityreason.com/securityalert/373
来源: SECUNIA
名称: 18916
链接:http://secunia.com/advisories/18916
来源: SECUNIA
名称: 18632
链接:http://secunia.com/advisories/18632
来源: SECUNIA
名称: 18586
链接:http://secunia.com/advisories/18586
来源: MANDRIVA
名称: MDKSA-2006:029
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:029
受影响实体
- Libast Libast:0.6.1<!--2000-1-1-->
- Libast Libast:0.6<!--2000-1-1-->
- Libast Libast:0.5<!--2000-1-1-->
- Libast Libast:0.4<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...