首页 -> 安全研究
安全研究
安全漏洞
多家厂商FTPD glob()函数处理意外情况失败远程缓冲区溢出漏洞
发布日期:2001-07-09
更新日期:2001-07-09
受影响系统:
Multiple Vendor Ftpd描述:
- FreeBSD 4.2
- FreeBSD 4.1.1
- FreeBSD 4.1
- FreeBSD 4.0
- FreeBSD 3.5.1
- FreeBSD 3.5
- FreeBSD 3.4
- FreeBSD 3.3
- FreeBSD 3.2
- FreeBSD 3.1
- FreeBSD 3.0
- FreeBSD 2.2.8
- FreeBSD 2.2.6
- FreeBSD 2.2.5
- FreeBSD 2.2.4
- FreeBSD 2.2.3
- FreeBSD 2.2.2
- FreeBSD 2.2
- NetBSD 1.5
- NetBSD 1.4.3
- NetBSD 1.4.2
- NetBSD 1.4.1
- NetBSD 1.4
- NetBSD 1.3.3
- NetBSD 1.3.2
- NetBSD 1.3.1
- NetBSD 1.3
- NetBSD 1.2.1
- OpenBSD 2.8
- OpenBSD 2.7
- OpenBSD 2.6
- OpenBSD 2.5
- OpenBSD 2.4
- OpenBSD 2.3
- SGI IRIX 6.5.8
- SGI IRIX 6.5.7
- SGI IRIX 6.5.6
- SGI IRIX 6.5.5
- SGI IRIX 6.5.4
- SGI IRIX 6.5.3m
- SGI IRIX 6.5.3f
- SGI IRIX 6.5.3
- SGI IRIX 6.5.2m
- SGI IRIX 6.5.11
- SGI IRIX 6.5.10
- SGI IRIX 6.5.1
- SGI IRIX 6.5
BUGTRAQ ID: 2548
CVE(CAN) ID: CVE-2001-0247
很多系统的FTPD守护程序包含一个glob()函数,它实现文件名的模式匹配,它遵循与Unix Shell同样的扩展原则。
某些BSD系统的glob()实现其内部处理函数中包含一些缓冲区溢出漏洞,允许本地和远程攻击者在受影响的系统上获取root用户权限。
这些溢出通常可以通过请求一个可以扩展为超长路径名的模板来触发,也可以设法使FTP守护程序将用户输入的模板通过glob()两次来触发。对于远程用户,如果他们可以在服务器上创建目录,就可以利用这些漏洞;在某些例外情况下,远程用户可以不需要有创建目录的权限。
<*来源:John McDonald
Anthony Osborne
链接:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/205&type=0&nav=sec.sba
http://www.its.monash.edu.au/security/auscert/2001-04/msg00013.html
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:33.[需要添加].asc
http://www.attrition.org/security/advisory/immunix/imnx-2001-70-022-01.kerberos
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-057.php3
https://www.redhat.com/support/errata/RHSA-2001-060.html
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 如果您不需要FTP服务,就暂时关闭FTP服务;
* 禁止匿名用户拥有可写目录。
厂商补丁:
FreeBSD
-------
FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-01:33)以及相应补丁:
FreeBSD-SA-01:33:globbing vulnerability in ftpd
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:33.asc
补丁下载:
用以下命令获取补丁:
FreeBSD 4.x:
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.4.x.patch
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.4.x.patch.asc
FreeBSD 3.x:
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.3.x.patch
# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.3.x.patch.asc
用以下命令安装:
# cd /usr/src
# patch -p < /path/to/patch
# cd /usr/src/lib/libc
# make all install
# cd /usr/src/libexec/ftpd
# make all install
NetBSD
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Release CVS branch SUP collection FTP directory
-------------------------------------------------------------------
1.4 netbsd-1-4 release-1-4 /pub/NetBSD/NetBSD-release-1-4
1.5 netbsd-1-5 release-1-5 /pub/NetBSD/NetBSD-release-1-5
current HEAD current /pub/NetBSD/NetBSD-current
OpenBSD
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/025_glob.patch
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2001:060-04)以及相应补丁:
RHSA-2001:060-04:Updated Kerberos 5 packages available
链接:https://www.redhat.com/support/errata/RHSA-2001-060.html
补丁下载:
Red Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/krb5-1.1.1-27.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/krb5-configs-1.1.1-27.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/krb5-devel-1.1.1-27.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/krb5-libs-1.1.1-27.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/krb5-server-1.1.1-27.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/krb5-workstation-1.1.1-27.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/krb5-configs-1.1.1-27.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/krb5-devel-1.1.1-27.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/krb5-libs-1.1.1-27.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/krb5-server-1.1.1-27.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/krb5-workstation-1.1.1-27.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/krb5-configs-1.1.1-27.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/krb5-devel-1.1.1-27.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/krb5-libs-1.1.1-27.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/krb5-server-1.1.1-27.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/krb5-workstation-1.1.1-27.sparc.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/krb5-1.2.2-5.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/krb5-devel-1.2.2-5.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/krb5-libs-1.2.2-5.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/krb5-server-1.2.2-5.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/krb5-workstation-1.2.2-5.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/krb5-devel-1.2.2-5.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/krb5-libs-1.2.2-5.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/krb5-server-1.2.2-5.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/krb5-workstation-1.2.2-5.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/krb5-1.2.2-5.src.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/krb5-devel-1.2.2-5.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/krb5-libs-1.2.2-5.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/krb5-server-1.2.2-5.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/krb5-workstation-1.2.2-5.i386.rpm
可使用下列命令安装补丁:
rpm -Fvh [文件名]
Sun
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
补丁下载:
http://sunsolve.sun.com/securitypatch
操作系统及修补丁号对应情况:
系统版本 补丁号
_________ _________
SunOS 5.8 111606-01
SunOS 5.8_x86 111607-01
SunOS 5.7 110646-02
SunOS 5.7_x86 110647-02
SunOS 5.6 106301-03
SunOS 5.6_x86 106302-03
SunOS 5.5.1 103603-16
SunOS 5.5.1_x86 103604-16
SunOS 5.5 103577-12
SunOS 5.5_x86 103578-12
Wirex
-----
Wirex已经为此发布了一个安全公告(IMNX-2001-70-022-01)以及相应补丁:
IMNX-2001-70-022-01:kerberos
链接:
升级软件下载:
Immunix 6.2下的二进制软件包:
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/krb5-configs-1.1.1-27_StackGuard.i386.rpm
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/krb5-devel-1.1.1-27_StackGuard.i386.rpm
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/krb5-libs-1.1.1-27_StackGuard.i386.rpm
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/krb5-server-1.1.1-27_StackGuard.i386.rpm
http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/krb5-workstation-1.1.1-27_StackGuard.i386.rpm
Immunix 6.2的源码包:
http://download.immunix.org/ImmunixOS/6.2/updates/SRPMS/krb5-1.1.1-27_StackGuard.src.rpm
Immunix 7.0-beta和7.0下的二进制软件包:
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/krb5-devel-1.2.2-5_imnx.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/krb5-libs-1.2.2-5_imnx.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/krb5-server-1.2.2-5_imnx.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/krb5-workstation-1.2.2-5_imnx.i386.rpm
Immunix 7.0-beta和7.0的源码包:
http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/krb5-1.2.2-5_imnx.src.rpm
浏览次数:5184
严重程度:0(网友投票)
绿盟科技给您安全的保障