首页 -> 安全研究
安全研究
安全漏洞
SLRN 任意Shell脚本执行漏洞
发布日期:2001-09-25
更新日期:2001-09-28
受影响系统:
描述:
SLRN Development Team slrn 0.9.6.2
- Debian Linux 2.2
- Debian Linux 2.2 68k
- Debian Linux 2.2 alpha
- Debian Linux 2.2 arm
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 sparc
BUGTRAQ ID: 3364
CVE(CAN) ID: CVE-2001-1035
slrn是一款免费获得的NNTP阅读器,最初是由Thomas Schultz开发的,目前由“slrn
project”项目组开发和维护。
发现slrn存在安全问题,导致在运行有缺陷的slrn系统上执行任意命令,这是由slrn的
Shell脚本处理代码造成的。当slrn从NNTP服务器下载邮件时,总是试图对二进制文件
解码,这就会导致Shell脚本的执行。
<*来源:Byrial Jensen
链接:Debian Security Advisory DSA-078-1:
http://www.debian.org/security/
*>
建议:
厂商补丁:
目前厂商已经发布了补丁程序,请到厂商的主页下载:
Debian GNU/Linux 2.2 alias potato
- ---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato2.diff.gz
http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato2.dsc
http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2.orig.tar.gz
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/slrn_0.9.6.2-9potato2_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/slrnpull_0.9.6.2-9potato2_alpha.deb
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/slrn_0.9.6.2-9potato2_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/slrnpull_0.9.6.2-9potato2_arm.deb
Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/slrn_0.9.6.2-9potato2_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/slrnpull_0.9.6.2-9potato2_i386.deb
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/slrn_0.9.6.2-9potato2_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/slrnpull_0.9.6.2-9potato2_m68k.deb
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrn_0.9.6.2-9potato2_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrnpull_0.9.6.2-9potato2_powerpc.deb
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/slrn_0.9.6.2-9potato2_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/slrnpull_0.9.6.2-9potato2_sparc.deb
浏览次数:4920
严重程度:0(网友投票)
绿盟科技给您安全的保障