发布日期：2001-09-25
更新日期：2001-09-28

受影响系统：

SLRN Development Team slrn 0.9.6.2
   - Debian Linux 2.2
   - Debian Linux 2.2 68k
   - Debian Linux 2.2 alpha
   - Debian Linux 2.2 arm
   - Debian Linux 2.2 powerpc
   - Debian Linux 2.2 sparc

描述：

---

BUGTRAQ  ID: 3364
CVE(CAN) ID: CVE-2001-1035

slrn是一款免费获得的NNTP阅读器，最初是由Thomas Schultz开发的，目前由“slrn
project”项目组开发和维护。

发现slrn存在安全问题，导致在运行有缺陷的slrn系统上执行任意命令，这是由slrn的
Shell脚本处理代码造成的。当slrn从NNTP服务器下载邮件时，总是试图对二进制文件
解码，这就会导致Shell脚本的执行。

<*来源：Byrial Jensen
  链接：Debian Security Advisory DSA-078-1：
        http://www.debian.org/security/
*>


建议：

---

厂商补丁：

目前厂商已经发布了补丁程序，请到厂商的主页下载：

Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

  Source archives:
    http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato2.diff.gz
    http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato2.dsc
    http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2.orig.tar.gz

  Alpha architecture:
    http://security.debian.org/dists/stable/updates/main/binary-alpha/slrn_0.9.6.2-9potato2_alpha.deb
    http://security.debian.org/dists/stable/updates/main/binary-alpha/slrnpull_0.9.6.2-9potato2_alpha.deb


  ARM architecture:
    http://security.debian.org/dists/stable/updates/main/binary-arm/slrn_0.9.6.2-9potato2_arm.deb
    http://security.debian.org/dists/stable/updates/main/binary-arm/slrnpull_0.9.6.2-9potato2_arm.deb

  Intel IA-32 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-i386/slrn_0.9.6.2-9potato2_i386.deb
    http://security.debian.org/dists/stable/updates/main/binary-i386/slrnpull_0.9.6.2-9potato2_i386.deb

  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-m68k/slrn_0.9.6.2-9potato2_m68k.deb
    http://security.debian.org/dists/stable/updates/main/binary-m68k/slrnpull_0.9.6.2-9potato2_m68k.deb

  PowerPC architecture:
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrn_0.9.6.2-9potato2_powerpc.deb
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrnpull_0.9.6.2-9potato2_powerpc.deb

  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/main/binary-sparc/slrn_0.9.6.2-9potato2_sparc.deb
    http://security.debian.org/dists/stable/updates/main/binary-sparc/slrnpull_0.9.6.2-9potato2_sparc.deb


浏览次数：4920
严重程度：0（网友投票）