首页 -> 安全研究
安全研究
安全漏洞
libgtop_daemon远程格式化字符串漏洞
发布日期:2001-11-27
更新日期:2001-11-28
受影响系统:
GNOME libgtop_daemon 1.0.12描述:
- Mandrake Linux 8.1
- Mandrake Linux 8.0
GNOME libgtop_daemon 1.0.13
- Mandrake Linux 8.1
- Mandrake Linux 8.0
GNOME libgtop_daemon 1.0.7
- Mandrake Linux Corporate Server 1.0.1
- Mandrake Linux 7.1
GNOME libgtop_daemon 1.0.9
- Mandrake Linux 7.2
BUGTRAQ ID: 3594
CVE(CAN) ID: CVE-2001-0928
libgtop_daemon是GNOME的一个守护程序,用来监视服务器上运行的进程。
该守护程序存在一个格式串漏洞,可能导致远程攻击者以普通用户的权限在主机上执行任意指令。
该守护程序的两个函数syslog_message()和syslog_io_message()调用了格式化字符串,而这些格式化字符串是由客户端初始化的。因此,通过精心构造一个特殊的格式化字符串,可能允许远程攻击者执行任意代码。由于该守护程序以nobody身份运行,因此攻击者将获得nobody权限。
<*来源:Beno?t Roussel (benoit.roussel@intexxia.com)
链接:http://archives.neohapsis.com/archives/bugtraq/2001-11/0218.html
http://www.debian.org/security/2002/dsa-098
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000448
http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-094.php3
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 暂时停止运行该守护程序。
* 手工修改“src/daemon/gnuserv.c”如下:
在函数syslog_message()中,将
syslog (priority, buffer);
换为:
syslog (priority, "%s", buffer);
在函数syslog_io_message(),将
syslog (priority, buffer2);
换为:
syslog (priority, "%s", buffer2);
重新编译程序。
厂商补丁:
Conectiva
---------
Conectiva已经为此发布了一个安全公告(CLA-2002:448)以及相应补丁:
CLA-2002:448:libgtop vulnerabilities
链接:
补丁下载:
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/libgtop-1.0.13-U50_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/libgtop-1.0.13-U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/libgtop-devel-1.0.13-U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/libgtop-devel-static-1.0.13-U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/libgtop-examples-1.0.13-U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/libgtop-1.0.13-U51_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/libgtop-1.0.13-U51_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/libgtop-devel-1.0.13-U51_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/libgtop-devel-static-1.0.13-U51_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/libgtop-examples-1.0.13-U51_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/libgtop-1.0.13-U60_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libgtop-1.0.13-U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libgtop-devel-1.0.13-U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libgtop-devel-static-1.0.13-U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/libgtop-examples-1.0.13-U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/libgtop-1.0.13-U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgtop-1.0.13-U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgtop-devel-1.0.13-U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgtop-devel-static-1.0.13-U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libgtop-examples-1.0.13-U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/libgtop-1.0.13-U50_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/libgtop-1.0.13-U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/libgtop-devel-1.0.13-U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/libgtop-devel-static-1.0.13-U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/libgtop-examples-1.0.13-U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/libgtop-1.0.13-U50_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/libgtop-1.0.13-U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/libgtop-devel-1.0.13-U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/libgtop-devel-static-1.0.13-U50_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/libgtop-examples-1.0.13-U50_2cl.i386.rpm
Debian
------
Debian已经为此发布了一个安全公告(DSA-098-1)以及相应补丁:
DSA-098-1:libgtop: format string vulnerability and buffer overflow
链接:http://www.debian.org/security/2002/dsa-098
补丁下载:
Debian GNU/Linux 2.2 alias potato
- ---------------------------------
Potato was released for alpha, arm, i386, m68k, powerpc and sparc.
Source archives:
http://security.debian.org/dists/stable/updates/main/source/libgtop_1.0.6-1.1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/libgtop_1.0.6-1.1.dsc
http://security.debian.org/dists/stable/updates/main/source/libgtop_1.0.6.orig.tar.gz
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/libgtop-daemon_1.0.6-1.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libgtop-dev_1.0.6-1.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libgtop1_1.0.6-1.1_alpha.deb
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/libgtop-daemon_1.0.6-1.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libgtop-dev_1.0.6-1.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libgtop1_1.0.6-1.1_arm.deb
Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/libgtop-daemon_1.0.6-1.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libgtop-dev_1.0.6-1.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libgtop1_1.0.6-1.1_i386.deb
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/libgtop-daemon_1.0.6-1.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/libgtop-dev_1.0.6-1.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/libgtop1_1.0.6-1.1_m68k.deb
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgtop-daemon_1.0.6-1.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgtop-dev_1.0.6-1.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgtop1_1.0.6-1.1_powerpc.deb
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/libgtop-daemon_1.0.6-1.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libgtop-dev_1.0.6-1.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libgtop1_1.0.6-1.1_sparc.deb
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
GNOME
-----
目前厂商已经发布了升级版本以修复此安全问题,请立刻到厂商的主页下载:
源码:
ftp://ftp.gnome.org/pub/GNOME/stable/sources/libgtop/libgtop-1.0.13.tar.gz
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2001:094)以及相应补丁:
MDKSA-2001:094:libgtop
链接:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-094.php3
补丁下载:
Linux-Mandrake 7.1:
4460a5e35ae7d547298577edeff6f599 7.1/RPMS/libgtop-1.0.7-0.2mdk.i586.rpm
f9475e8907edcc20aade65e50829f609 7.1/RPMS/libgtop-devel-1.0.7-0.2mdk.i586.rpm
597321a95fbf7bc1e23510f478fb78e5 7.1/SRPMS/libgtop-1.0.7-0.2mdk.src.rpm
Linux-Mandrake 7.2:
a7884a2c6af568510428aa02a354a30c 7.2/RPMS/libgtop-1.0.9-5.1mdk.i586.rpm
00d86824f66784890e348752144a476f 7.2/RPMS/libgtop-devel-1.0.9-5.1mdk.i586.rpm
6515e7d2a32b750062833cb59dbc64e7 7.2/SRPMS/libgtop-1.0.9-5.1mdk.src.rpm
Mandrake Linux 8.0:
2a063541aa9f9a100dd4c65b732224fd 8.0/RPMS/libgtop1-1.0.12-4.1mdk.i586.rpm
fb4cfb4b72e16121a6dab24e093b1de3 8.0/RPMS/libgtop1-devel-1.0.12-4.1mdk.i586.rpm
ae5c879fd1557cf964c4da572597ee94 8.0/SRPMS/libgtop-1.0.12-4.1mdk.src.rpm
Mandrake Linux 8.0 (PPC):
8e1dbba939c6281e22f57056dea4bb21 ppc/8.0/RPMS/libgtop1-1.0.12-4.1mdk.ppc.rpm
573688a8cdb56d2f07b8fc014784d036 ppc/8.0/RPMS/libgtop1-devel-1.0.12-4.1mdk.ppc.rpm
ae5c879fd1557cf964c4da572597ee94 ppc/8.0/SRPMS/libgtop-1.0.12-4.1mdk.src.rpm
Mandrake Linux 8.1:
20b663d5dd475a7fdc3a538f1a2a3eef 8.1/RPMS/libgtop1-1.0.12-4.1mdk.i586.rpm
0bcd19f280c7723e098918bbc68f52af 8.1/RPMS/libgtop1-devel-1.0.12-4.1mdk.i586.rpm
ae5c879fd1557cf964c4da572597ee94 8.1/SRPMS/libgtop-1.0.12-4.1mdk.src.rpm
Mandrake Linux 8.1 (IA64):
31f68bbde5ead6d8262c5b5cfb056918 ia64/8.1/RPMS/libgtop1-1.0.12-4.1mdk.ia64.rpm
c454857c349043d5f20b7b34d61fe1b2 ia64/8.1/RPMS/libgtop1-devel-1.0.12-4.1mdk.ia64.rpm
ae5c879fd1557cf964c4da572597ee94 ia64/8.1/SRPMS/libgtop-1.0.12-4.1mdk.src.rpm
Corporate Server 1.0.1:
4460a5e35ae7d547298577edeff6f599 1.0.1/RPMS/libgtop-1.0.7-0.2mdk.i586.rpm
f9475e8907edcc20aade65e50829f609 1.0.1/RPMS/libgtop-devel-1.0.7-0.2mdk.i586.rpm
597321a95fbf7bc1e23510f478fb78e5 1.0.1/SRPMS/libgtop-1.0.7-0.2mdk.src.rpm
您可以在下列链接中的镜像FTP服务器上下载上述更新包。
http://www.linux-mandrake.com/en/ftp.php3.
您可以在下列目录:
"updates/[版本]/RPMS/"
下下载更新软件包。
浏览次数:3767
严重程度:0(网友投票)
绿盟科技给您安全的保障