首页 -> 安全研究
安全研究
安全漏洞
Auto Nice Daemon本地格式化字符串漏洞
发布日期:2001-11-27
更新日期:2001-11-28
受影响系统:
Patrick Schemitz AutoNice Daemon 1.0.0不受影响系统:
- Caldera eDesktop 2.4
- Caldera eServer 2.3.1
- Compaq Digital Unix 4.0f
- Debian Linux 2.2 i386
- Debian Linux 2.2 sparc
- Debian Linux 2.2 alpha
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 68k
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- Mandrake Linux 7.2
- Mandrake Linux 7.1
- OpenBSD 2.9
- OpenBSD 2.8
- OpenBSD 2.7
- RedHat Linux 7.2 x86
- RedHat Linux 7.2 alpha
- RedHat Linux 7.1 x86
- RedHat Linux 7.1
- RedHat Linux 7.1 alpha
- RedHat Linux 7.0 x86
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0
- RedHat Linux 6.2 x86
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2
- RedHat Linux 6.2 alpha
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
Patrick Schemitz AutoNice Daemon 1.0.1
- Caldera eDesktop 2.4
- Caldera eServer 2.3.1
- Compaq Digital Unix 4.0f
- Debian Linux 2.2 i386
- Debian Linux 2.2 sparc
- Debian Linux 2.2 alpha
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 68k
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- Mandrake Linux 7.2
- Mandrake Linux 7.1
- OpenBSD 2.9
- OpenBSD 2.8
- OpenBSD 2.7
- RedHat Linux 7.2 x86
- RedHat Linux 7.2 alpha
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1
- RedHat Linux 7.1 x86
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 x86
- RedHat Linux 7.0
- RedHat Linux 7.0 sparc
- RedHat Linux 6.2
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 x86
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
Patrick Schemitz AutoNice Daemon 1.0.2
- Caldera eDesktop 2.4
- Caldera eServer 2.3.1
- Compaq Digital Unix 4.0f
- Debian Linux 2.2 i386
- Debian Linux 2.2 sparc
- Debian Linux 2.2 alpha
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 68k
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- Mandrake Linux 7.2
- Mandrake Linux 7.1
- OpenBSD 2.9
- OpenBSD 2.8
- OpenBSD 2.7
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2 x86
- RedHat Linux 7.1
- RedHat Linux 7.1 x86
- RedHat Linux 7.1 alpha
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 x86
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 x86
- RedHat Linux 6.2
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
Patrick Schemitz AutoNice Daemon 1.0.3
- Caldera eDesktop 2.4
- Caldera eServer 2.3.1
- Compaq Digital Unix 4.0f
- Debian Linux 2.2 i386
- Debian Linux 2.2 sparc
- Debian Linux 2.2 alpha
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 68k
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- Mandrake Linux 7.2
- Mandrake Linux 7.1
- OpenBSD 2.9
- OpenBSD 2.8
- OpenBSD 2.7
- RedHat Linux 7.2 x86
- RedHat Linux 7.2 alpha
- RedHat Linux 7.1 x86
- RedHat Linux 7.1
- RedHat Linux 7.1 alpha
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0
- RedHat Linux 7.0 x86
- RedHat Linux 7.0 sparc
- RedHat Linux 6.2 x86
- RedHat Linux 6.2
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 alpha
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
Patrick Schemitz AutoNice Daemon 1.0.4
- Caldera eDesktop 2.4
- Caldera eServer 2.3.1
- Compaq Digital Unix 4.0f
- Debian Linux 2.2 sparc
- Debian Linux 2.2 alpha
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 68k
- Debian Linux 2.2 i386
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- Mandrake Linux 7.2
- Mandrake Linux 7.1
- OpenBSD 2.9
- OpenBSD 2.8
- OpenBSD 2.7
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2 x86
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1
- RedHat Linux 7.1 x86
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 x86
- RedHat Linux 7.0
- RedHat Linux 6.2 x86
- RedHat Linux 6.2
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 sparc
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
Patrick Schemitz AutoNice Daemon 1.0.5描述:
- Caldera eDesktop 2.4
Patrick Schemitz AutoNice Daemon 1.0.5
- Caldera eServer 2.3.1
Patrick Schemitz AutoNice Daemon 1.0.5
- Compaq Digital Unix 4.0f
Patrick Schemitz AutoNice Daemon 1.0.5
- Debian Linux 2.2 i386
Patrick Schemitz AutoNice Daemon 1.0.5
- Debian Linux 2.2 68k
Patrick Schemitz AutoNice Daemon 1.0.5
- Debian Linux 2.2 powerpc
Patrick Schemitz AutoNice Daemon 1.0.5
- Debian Linux 2.2 alpha
Patrick Schemitz AutoNice Daemon 1.0.5
- Debian Linux 2.2 sparc
Patrick Schemitz AutoNice Daemon 1.0.5
- Mandrake Linux 8.1
Patrick Schemitz AutoNice Daemon 1.0.5
- Mandrake Linux 8.0
Patrick Schemitz AutoNice Daemon 1.0.5
- Mandrake Linux 7.2
Patrick Schemitz AutoNice Daemon 1.0.5
- Mandrake Linux 7.1
Patrick Schemitz AutoNice Daemon 1.0.5
- OpenBSD 2.9
Patrick Schemitz AutoNice Daemon 1.0.5
- OpenBSD 2.8
Patrick Schemitz AutoNice Daemon 1.0.5
- OpenBSD 2.7
Patrick Schemitz AutoNice Daemon 1.0.5
- RedHat Linux 7.2 alpha
Patrick Schemitz AutoNice Daemon 1.0.5
- RedHat Linux 7.2 sparc
Patrick Schemitz AutoNice Daemon 1.0.5
- RedHat Linux 7.1
Patrick Schemitz AutoNice Daemon 1.0.5
- RedHat Linux 7.1 sparc
Patrick Schemitz AutoNice Daemon 1.0.5
- RedHat Linux 7.1 alpha
Patrick Schemitz AutoNice Daemon 1.0.5
- RedHat Linux 7.0 sparc
Patrick Schemitz AutoNice Daemon 1.0.5
- RedHat Linux 7.0
Patrick Schemitz AutoNice Daemon 1.0.5
- RedHat Linux 7.0 x86
Patrick Schemitz AutoNice Daemon 1.0.5
- RedHat Linux 7.0 alpha
Patrick Schemitz AutoNice Daemon 1.0.5
- RedHat Linux 6.2 sparc
Patrick Schemitz AutoNice Daemon 1.0.5
- RedHat Linux 6.2 x86
Patrick Schemitz AutoNice Daemon 1.0.5
- RedHat Linux 6.2
Patrick Schemitz AutoNice Daemon 1.0.5
- RedHat Linux 6.2 alpha
Patrick Schemitz AutoNice Daemon 1.0.5
- Slackware Linux 8.0
Patrick Schemitz AutoNice Daemon 1.0.5
- Slackware Linux 7.1
Patrick Schemitz AutoNice Daemon 1.0.5
- Slackware Linux 7.0
BUGTRAQ ID: 3580
CVE(CAN) ID: CVE-2001-0920
AND(Auto Nice Daemon)是一个守护程序,用来监视用户运行的进程。如果用户进程占用了过多的CPU时间,该守护程序就会改变这个用户进程。另外,该守护程序也会杀掉一些越级运行的用户程序。
该守护程序存在一个格式化字符串漏洞,可能导致本地攻击者提升权限。
该守护程序调用了syslog(3)函数,并且把进程名做为第二个参数。因此,只要精心构造一个包含格式化字符串的进程,就可能允许本地攻击者执行任意代码。由于该守护程序以root身份运行,因此攻击者将获得root权限。
<*来源:Beno?t Roussel (benoit.roussel@intexxia.com)
链接:http://archives.neohapsis.com/archives/bugtraq/2001-11/0206.html
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 暂时停止运行该守护程序
* 手工修改“and-1.0.4/and.c”如下:
找到:
syslog(LOG_WARNING,buffer);
替换为:
syslog(LOG_WARNING, "%s", buffer);
重新编译程序。
厂商补丁:
Patrick Schemitz
----------------
目前厂商已经发布了升级版本1.0.5以修复此安全问题,请立刻到厂商的主页下载最新版本:
http://and.sourceforge.net:/and-1.0.5.tar.gz
浏览次数:3642
严重程度:0(网友投票)
绿盟科技给您安全的保障