发布日期：2001-12-28
更新日期：2002-01-09

受影响系统：

GPM gpm 1.17.8
    - Debian Linux 2.2 arm
    - Debian Linux 2.2 sparc
    - Debian Linux 2.2 68k
    - Debian Linux 2.2 IA-32
    - Debian Linux 2.2 alpha
    - Debian Linux 2.2 powerpc

描述：

---

BUGTRAQ  ID: 3750
CVE(CAN) ID: CVE-2001-1203

gpm（General Mouse Protocol）是一个由公共域维护的鼠标驱动软件，它是免费并开放源码的，运行于Linux和其它类UNIX平台。

gpm的实现存在格式串漏洞，可以使本地攻击者通过溢出攻击在主机上执行任意指令。

gpm没有正确地处理用户提交的格式串，一个用户可以提供任意的格式串给gpm-root程序，从而导致执行攻击者指定的任意指令。gpm程序是由init进程以root身份运行的，所以攻击者可以利用这个漏洞得到主机的管理员权限。

<*来源：Debian Security Advisory
  
  链接：http://www.debian.org/security/2001/dsa-095
*>

建议：

---

临时解决方法：

如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁：

* 暂时停止gpm-root的程序的使用。

厂商补丁：

Debian
------
Debian已经为此发布了一个安全公告（DSA-095-1）以及相应补丁:
DSA-095-1：gpm local root vulnerability
链接：http://www.debian.org/security/2001/dsa-095

补丁下载：

Debian GNU/Linux 2.2 (potato)
Source:
http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8-18.1.dsc
http://security.debian.org/dists/stable/updates/main/source/gpm_1.17.8.orig.tar.gz

Alpha:
http://security.debian.org/dists/stable/updates/main/binary-alpha/gpm_1.17.8-18.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libgpmg1-dev_1.17.8-18.1_alpha.deb
http://security.debian.org/dists/stable/updates/main/binary-alpha/libgpmg1_1.17.8-18.1_alpha.deb

ARM:
http://security.debian.org/dists/stable/updates/main/binary-arm/gpm_1.17.8-18.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libgpmg1-dev_1.17.8-18.1_arm.deb
http://security.debian.org/dists/stable/updates/main/binary-arm/libgpmg1_1.17.8-18.1_arm.deb

Intel IA-32:
http://security.debian.org/dists/stable/updates/main/binary-i386/gpm_1.17.8-18.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libgpm1-altdev_1.17.8-18.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libgpm1_1.17.8-18.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libgpmg1-dev_1.17.8-18.1_i386.deb
http://security.debian.org/dists/stable/updates/main/binary-i386/libgpmg1_1.17.8-18.1_i386.deb

Motorola 680x0:
http://security.debian.org/dists/stable/updates/main/binary-m68k/gpm_1.17.8-18.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpm1-altdev_1.17.8-18.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpm1_1.17.8-18.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpmg1-dev_1.17.8-18.1_m68k.deb
http://security.debian.org/dists/stable/updates/main/binary-m68k/libgpmg1_1.17.8-18.1_m68k.deb

PowerPC:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/gpm_1.17.8-18.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgpmg1-dev_1.17.8-18.1_powerpc.deb
http://security.debian.org/dists/stable/updates/main/binary-powerpc/libgpmg1_1.17.8-18.1_powerpc.deb

Sun Sparc:
http://security.debian.org/dists/stable/updates/main/binary-sparc/gpm_1.17.8-18.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libgpmg1-dev_1.17.8-18.1_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/libgpmg1_1.17.8-18.1_sparc.deb

浏览次数：3226
严重程度：0（网友投票）