首页 -> 安全研究
安全研究
安全漏洞
AT 畸形时间格式导致堆溢出漏洞
发布日期:2002-01-16
更新日期:2002-01-23
受影响系统:
Thomas Koenig at 3.1.7描述:
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1
Thomas Koenig at 3.1.8
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 alpha
- Debian Linux 2.2 sparc
- Debian Linux 2.2 i386
- Debian Linux 2.2 68k
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- RedHat Linux 7.1 ia64
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1 x86
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0
- RedHat Linux 7.0 x86
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
- SuSE Linux 7.3 sparc
- SuSE Linux 7.3 powerpc
- SuSE Linux 7.3 i386
- SuSE Linux 7.2
- SuSE Linux 7.2 i386
- SuSE Linux 7.1 sparc
- SuSE Linux 7.1
- SuSE Linux 7.1 alpha
- SuSE Linux 7.1 powerpc
- SuSE Linux 7.1 i386
- SuSE Linux 7.0 powerpc
- SuSE Linux 7.0 i386
- SuSE Linux 7.0
- SuSE Linux 7.0 alpha
- SuSE Linux 7.0 sparc
- SuSE Linux 6.4 i386
- SuSE Linux 6.4
- SuSE Linux 6.4 alpha
- SuSE Linux 6.4 powerpc
BUGTRAQ ID: 3886
CVE(CAN) ID: CVE-2002-0004
/usr/bin/at是一种免费获取使用的开放源代码的软件包,用于定时执行应用程序。许多Unix、Linux操作系统都携带了这种软件包。一般情况下/usr/bin/at都设置了suid root属性。
at程序存在输入验证漏洞,可能使本地攻击者获取主机的root权限。
当从命令行接收到某些特殊的时间格式进行处理时,由于错误地对同一内存区域做了两次释放动作,可能导致某些堆区数据被破坏或重写,本地攻击者可能利用这个漏洞获取root权限。
执行"/usr/bin/at 31337 + vuln",如果你所在系统受此问题影响,将会看到"Segmentation fault",否则应该看到类似信息"Garbled time"(可能带有其他信息)。
<*来源:zen-parse (zen-parse@gmx.net)
链接:http://archives.neohapsis.com/archives/bugtraq/2002-01/0221.html
http://www.debian.org/security/2002/dsa-102
http://www.suse.com/de/support/security/2002_003_at_txt.txt
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-007.php
https://www.redhat.com/support/errata/RHSA-2002-015.html
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 在漏洞修补之前暂时去掉at程序的suid root位。
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-102-1)以及相应补丁:
DSA-102-1:at daemon exploit
链接:http://www.debian.org/security/2002/dsa-102
补丁下载:
Debian GNU/Linux 2.2 alias potato
- ------------------------------------
Source archives:
http://security.debian.org/dists/stable/updates/main/source/at_3.1.8-10.1.dsc
http://security.debian.org/dists/stable/updates/main/source/at_3.1.8-10.1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/at_3.1.8.orig.tar.gz
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/at_3.1.8-10.1_alpha.deb
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/at_3.1.8-10.1_arm.deb
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/at_3.1.8-10.1_i386.deb
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/at_3.1.8-10.1_m68k.deb
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/at_3.1.8-10.1_powerpc.deb
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/at_3.1.8-10.1_sparc.deb
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2002:007)以及相应补丁:
MDKSA-2002:007:at update
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-007.php3
补丁下载:
________________________________________________________________________
Updated Packages:
Mandrake Linux 8.1:
066814fda6dfc8f74721861a90c1d167 8.1/RPMS/at-3.1.8-4.1mdk.i586.rpm
8205596ce7b87d8dca57a6d9285dd1d1 8.1/SRPMS/at-3.1.8-4.1mdk.src.rpm
Mandrake Linux 8.1/ia64:
bc46bc259124e1de45063503d8be2940 ia64/8.1/RPMS/at-3.1.8-4.1mdk.ia64.rpm
8205596ce7b87d8dca57a6d9285dd1d1 ia64/8.1/SRPMS/at-3.1.8-4.1mdk.src.rpm
________________________________________________________________________
上述升级软件可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:015-13)以及相应补丁:
RHSA-2002:015-13:Updated at package available
链接:https://www.redhat.com/support/errata/RHSA-2002-015.html
注:RedHat 7.2不受此安全漏洞影响,但是仍存在其他的一些问题,因此RedHat仍然提供了升级程序。
补丁下载:
Hat Linux 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/at-3.1.8-22.1.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/at-3.1.8-22.1.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/os/i386/at-3.1.8-22.1.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/at-3.1.8-22.1.sparc.rpm
Red Hat Linux 7.0:
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/at-3.1.8-23.src.rpm
alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/at-3.1.8-23.alpha.rpm
i386:
ftp://updates.redhat.com/7.0/en/os/i386/at-3.1.8-23.i386.rpm
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/at-3.1.8-23.src.rpm
alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/at-3.1.8-23.alpha.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/at-3.1.8-23.i386.rpm
ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/at-3.1.8-23.ia64.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/at-3.1.8-23.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/at-3.1.8-23.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/at-3.1.8-23.ia64.rpm
可使用下列命令安装补丁:
rpm -Fvh [文件名]
S.u.S.E.
--------
S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2002:003)以及相应补丁:
SuSE-SA:2002:003:at
链接:http://www.suse.com/de/support/security/2002_003_at_txt.txt
补丁下载:
i386 Intel Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/ap1/at-3.1.8-459.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/at-3.1.8-459.src.rpm
SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/ap1/at-3.1.8-458.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/at-3.1.8-458.src.rpm
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/a1/at-3.1.8-458.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/at-3.1.8-458.src.rpm
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/a1/at-3.1.8-459.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/at-3.1.8-459.src.rpm
SuSE-6.4
ftp://ftp.suse.com/pub/suse/i386/update/6.4/a1/at-3.1.8-458.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/at-3.1.8-458.src.rpm
Sparc Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/ap1/at-3.1.8-356.sparc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/at-3.1.8-356.src.rpm
SuSE-7.1
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/a1/at-3.1.8-356.sparc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/at-3.1.8-356.src.rpm
SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/a1/at-3.1.8-357.sparc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/at-3.1.8-357.src.rpm
AXP Alpha Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/axp/update/7.1/a1/at-3.1.8-360.alpha.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/at-3.1.8-360.src.rpm
SuSE-7.0
ftp://ftp.suse.com/pub/suse/axp/update/7.0/a1/at-3.1.8-361.alpha.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/at-3.1.8-361.src.rpm
SuSE-6.4
ftp://ftp.suse.com/pub/suse/axp/update/6.4/a1/at-3.1.8-361.alpha.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/at-3.1.8-361.src.rpm
PPC Power PC Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/ap1/at-3.1.8-363.ppc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/at-3.1.8-363.src.rpm
SuSE-7.1
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/a1/at-3.1.8-362.ppc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/at-3.1.8-362.src.rpm
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/a1/at-3.1.8-362.ppc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/at-3.1.8-362.src.rpm
SuSE-6.4
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/a1/at-3.1.8-362.ppc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/at-3.1.8-362.src.rpm
补丁安装方法: # rpm -Fhv file.rpm
浏览次数:3517
严重程度:0(网友投票)
绿盟科技给您安全的保障