YoungZSoft CMailServer远程缓冲区溢出漏洞
发布日期:2002-05-21
更新日期:2002-05-27
受影响系统:YoungZSoft CMailServer 3.30
描述:
BUGTRAQ ID:
4789
CVE(CAN) ID:
CVE-2002-0799
CMailServer是一款基于Web的电子邮件系统,可使用在Linux/Unix和Windows等多种操作系统下。
CMailServer对用户提供的输入缺少正确充分的边界缓冲检查,可导致远程攻击者进行缓冲溢出区攻击。
CMailServer在sprintf()函数中在检查通过USER命令提交的那个用户名在mail目录下是否存在相应的目录时缺少正确检查,攻击者提交包含恶意的目录信息会出现缓冲区溢出,精心构建目录数据可导致攻击者以Web进程权限在目标系统中执行任意指令。
<*链接:
http://archives.neohapsis.com/archives/bugtraq/2002-05/0191.html
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* <
2c79cbe14ac7d0b8472d3f129fa1df55@hushmail.com>提供如下补丁程序:
/*
cmepatch.c
May 20, 2002
this is a quick and dirty patch.. it simply adds functionality that
inserts a NULL as the 200th byte of the passed USER argument prior
to the affected sprintf().. not even remotely elegant but enough to
stop you from getting izn0wn3D
I TAKE NO RESPONSIBILITY FOR THE DAMAGE THIS MAY DO
TO YOUR SYSTEM, EGO, WEEWEE, OR OTHERWISE ;~~~~~<
2c79cbe14ac7d0b8472d3f129fa1df55@hushmail.com
*/
#include <stdio.h>
FILE *cmail;
char p1[] = {0x00,0xd0};
char p2[] = {0xe9,0x16,0x82,0x04,0x00,0x90,0x90};
char p3[] = {0x81,0xc4,0x15,0x24,0x00,0x00,0xc6,0x04,0x24,0x00,0x81,0xec,0x15,0x24,0x00,0x00,
0x8d,0xbc,0x24,0x4d,0x23,0x00,0x00,0xe9,0xd0,0x7d,0xfb,0xff,0x90};
void main(){
printf("CMailServer 3.30 PATCH (May 20, 2002)\
n2c79cbe14ac7d0b8472d3f129fa1df55@hushmail.com\n\n");
cmail = fopen("CMailServer.exe", "rb+");
if(!cmail){printf("'CMailServer.exe' not found or write protected\n");return;}
fseek(cmail,0x1e8,0);
fwrite(&p1,sizeof(p1),1,cmail);
fseek(cmail,0x159f4,0);
fwrite(&p2,sizeof(p2),1,cmail);
fseek(cmail,0x5dc0f,0);
fwrite(&p3,sizeof(p3),1,cmail);
fclose(cmail);
printf("patch successful\n");
}
厂商补丁:
YoungZSoft
----------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.youngzsoft.com/tw/cmailserver/浏览次数:3204
严重程度:0(网友投票)