首页 -> 安全研究
安全研究
安全漏洞
WindowMaker图象处理缓冲区溢出漏洞
发布日期:2002-11-18
更新日期:2002-11-25
受影响系统:
Windowmaker Windowmaker 0.65.1描述:
Windowmaker Windowmaker 0.65
Windowmaker Windowmaker 0.64
Windowmaker Windowmaker 0.63.1
Windowmaker Windowmaker 0.63
Windowmaker Windowmaker 0.62
Windowmaker Windowmaker 0.61.1
Windowmaker Windowmaker 0.61
Windowmaker Windowmaker 0.53
Windowmaker Windowmaker 0.52-2
Windowmaker Windowmaker 0.20.1-3
Windowmaker Windowmaker 0.80
- Conectiva Linux 8.0
- Debian Linux 3.0 68k
- Debian Linux 3.0 i386
- Debian Linux 3.0 sparc
- Debian Linux 3.0 alpha
- Debian Linux 3.0 IA-32
- Debian Linux 3.0 arm
- Debian Linux 3.0 powerpc
BUGTRAQ ID: 6119
CVE(CAN) ID: CVE-2002-1277
Window Maker是一款流行的桌面管理程序。
Window Maker在装载图象时使用的一个函数存在问题,远程攻击者可以利用这个漏洞构建恶意图象并诱使用户设置为背景图象而触发缓冲区溢出。
Window Maker当建立图象时会对图象长和宽相乘操作来分配缓冲区,但没有对其进行边界缓冲区检查,提供超大的图象长宽值可导致缓冲区溢出,可能以Window Maker进程权限在系统上执行任意指令。
<*来源:Al Viro
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548
http://www.debian.org/security/2002/dsa-190
*>
建议:
厂商补丁:
Conectiva
---------
Conectiva已经为此发布了一个安全公告(CLA-2002:548)以及相应补丁:
CLA-2002:548:windowmaker
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548
补丁下载:
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/WindowMaker-0.62.1-13U60_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/WindowMaker-0.62.1-13U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/WindowMaker-devel-0.62.1-13U60_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/WindowMaker-0.65.1-2U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-0.65.1-2U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-devel-0.65.1-2U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-devel-static-0.65.1-2U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-doc-0.65.1-2U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/WindowMaker-0.80.0-3U80_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-0.80.0-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-devel-0.80.0-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-devel-static-0.80.0-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-doc-0.80.0-3U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-2.2.0-13U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-devel-2.2.0-13U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-devel-static-2.2.0-13U80_1cl.i386.rpm
Conectiva Linux version 6.0及以上版本的用户可以使用apt进行RPM包的更新:
- 把以下的文本行加入到/etc/apt/sources.list文件中:
rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
(如果你不是使用6.0版本,用合适的版本号代替上面的6.0)
- 执行: apt-get update
- 更新以后,再执行: apt-get upgrade
Debian
------
Debian已经为此发布了一个安全公告(DSA-190-1)以及相应补丁:
DSA-190-1:buffer overflow in Window Maker
链接:http://www.debian.org/security/2002/dsa-190
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0.orig.tar.gz
Size/MD5 checksum: 2452207 0768a12edff35cba82e769fcbc8de430
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.diff.gz
Size/MD5 checksum: 323198 c1a49502d07e18044d2e1b579c7144fb
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.dsc
Size/MD5 checksum: 1463 81ac44a6b0ea1dedc49834f35e5bfb51
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_alpha.deb
Size/MD5 checksum: 2292278 015fa329febee7722ace1d233989c5b0
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_alpha.deb
Size/MD5 checksum: 448638 642310838f93352e6461ba73d28ad178
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_alpha.deb
Size/MD5 checksum: 124220 7614f26566c44ce413e5ca05e8f3e146
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_alpha.deb
Size/MD5 checksum: 60026 e74d2e084ac969d1ea7d349140d2721e
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_alpha.deb
Size/MD5 checksum: 108778 400114e0b4d35b37d573efee840e6e73
arm architecture (ARM)
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_arm.deb
Size/MD5 checksum: 340944 9d611e16b7b35ed5985f037a4f8f5635
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_arm.deb
Size/MD5 checksum: 107852 23a35885f237a23b733ef105438761aa
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_arm.deb
Size/MD5 checksum: 2068456 aa0f4630de38323faf835cf4f965b7fe
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_arm.deb
Size/MD5 checksum: 59220 e334af4dad5edcc5cd1c1ac4e8cbefeb
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_arm.deb
Size/MD5 checksum: 95684 3a468466a4223b14b8f3b43acab410de
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_hppa.deb
Size/MD5 checksum: 2189302 ef8befcc5bba64f0599f082569d56958
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_hppa.deb
Size/MD5 checksum: 117434 10303109fd46a2e3b0dc54e422d73bc8
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_hppa.deb
Size/MD5 checksum: 104508 e7d881619da171e82a796aede8d71dba
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_hppa.deb
Size/MD5 checksum: 59880 26a96fa9a6422861ec56f2207e40dd92
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_hppa.deb
Size/MD5 checksum: 395706 9ca65c6d9892555c3b169e9fe96af82b
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_i386.deb
Size/MD5 checksum: 58934 1e1ea0a1dbc7fbf0110aa729e98dd8ad
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_i386.deb
Size/MD5 checksum: 100986 982412044d618f6d93e8b60f48016329
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_i386.deb
Size/MD5 checksum: 2035984 0677927edc56824f2d38237c875ec76a
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_i386.deb
Size/MD5 checksum: 93466 c7ff10540e773703762acc2c4b69a338
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_i386.deb
Size/MD5 checksum: 305248 91159acc6ae18dbb5e53c3ac3cbfe765
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_ia64.deb
Size/MD5 checksum: 133780 08e0e30df9f399ade6f6c6774b03069c
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_ia64.deb
Size/MD5 checksum: 2557644 91951626efc89ffc244391bd1d11256e
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_ia64.deb
Size/MD5 checksum: 61228 bd1adfd645260243a4ba046f61045534
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_ia64.deb
Size/MD5 checksum: 122830 0d7b69562e8c700f5ee78a1fed0047ec
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_ia64.deb
Size/MD5 checksum: 494558 e41935522601cc2e90e39d7393c346c9
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_m68k.deb
Size/MD5 checksum: 91402 1165b0a8fadf4e457df9e2603b01b98f
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_m68k.deb
Size/MD5 checksum: 293348 f07a355b3bb9c861c85fa748031e4ece
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_m68k.deb
Size/MD5 checksum: 58924 20fed2a566ffc90e1153a2140aafa1b6
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_m68k.deb
Size/MD5 checksum: 97888 bec514f995c629145171f6002399b18f
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_m68k.deb
Size/MD5 checksum: 1977478 b502aacb81c5a368cd1b506168758357
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_mips.deb
Size/MD5 checksum: 386242 f74242056c3371b73040b2e4f0ede9a4
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_mips.deb
Size/MD5 checksum: 97494 1c3e38459edb247524ab8af00fbf46bd
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_mips.deb
Size/MD5 checksum: 2169890 d42c7f5bf61b2a4f7972b5f2daf3ccb2
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_mips.deb
Size/MD5 checksum: 113006 ec763a7c2f7122a8664ac316ec90a25b
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_mips.deb
Size/MD5 checksum: 59998 0b046f3d3dc66851eb06dce2b39eeeaf
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_powerpc.deb
Size/MD5 checksum: 110198 b048be171736c11d8460c5cb8bd70d9f
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_powerpc.deb
Size/MD5 checksum: 2080496 9bc6d5cd6dc38cf4d807b7f19806120f
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_powerpc.deb
Size/MD5 checksum: 59360 1bd0d211921282ce8b92b339b6a9c82f
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_powerpc.deb
Size/MD5 checksum: 349716 97360ccc35c0ac9381408ba11171e480
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_powerpc.deb
Size/MD5 checksum: 97058 45798aab8fd1548886971c9e1de8e986
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_s390.deb
Size/MD5 checksum: 2054012 ea1f2c7c787421b75350253dfc02d204
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
浏览次数:2989
严重程度:0(网友投票)
绿盟科技给您安全的保障