首页 -> 安全研究

安全研究

安全漏洞
Typespeed本地缓冲区溢出漏洞

发布日期:2002-12-31
更新日期:2002-12-31

受影响系统:
Typespeed Typespeed 0.4.1
Typespeed Typespeed 0.4
不受影响系统:
Typespeed Typespeed 0.4.2
描述:
BUGTRAQ  ID: 6485
CVE(CAN) ID: CVE-2002-1389

typespeed是一个Linux下测试打字速度的小游戏程序。

typespeed实现上存在缓冲区溢出漏洞,本地攻击者可能通过溢出攻击提升自己在系统中的权限。

如果攻击成功,攻击者可以得到game组权限。

<*来源:Debian Security Advisory
  
  链接:http://www.debian.org/security/2002/dsa-217
*>

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-217-1)以及相应补丁:
DSA-217-1:New typespeed packages fix buffer overflow
链接:http://www.debian.org/security/2002/dsa-217

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1.dsc
Size/MD5 checksum:      575 f6226194d5fc98835987d752904f7149
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1.diff.gz
Size/MD5 checksum:     6763 deefebffe7313476dff4d1b076c46cd7
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0.orig.tar.gz
Size/MD5 checksum:    33037 587b3ca15b32142d24bd452881c64dd1

Alpha architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1_alpha.deb
Size/MD5 checksum:    40752 2fdb1f039ddb6fa746e785744632590f

ARM architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1_arm.deb
Size/MD5 checksum:    34716 ae61105ff80f44f49ea6a92b48cce71e

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1_i386.deb
Size/MD5 checksum:    34326 b5bc6881676b8a102afcad03de4c4eb7

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1_m68k.deb
Size/MD5 checksum:    33486 2b6d7bac7d6f582b77a61683d7afb437

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1_powerpc.deb
Size/MD5 checksum:    37004 7ef642e4f567077c7eda5094359f6d8d

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.0-5.1_sparc.deb
Size/MD5 checksum:    39132 521d46c4ffcb2315674388756bae0a5a


Debian GNU/Linux 3.0 alias woody
- --------------------------------

Source archives:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1.dsc
Size/MD5 checksum:      575 fb28aec0af0ad71d5f3c424359082a32
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1.diff.gz
Size/MD5 checksum:     8136 ccafdd4e0cf004587395ef4a72484efd
http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1.orig.tar.gz
Size/MD5 checksum:    35492 0af9809cd20bd9010732ced930090f32

Alpha architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_alpha.deb
Size/MD5 checksum:    44336 83b3ed65a67602831d5dc089f53bcfc5

ARM architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_arm.deb
Size/MD5 checksum:    39016 eb929720e523608b0e74876c28505a86

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_i386.deb
Size/MD5 checksum:    38708 03594d270467f1e603deb4a710cf1c54

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_ia64.deb
Size/MD5 checksum:    49902 c21eb5bcefee5e06c2d3172675f1dd1f

HP Precision architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_hppa.deb
Size/MD5 checksum:    41824 f8366e40e1a202bc517c53f5c4318ff0

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_m68k.deb
Size/MD5 checksum:    37398 97cc30fc64831b29fa381525be5efdd5

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_mips.deb
Size/MD5 checksum:    41050 32977331dc2e7abc553bcce803a6f91c

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_mipsel.deb
Size/MD5 checksum:    41078 5d24a3e5e23743e83c2b1e94b8e30efa

PowerPC architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_powerpc.deb
Size/MD5 checksum:    41172 9d35eb25d585f47dcddc85bc8282ca4d

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_s390.deb
Size/MD5 checksum:    38628 13452b96ee560a05b3d17f71ad194f5f

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/t/typespeed/typespeed_0.4.1-2.1_sparc.deb
Size/MD5 checksum:    42972 0ac49283d67f331bae77b6c52cf2d521

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

浏览次数:2989
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客