安全研究
安全漏洞
CVS远程非法目录请求导致堆破坏漏洞
发布日期:2003-01-20
更新日期:2003-01-24
受影响系统:
CVS CVS 1.11.4不受影响系统:
CVS CVS 1.11.3
CVS CVS 1.11.2
CVS CVS 1.11.1p1
CVS CVS 1.11.5描述:
BUGTRAQ ID: 6650
CVE(CAN) ID: CVE-2003-0015
Concurrent Versions System (CVS)是一款开放源代码的版本控制软件。
CVS的服务代码在处理目录请求时存在缺陷,远程攻击者可以利用这个漏洞进行基于堆破坏的攻击,可能以CVS进程权限在系统上执行任意指令。
当攻击者发送畸形目录名给CVS的时会触发错误条件,使得函数释放了某个缓冲区后并没有分配新的缓冲区。这在下一个目录请求时会发生典型的double-free()问题。
通过其他CVS请求的帮助,可以泄露部分信息用于判断堆的位置或以其他已知漏洞在系统上执行任意代码。
<*来源:Stefan Esser (s.esser@ematters.de)
链接:http://lists.netsys.com/pipermail/full-disclosure/2003-January/003606.html
http://marc.theaimsgroup.com/?l=bugtraq&m=104428571204468&w=2
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:01.cvs.asc
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-006.0.txt
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000561
http://www.cert.org/advisories/CA-2003-02.html
http://www.debian.org/security/2003/dsa-233
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 采用Stefan Esser(s.esser@e-matters.de)第三方补丁在配置文件中关闭Update-prog和Checkin-prog:
http://security.e-matters.de/patches/cvs_disablexprog.diff
* 使用chrooted over SSH运行方式来代替普通的:pserver:模式在运行CVS服务:
http://www.netsys.com/library/papers/chrooted-ssh-cvs-server.txt
厂商补丁:
CVS
---
http://www.debian.org/security/2003/dsa-233
Debian
------
Debian已经为此发布了一个安全公告(DSA-233-1)以及相应补丁:
DSA-233-1:New cvs packages fix arbitrary code execution
链接:http://www.debian.org/security/2002/dsa-233
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2.dsc
Size/MD5 checksum: 582 5c3493da60574f2d207376ffc8023964
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2.diff.gz
Size/MD5 checksum: 35717 76d1e80427b67945e2b10c4bd449b1b7
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7.orig.tar.gz
Size/MD5 checksum: 2312181 614e72d2a6dff40f3f5bec2e9be270f2
Architecture independent components:
http://security.debian.org/pool/updates/main/c/cvs/cvs-doc_1.10.7-9.2_all.deb
Size/MD5 checksum: 875428 d7a1b05fc60c8524077b41abef40be82
Alpha architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_alpha.deb
Size/MD5 checksum: 559820 6d27ca86cf46ffdec1ff9ca0710c74d2
ARM architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_arm.deb
Size/MD5 checksum: 474478 93283c96da77a7c2906576632ff1f666
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_i386.deb
Size/MD5 checksum: 455974 32924918a5a027f287c1fff64139aa98
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_m68k.deb
Size/MD5 checksum: 434776 df8c02b15a87bec5658d88e913bb0617
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_powerpc.deb
Size/MD5 checksum: 484070 78114da539eb4db94d5be1b77e6f1145
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_sparc.deb
Size/MD5 checksum: 476174 159dc8aefaffe14e4188efc9efae1b1a
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1.dsc
Size/MD5 checksum: 687 3bd481f023c7d48ebf940f18f7c33676
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1.diff.gz
Size/MD5 checksum: 46985 f82269f5699a64b3c8a1836f4307d5b1
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
Size/MD5 checksum: 2621658 500965ab9702b31605f8c58aa21a6205
Alpha architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_alpha.deb
Size/MD5 checksum: 1177920 eed3c107f8156965a2648ff6bc57ea1a
ARM architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_arm.deb
Size/MD5 checksum: 1104340 6d55d5b6013029726f33d27f756e8232
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_i386.deb
Size/MD5 checksum: 1085010 db4c58e92bfdc56730c14df95ba8fab8
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_ia64.deb
Size/MD5 checksum: 1269590 4cea089453af0476f3c304a9c0055092
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_hppa.deb
Size/MD5 checksum: 1146366 157380627dc8e7e8c0cc3d6510bb8c85
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_m68k.deb
Size/MD5 checksum: 1064640 c31eb6a3f549f1e3f88ce334895e5e28
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_mips.deb
Size/MD5 checksum: 1128826 73112b82d7c2a1bb36bee6f172809e00
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_mipsel.deb
Size/MD5 checksum: 1130112 f358566006b1ee33a1872c9e485e1ce1
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_powerpc.deb
Size/MD5 checksum: 1115310 9cce0571143b2bdf118b7e215d6aaa5e
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_s390.deb
Size/MD5 checksum: 1096250 74df925521a9fb91bc9dfef9dce15e1a
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_sparc.deb
Size/MD5 checksum: 1106098 d69a55f754484761aebc67a723b81aa6
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
浏览次数:3284
严重程度:0(网友投票)
绿盟科技给您安全的保障