首页 -> 安全研究
安全研究
安全漏洞
Mandrake Linux打印驱动escputil缓冲区溢出漏洞
发布日期:2003-01-21
更新日期:2003-01-24
受影响系统:
MandrakeSoft escputil描述:
- Mandrake Linux 9.0
CVE(CAN) ID: CVE-2003-0035
Mandrake Linux默认安装包含打印机驱动程序包,一般包括mtink、escputil、ml85p三个二进制程序。
escputil在处理打印机名参数时缺少正确的缓冲区边界检查,本地攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以'sys'组权限在系统上执行任意指令。
escputil是清理和对齐Epson针式打印机头的工具。默认情况下escputil 以'sys'组安装,其中在解析打印机名命令行参数时不正确,提交精心构建的打印机名数据可能以'sys'组权限在系统上执行任意指令。
<*来源:iDEFENSE Labs (labs@idefense.com)
链接:http://www.idefense.com/advisory/01.21.03.txt
http://www.linux-mandrake.com/en/security/2003/2003-010.php
*>
建议:
厂商补丁:
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2003:010)以及相应补丁:
MDKSA-2003:010:Updated printer-drivers packages fix local vulnerabilities
链接:http://www.linux-mandrake.com/en/security/2003/2003-010.php
补丁下载:
Updated Packages:
Mandrake Linux 8.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/ghostscript-5.50-67.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/ghostscript-module-SVGALIB-5.50-67.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/ghostscript-module-X-5.50-67.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/RPMS/ghostscript-utils-5.50-67.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.0/SRPMS/ghostscript-5.50-67.1mdk.src.rpm
Mandrake Linux 8.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/cups-drivers-1.1-15.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/foomatic-1.1-0.20010923.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/ghostscript-6.51-24.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/ghostscript-module-SVGALIB-6.51-24.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/ghostscript-module-X-6.51-24.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/libgimpprint1-4.1.99-16.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/libgimpprint1-devel-4.1.99-16.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/omni-0.4-11.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/printer-filters-1.0-15.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/printer-testpages-1.0-15.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/RPMS/printer-utils-1.0-15.1mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.1/SRPMS/printer-drivers-1.0-15.1mdk.src.rpm
Mandrake Linux 8.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/cups-drivers-1.1-48.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/foomatic-1.1-0.20020323mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/ghostscript-6.53-13.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/ghostscript-module-SVGALIB-6.53-13.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/ghostscript-module-X-6.53-13.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/gimpprint-4.2.1-0.pre5.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/libgimpprint1-4.2.1-0.pre5.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/libgimpprint1-devel-4.2.1-0.pre5.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/omni-0.6.0-2.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/printer-filters-1.0-48.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/printer-testpages-1.0-48.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/RPMS/printer-utils-1.0-48.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/8.2/SRPMS/printer-drivers-1.0-48.2mdk.src.rpm
Mandrake Linux 9.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/cups-drivers-1.1-84.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/foomatic-2.0.2-20021220.2.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/ghostscript-7.05-33.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/ghostscript-module-X-7.05-33.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/gimpprint-4.2.5-0.2.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/libgimpprint1-4.2.5-0.2.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/libgimpprint1-devel-4.2.5-0.2.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/libijs0-0.34-24.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/libijs0-devel-0.34-24.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/omni-0.7.1-11.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/printer-filters-1.0-84.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/printer-testpages-1.0-84.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/printer-utils-1.0-84.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/SRPMS/printer-drivers-1.0-84.2mdk.src.rpm
上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php
浏览次数:2852
严重程度:0(网友投票)
绿盟科技给您安全的保障