安全研究

安全漏洞
libesmtp read_smtp_response远程缓冲区溢出漏洞

发布日期:2003-04-03
更新日期:2003-04-10

受影响系统:
libesmtp libesmtp 0.8.9
libesmtp libesmtp 0.8.10p1
libesmtp libesmtp 0.8.10
GNOME Balsa 1.1.7
    - RedHat Linux 7.2
GNOME Balsa 1.2.4
    - RedHat Linux 8.0
    - RedHat Linux 7.3
GNOME Balsa 2.0.6
    - RedHat Linux 9.0
libesmtp libesmtp 0.8.4
    - RedHat Linux 7.3
    - RedHat Linux 7.2
不受影响系统:
GNOME Balsa 2.0.10
GNOME Balsa 1.4.3
GNOME Balsa 1.4
libesmtp libesmtp 1.0
libesmtp libesmtp 0.8.12
libesmtp libesmtp 0.8.11
描述:
BUGTRAQ  ID: 7269
CVE(CAN) ID: CVE-2002-1090

libesmtp是一款SMTP库,balsa邮件客户端使用了这个库。

libesmtp对部分应答缺少正确缓冲区边界检查,远程攻击者可以利用这个漏洞通过构建超长服务器应答对使用libesmtp库的应用程序进行拒绝服务或执行任意指令攻击。

目前没有详细漏洞细节。

<*来源:Red Hat Security Advisory
  
  链接:https://www.redhat.com/support/errata/RHSA-2003-109.html
*>

建议:
厂商补丁:

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2003:109-03)以及相应补丁:
RHSA-2003:109-03:Updated balsa and mutt packages fix vulnerabilities
链接:https://www.redhat.com/support/errata/RHSA-2003-109.html

补丁下载:

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/balsa-1.2.4-7.7.2.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/libesmtp-0.8.12-0.7.x.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/balsa-1.2.4-7.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/libesmtp-0.8.12-0.7.x.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/libesmtp-devel-0.8.12-0.7.x.i386.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/balsa-1.2.4-7.7.2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/libesmtp-0.8.12-0.7.x.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/libesmtp-devel-0.8.12-0.7.x.ia64.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/balsa-1.2.4-7.7.3.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/libesmtp-0.8.12-0.7.x.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/balsa-1.2.4-7.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/libesmtp-0.8.12-0.7.x.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/libesmtp-devel-0.8.12-0.7.x.i386.rpm

Red Hat Linux 8.0:

SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/mutt-1.4.1-0.8.x.src.rpm
ftp://updates.redhat.com/8.0/en/os/SRPMS/balsa-1.2.4-8.src.rpm

i386:
ftp://updates.redhat.com/8.0/en/os/i386/mutt-1.4.1-0.8.x.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/balsa-1.2.4-8.i386.rpm

Red Hat Linux 9:

SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/mutt-1.4.1-1.src.rpm
ftp://updates.redhat.com/9/en/os/SRPMS/balsa-2.0.6-2.src.rpm

i386:
ftp://updates.redhat.com/9/en/os/i386/mutt-1.4.1-1.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/balsa-2.0.6-2.i386.rpm

可使用下列命令安装补丁:

rpm -Fvh [文件名]

浏览次数:4053
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障