安全研究
安全漏洞
libesmtp read_smtp_response远程缓冲区溢出漏洞
发布日期:2003-04-03
更新日期:2003-04-10
受影响系统:
libesmtp libesmtp 0.8.9不受影响系统:
libesmtp libesmtp 0.8.10p1
libesmtp libesmtp 0.8.10
GNOME Balsa 1.1.7
- RedHat Linux 7.2
GNOME Balsa 1.2.4
- RedHat Linux 8.0
- RedHat Linux 7.3
GNOME Balsa 2.0.6
- RedHat Linux 9.0
libesmtp libesmtp 0.8.4
- RedHat Linux 7.3
- RedHat Linux 7.2
GNOME Balsa 2.0.10描述:
GNOME Balsa 1.4.3
GNOME Balsa 1.4
libesmtp libesmtp 1.0
libesmtp libesmtp 0.8.12
libesmtp libesmtp 0.8.11
BUGTRAQ ID: 7269
CVE(CAN) ID: CVE-2002-1090
libesmtp是一款SMTP库,balsa邮件客户端使用了这个库。
libesmtp对部分应答缺少正确缓冲区边界检查,远程攻击者可以利用这个漏洞通过构建超长服务器应答对使用libesmtp库的应用程序进行拒绝服务或执行任意指令攻击。
目前没有详细漏洞细节。
<*来源:Red Hat Security Advisory
链接:https://www.redhat.com/support/errata/RHSA-2003-109.html
*>
建议:
厂商补丁:
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2003:109-03)以及相应补丁:
RHSA-2003:109-03:Updated balsa and mutt packages fix vulnerabilities
链接:https://www.redhat.com/support/errata/RHSA-2003-109.html
补丁下载:
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/balsa-1.2.4-7.7.2.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/libesmtp-0.8.12-0.7.x.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/balsa-1.2.4-7.7.2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/libesmtp-0.8.12-0.7.x.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/libesmtp-devel-0.8.12-0.7.x.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/balsa-1.2.4-7.7.2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/libesmtp-0.8.12-0.7.x.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/libesmtp-devel-0.8.12-0.7.x.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/balsa-1.2.4-7.7.3.src.rpm
ftp://updates.redhat.com/7.3/en/os/SRPMS/libesmtp-0.8.12-0.7.x.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/balsa-1.2.4-7.7.3.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/libesmtp-0.8.12-0.7.x.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/libesmtp-devel-0.8.12-0.7.x.i386.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/mutt-1.4.1-0.8.x.src.rpm
ftp://updates.redhat.com/8.0/en/os/SRPMS/balsa-1.2.4-8.src.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/mutt-1.4.1-0.8.x.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/balsa-1.2.4-8.i386.rpm
Red Hat Linux 9:
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/mutt-1.4.1-1.src.rpm
ftp://updates.redhat.com/9/en/os/SRPMS/balsa-2.0.6-2.src.rpm
i386:
ftp://updates.redhat.com/9/en/os/i386/mutt-1.4.1-1.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/balsa-2.0.6-2.i386.rpm
可使用下列命令安装补丁:
rpm -Fvh [文件名]
浏览次数:4053
严重程度:0(网友投票)
绿盟科技给您安全的保障