首页 -> 安全研究
安全研究
安全漏洞
XDMCP GDM存在多个未明远程拒绝服务攻击漏洞
发布日期:2003-08-21
更新日期:2003-08-27
受影响系统:
Martin K. Peterson gdm 2.4.1.5描述:
Martin K. Peterson gdm 2.4.1.4
Martin K. Peterson gdm 2.4.1.3
Martin K. Peterson gdm 2.4.1.2
Martin K. Peterson gdm 2.4.1.1
Martin K. Peterson gdm 2.4.1
Martin K. Peterson gdm 2.2.0
Martin K. Peterson gdm 2.4.1.6
- Mandrake Linux 9.0
- RedHat Linux 9.0
BUGTRAQ ID: 8470
GDM是一款X下的GNOME显示管理器。XDMCP是X显示管理控制协议。
当XDMCP结合GDM使用时存在未明漏洞,远程攻击者可以利用这些漏洞使GDM守护进程产生拒绝服务。
目前没有详细漏洞细节提供。
<*来源:Red Hat Security Advisory
链接:https://www.redhat.com/support/errata/RHSA-2003-258.html
http://www.linux-mandrake.com/en/security/2003/2003-085.php
*>
建议:
厂商补丁:
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2003:085)以及相应补丁:
MDKSA-2003:085:Updated gdm packages fix vulnerabilities
链接:http://www.linux-mandrake.com/en/security/2003/2003-085.php
补丁下载:
Updated Packages:
Corporate Server 2.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/gdm-2.4.1.6-0.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/gdm-Xnest-2.4.1.6-0.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/gdm-2.4.1.6-0.2mdk.src.rpm
Corporate Server 2.1/x86_64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/gdm-2.4.1.6-0.2mdk.x86_64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/gdm-Xnest-2.4.1.6-0.2mdk.x86_64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/SRPMS/gdm-2.4.1.6-0.2mdk.src.rpm
Mandrake Linux 9.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/gdm-2.4.1.6-0.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/gdm-Xnest-2.4.1.6-0.2mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/SRPMS/gdm-2.4.1.6-0.2mdk.src.rpm
Mandrake Linux 9.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/gdm-2.4.1.6-0.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/gdm-Xnest-2.4.1.6-0.3mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/gdm-2.4.1.6-0.3mdk.src.rpm
Mandrake Linux 9.1/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/gdm-2.4.1.6-0.3mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/gdm-Xnest-2.4.1.6-0.3mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/SRPMS/gdm-2.4.1.6-0.3mdk.src.rpm
上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2003:258-01)以及相应补丁:
RHSA-2003:258-01:GDM allows local user to read any file.
链接:https://www.redhat.com/support/errata/RHSA-2003-258.html
补丁下载:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/gdm-2.0beta2-46.src.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/gdm-2.0beta2-46.i386.rpm
Red Hat Linux 7.1 for iSeries (64 bit):
SRPMS:
ftp://updates.redhat.com/7.1/en/os/iSeries/SRPMS/gdm-2.0beta2-46.src.rpm
ppc:
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/gdm-2.0beta2-46.ppc.rpm
Red Hat Linux 7.1 for pSeries (64 bit):
SRPMS:
ftp://updates.redhat.com/7.1/en/os/pSeries/SRPMS/gdm-2.0beta2-46.src.rpm
ppc:
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/gdm-2.0beta2-46.ppc.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/gdm-2.2.3.1-21.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/gdm-2.2.3.1-21.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/gdm-2.2.3.1-21.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/gdm-2.2.3.1-23.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/gdm-2.2.3.1-23.i386.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/gdm-2.4.0.7-14.src.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/gdm-2.4.0.7-14.i386.rpm
Red Hat Linux 9:
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/gdm-2.4.1.3-5.1.src.rpm
i386:
ftp://updates.redhat.com/9/en/os/i386/gdm-2.4.1.3-5.1.i386.rpm
浏览次数:3182
严重程度:0(网友投票)
绿盟科技给您安全的保障