安全研究
安全漏洞
Pine rfc2231_get_param()远程整数溢出漏洞
发布日期:2003-09-10
更新日期:2003-09-18
受影响系统:
University of Washington Pine 4.56不受影响系统:
University of Washington Pine 4.53
University of Washington Pine 4.52
University of Washington Pine 4.44
University of Washington Pine 4.30
University of Washington Pine 4.21
University of Washington Pine 4.20
University of Washington Pine 4.10
University of Washington Pine 4.0.4
University of Washington Pine 4.0.2
University of Washington Pine 3.98
University of Washington Pine 4.33
- Conectiva Linux 7.0
- Conectiva Linux 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- FreeBSD 4.4
- FreeBSD 4.3
- FreeBSD 4.2
- RedHat Linux 7.1
- Slackware Linux 7.1
- Slackware Linux 7.0
- SuSE Linux 7.3
- SuSE Linux 7.2
- SuSE Linux 7.1
University of Washington Pine 4.58描述:
BUGTRAQ ID: 8589
CVE(CAN) ID: CVE-2003-0721
Pine是一款开放源代码的EMAIL客户端。
Pine包含的rfc2231_get_param()函数存在整数溢出问题,远程攻击者可以利用这个漏洞构建恶意邮件,诱使用户访问,以用户进程权限在系统上执行任意指令。
问题存在于strings.c文件中的rfc2231_get_param()函数,其中声明了64字节大小的字符数组:
#define RFC2231_MAX 64
...
char *pieces[RFC2231_MAX];
and indexed by the signed integer variable 'n':
if(n < RFC2231_MAX){
pieces[n] = parms->value;
变量'n'可由攻击者控制,并且可以设置成负值绕过安全检查,通过存储汇编代码在parms->value结构中并覆盖64字节数组,就可能覆盖堆栈中的指令指针,以用户权限在系统上执行任意指令。
<*来源:iDEFENSE Security Advisory (labs@idefense.com)
链接:http://www.idefense.com/advisory/09.10.03.txt
https://www.redhat.com/support/errata/RHSA-2003-273.html
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000738
*>
建议:
厂商补丁:
Conectiva
---------
Conectiva已经为此发布了一个安全公告(CLA-2003:738)以及相应补丁:
CLA-2003:738:pine
链接:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000738
补丁下载:
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/pine-4.50L-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/pine-4.50L-1U70_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/pine-4.50L-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/pine-4.50L-1U80_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/pine-4.53L-22751U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/pine-4.53L-22751U90_1cl.src.rpm
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2003:273-01)以及相应补丁:
RHSA-2003:273-01:Updated pine packages fix vulnerabilities
链接:https://www.redhat.com/support/errata/RHSA-2003-273.html
补丁下载:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/pine-4.44-19.71.0.src.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/pine-4.44-19.71.0.i386.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/pine-4.44-19.72.0.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/pine-4.44-19.72.0.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/pine-4.44-19.72.0.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/pine-4.44-19.73.0.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/pine-4.44-19.73.0.i386.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/pine-4.44-19.80.0.src.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/pine-4.44-19.80.0.i386.rpm
Red Hat Linux 9:
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/pine-4.44-19.90.0.src.rpm
i386:
ftp://updates.redhat.com/9/en/os/i386/pine-4.44-19.90.0.i386.rpm
S.u.S.E.
--------
S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2003:037)以及相应补丁:
SuSE-SA:2003:037:pine
链接:
补丁下载:
Intel i386 Platform:
SuSE-8.2:
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/pine-4.53-109.i586.rpm
c3d94808af56ac9fcc77bec85733bc47
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/pine-4.53-109.i586.patch.rpm
fff680da5c283d2d50a44419976881a8
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/pine-4.53-109.src.rpm
327935d468b4cd7794dde00168a901c3
SuSE-8.1:
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/pine-4.44-283.i586.rpm
63bc3f723537b18a274404c9b30ea784
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/pine-4.44-283.i586.patch.rpm
1d4711753488a274c8cf168b24c91acf
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/src/pine-4.44-283.src.rpm
9617c79c854c2b800df476aa515ae351
SuSE-8.0:
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/pine-4.44-281.i386.rpm
edea9fbbf85a9f922d2b2aa8bf4a14e8
patch rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/n1/pine-4.44-281.i386.patch.rpm
18c95a919fb8767f3cff10218ce6c08c
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/8.0/zq1/pine-4.44-281.src.rpm
6bf6b39feed23892faceaa78fd13b751
SuSE-7.3:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n1/pine-4.33-280.i386.rpm
65d24983aa99d276e75ccd557eee557b
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/pine-4.33-280.src.rpm
b0ecee1170d1fdec3b22e98d0941071a
SuSE-7.2:
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n1/pine-4.33-279.i386.rpm
574ae6efcf81a53a26d5d19b763f96ab
source rpm(s):
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/pine-4.33-279.src.rpm
14fbade46db5dbc9c9893cf507d57e4a
Sparc Platform:
SuSE-7.3:
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n1/pine-4.33-101.sparc.rpm
4e90502bfc4ca5b49c20f8a10cb9d473
source rpm(s):
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/pine-4.33-101.src.rpm
c600432ad453999aa329b836490842df
PPC Power PC Platform:
SuSE-7.3:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n1/pine-4.33-153.ppc.rpm
0c4323f70d9cc8b95d35f4356351990c
source rpm(s):
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/pine-4.33-153.src.rpm
6f6987ad3110ff3bf0bd5edb08ee935a
University of Washington
------------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载使用PINE 4.58版本:
http://www.washington.edu/pine/getpine/
浏览次数:3806
严重程度:0(网友投票)
绿盟科技给您安全的保障