首页 -> 安全研究

安全研究

安全漏洞
Libnids TCP包重组内存破坏漏洞

发布日期:2003-10-15
更新日期:2003-11-05

受影响系统:
Dug Song dsniff 2.3
Rafal Wojtczuk Libnids 1.17
Rafal Wojtczuk Libnids 1.14
Rafal Wojtczuk Libnids 1.13
Rafal Wojtczuk Libnids 1.12
Rafal Wojtczuk Libnids 1.11
Rafal Wojtczuk Libnids 1.16
    - Conectiva Linux 9.0
    - Conectiva Linux 8.0
    - Conectiva Linux 7.0
不受影响系统:
Rafal Wojtczuk Libnids 1.18
描述:
BUGTRAQ  ID: 8905
CVE(CAN) ID: CVE-2003-0850

Libnids是一款NIDS功能实现库。

Libnids在处理TCP重组的时候缺少正确的缓冲区边界检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击。

Libnids提供IP分片,TCP流重组和端口扫描检测等功能,Libnids在处理过大的TCP包时存在问题,可导致发送恶意TCP包使使用Libnids TCP包重组功能的应用程序崩溃,精心提供恶意数据可能以应用程序进程在系统上执行任意指令。

<*来源:Robert Watson (rwatson@FreeBSD.org
  
  链接:http://marc.theaimsgroup.com/?l=bugtraq&m=106728224210446&w=2
        http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000773
*>

建议:
厂商补丁:

Conectiva
---------
Conectiva已经为此发布了一个安全公告(CLA-2003:773)以及相应补丁:
CLA-2003:773:libnids
链接:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000773

补丁下载:

Conectiva Upgrade libnids-1.18-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libnids-1.18-1U70_1cl.i386.rpm

Conectiva Upgrade libnids-devel-1.18-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libnids-devel-1.18-1U70_1cl.i386.rpm

Conectiva Upgrade libnids-devel-static-1.18-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/libnids-devel-static-1.18-1U70_1cl.i386.rpm

Conectiva Upgrade libnids-1.18-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libnids-1.18-1U80_1cl.i386.rpm

Conectiva Upgrade libnids-devel-1.18-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libnids-devel-1.18-1U80_1cl.i386.rpm

Conectiva Upgrade libnids-devel-static-1.18-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/libnids-devel-static-1.18-1U80_1cl.i386.rpm

Conectiva Upgrade libnids-1.18-8448U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libnids-1.18-8448U90_1cl.i386.rpm

Conectiva Upgrade libnids-devel-1.18-8448U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libnids-devel-1.18-8448U90_1cl.i386.rpm

Conectiva Upgrade libnids-devel-static-1.18-8448U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/libnids-devel-static-1.18-8448U90_1cl.i386.rpm

Dug Song dsniff 2.3:

Conectiva Upgrade dsniff-2.3-4U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/dsniff-2.3-4U70_1cl.i386.rpm

Conectiva Upgrade dsniff-2.3-7U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/dsniff-2.3-7U80_1cl.i386.rpm

Conectiva Upgrade dsniff-webspy-2.3-7U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/dsniff-webspy-2.3-7U80_1cl.i386.rpm

Conectiva Upgrade dsniff-2.3-24591U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/dsniff-2.3-24591U90_1cl.i386.rpm

Conectiva Upgrade dsniff-webspy-2.3-24591U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/dsniff-webspy-2.3-24591U90_1cl.i386.rpm

Rafal Wojtczuk
--------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

Rafal Wojtczuk Upgrade Libnids 1.18
https://sourceforge.net/project/showfiles.php?group_id=92215

浏览次数:3259
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客