安全研究
安全漏洞
lftp Try_Squid_Eplf远程缓冲区溢出漏洞
发布日期:2003-12-12
更新日期:2003-12-25
受影响系统:
Alexander V. Lukyanov lftp 2.6.9不受影响系统:
Alexander V. Lukyanov lftp 2.6.8
Alexander V. Lukyanov lftp 2.6.7
Alexander V. Lukyanov lftp 2.6.6
Alexander V. Lukyanov lftp 2.6.5
Alexander V. Lukyanov lftp 2.6.4
Alexander V. Lukyanov lftp 2.6.3
Alexander V. Lukyanov lftp 2.6.0
Alexander V. Lukyanov lftp 2.5.2
Alexander V. Lukyanov lftp 2.3
Alexander V. Lukyanov lftp 2.4.9
- Mandrake Linux 8.2
- RedHat Linux 7.3
- RedHat Linux 7.2
Alexander V. Lukyanov lftp 2.6.10描述:
BUGTRAQ ID: 9212
CVE(CAN) ID: CVE-2003-0963
lftp是一款支持多平台,支持多模式(ftp、ftps、http、https、hftp等)的基于命令行FTP客户端。
lftp在接收到从远程HTTP服务器返回的内容时不正确处理部分目录信息,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以lftp进程权限在系统上执行任意指令。
问题存在于src/HttpDir.cc文件中的try_squid_eplf()函数中,由于lftp在使用HTTP或者HTTPS进行WEB服务器连接,并使用lftp的"ls"或"rels"命令对特殊目录进行浏览时,调用的sscanf()函数对数据输入处理缺少充分的边界缓冲区检查,精心构建目录数据,可导致触发缓冲区溢出,精心构建提交数据可能以lftp进程权限在系统上执行任意指令。
<*来源:Ulf Harnhammar (ulfh@update.uu.se)
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0070.html
https://www.redhat.com/support/errata/RHSA-2003-403.html
http://www.linux-mandrake.com/en/security/2003/2003-116.php
*>
建议:
厂商补丁:
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2003:116)以及相应补丁:
MDKSA-2003:116:Updated lftp packages fix buffer overflow vulnerability
链接:http://www.linux-mandrake.com/en/security/2003/2003-116.php
补丁下载:
Updated Packages:
Corporate Server 2.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/lftp-2.6.0-1.1.C21mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/lftp-2.6.0-1.1.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/RPMS/lftp-2.6.0-1.1.C21mdk.x86_64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/corporate/2.1/SRPMS/lftp-2.6.0-1.1.C21mdk.src.rpm
Mandrake Linux 9.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/RPMS/lftp-2.6.0-1.1.90mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.0/SRPMS/lftp-2.6.0-1.1.90mdk.src.rpm
Mandrake Linux 9.1:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/lftp-2.6.4-2.1.91mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/lftp-2.6.4-2.1.91mdk.src.rpm
Mandrake Linux 9.1/PPC:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/lftp-2.6.4-2.1.91mdk.ppc.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/SRPMS/lftp-2.6.4-2.1.91mdk.src.rpm
Mandrake Linux 9.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/lftp-2.6.6-2.1.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/SRPMS/lftp-2.6.6-2.1.92mdk.src.rpm
Mandrake Linux 9.2/AMD64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lftp-2.6.6-2.1.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/SRPMS/lftp-2.6.6-2.1.92mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2003:403-01)以及相应补丁:
RHSA-2003:403-01:Updated lftp packages fix security vulnerability
链接:https://www.redhat.com/support/errata/RHSA-2003-403.html
补丁下载:
Alexander V. Lukyanov lftp 2.4.9:
RedHat Patch lftp-2.4.9-2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/lftp-2.4.9-2.i386.rpm
RedHat Patch lftp-2.4.9-2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/lftp-2.4.9-2.ia64.rpm
RedHat Patch lftp-2.4.9-2.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/lftp-2.4.9-2.i386.rpm
Alexander V. Lukyanov lftp 2.5.2:
RedHat Patch lftp-2.5.2-6.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/lftp-2.5.2-6.i386.rpm
Alexander V. Lukyanov lftp 2.6.3:
RedHat Patch lftp-2.6.3-4.i386.rpm
ftp://updates.redhat.com/9/en/os/i386/lftp-2.6.3-4.i386.rpm
Alexander V. Lukyanov lftp 2.6.5:
Fedora Upgrade lftp-2.6.10-1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386/lftp-2.6.10-1.i386.rpm
Fedora Upgrade lftp-debuginfo-2.6.10-1.i386.rpm
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/i386/debug/lftp-debuginfo-2.6.10-1.i386.rpm
Alexander V. Lukyanov
---------------------
lftp 2.6.10已经修正此漏洞:
http://lftp.yar.ru/get.html
另外2.6.9版本的补丁也可以从如下地址获得:
http://labben.abm.uu.se/~ulha9485/lftp-advisory-data.tar.gz
浏览次数:4403
严重程度:0(网友投票)
绿盟科技给您安全的保障