安全研究
安全漏洞
GNU Mailman畸形消息远程拒绝服务攻击漏洞
发布日期:2004-02-09
更新日期:2004-02-17
受影响系统:
GNU Mailman 2.1不受影响系统:
GNU Mailman 2.0beta5
GNU Mailman 2.0beta4
GNU Mailman 2.0beta3
GNU Mailman 2.0.9
GNU Mailman 2.0.8
GNU Mailman 2.0.8
GNU Mailman 2.0.7
GNU Mailman 2.0.7
GNU Mailman 2.0.6
GNU Mailman 2.0.6
GNU Mailman 2.0.4
GNU Mailman 2.0.3
GNU Mailman 2.0.3
GNU Mailman 2.0.2
GNU Mailman 2.0.2
GNU Mailman 2.0.13
GNU Mailman 2.0.12
GNU Mailman 2.0.11
GNU Mailman 2.0.10
GNU Mailman 2.0.1
GNU Mailman 2.0.1
GNU Mailman 2.0
GNU Mailman 1.1
GNU Mailman 1.0
GNU Mailman 2.0.5
- Conectiva Linux 7.0
- Conectiva Linux 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Debian Linux 3.0
- Debian Linux 2.2
- FreeBSD 4.3
- HP HP-UX 11.11
- HP HP-UX 11.0
- HP HP-UX 10.20
- Mandrake Linux 8.0
- Mandrake Linux 7.2
- Mandrake Linux 7.1
- NetBSD 1.5.2
- NetBSD 1.5.1
- OpenBSD 2.9
- OpenBSD 2.8
- OpenBSD 2.7
- RedHat Linux 7.1
- RedHat Linux 7.0
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
- Sun Solaris 8.0
- Sun Solaris 7.0
- Sun Solaris 2.6
- SuSE Linux 7.2
- SuSE Linux 7.1
- SuSE Linux 7.0
GNU Mailman 2.1.4描述:
GNU Mailman 2.1.3
GNU Mailman 2.1.1
GNU Mailman 2.1 b1
BUGTRAQ ID: 9620
CVE(CAN) ID: CVE-2003-0991
GNU Mailman是由Python开发的共享软件,利用它可以管理邮件列表。
GNU Mailman在处理部分畸形消息时存在问题,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
目前没有详细漏洞细节提供。
<*来源:Matthew Galgoci
链接:http://www.linux-mandrake.com/en/security/2004/2004-013.php
http://www.debian.org/security/2004/dsa-436
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-436-1)以及相应补丁:
DSA-436-1:New mailman packages fix several vulnerabilities
链接:http://www.debian.org/security/2002/dsa-436
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody7.dsc
Size/MD5 checksum: 595 c065353b3cc8462611f585c6eb5ccc43
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody7.diff.gz
Size/MD5 checksum: 31726 c7b00ed98949a0c1a6ad45a6ba22023d
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11.orig.tar.gz
Size/MD5 checksum: 415129 915264cb1ac8d7b78ea9eff3ba38ee04
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody7_alpha.deb
Size/MD5 checksum: 461206 9aa80ef9631d05c03282140cdf7f6a99
ARM architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody7_arm.deb
Size/MD5 checksum: 458902 abdcfec853f9601645a8bd0929c03531
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody7_i386.deb
Size/MD5 checksum: 458912 51f87418e0e3f56c7b7a5905a4457b3a
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody7_ia64.deb
Size/MD5 checksum: 461720 3a0b6936743fea1b99792809fe30fd45
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody7_hppa.deb
Size/MD5 checksum: 459454 0df2f1cb9abbce760a6e01e7cc0ff96f
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody7_m68k.deb
Size/MD5 checksum: 458996 8333eb0b5eefea56922952e21d6fa1a7
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody7_mips.deb
Size/MD5 checksum: 459442 9f10739182c97b12fea781bb6e6bd0bb
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody7_mipsel.deb
Size/MD5 checksum: 459336 a091672c96a16bfc42d807b4a2a99a11
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody7_powerpc.deb
Size/MD5 checksum: 459744 09e1f59de9a974e43ce1f4616546d4e5
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody7_s390.deb
Size/MD5 checksum: 459750 e868d1807361981e8902ae859a1f044f
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody7_sparc.deb
Size/MD5 checksum: 464212 634004546cf05739d91146dde8910701
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
GNU
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
GNU Upgrade mailman-2.1.4.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.4.tgz
GNU Upgrade mailman-2.1.3.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.3.tgz
GNU Upgrade mailman-2.1.2.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.2.tgz
GNU Upgrade mailman-2.1.1.tgz
http://ftp.gnu.org/gnu/mailman/mailman-2.1.1.tgz
MandrakeSoft
------------
http://www.debian.org/security/2004/dsa-436
浏览次数:3997
严重程度:0(网友投票)
绿盟科技给您安全的保障