安全研究

安全漏洞
Neon WebDAV客户端库ne_rfc1036_parse函数堆溢出漏洞

发布日期:2004-05-19
更新日期:2004-05-27

受影响系统:
Neon Client Library 0.24.5
Neon Client Library 0.24.4
Neon Client Library 0.24.3
Neon Client Library 0.24.2
Neon Client Library 0.24.1
Neon Client Library 0.24
Neon Client Library 0.23.8
Neon Client Library 0.23.7
Neon Client Library 0.23.6
Neon Client Library 0.23.5
Neon Client Library 0.23.4
Neon Client Library 0.23.3
Neon Client Library 0.23.2
Neon Client Library 0.23.1
Neon Client Library 0.23
Neon Client Library 0.19.3
    - Debian Linux 3.0
不受影响系统:
Neon Client Library 0.24.6
描述:
BUGTRAQ  ID: 10385
CVE(CAN) ID: CVE-2004-0398

neon是一款HTTP和WebDAV客户端库。

Neon WebDAV客户端库不正确检查用户提供的数据,远程攻击者可以利用这个漏洞对调用库的应用程序进行基于堆的溢出。

问题存在于ne_rfc1036_parse()函数中,提交特殊的日期字符串给ne_rfc1036_parse()可触发sscanf()字符串溢出堆中的静态变量,成功利用此漏洞可能以调用此库的应用程序进程权限执行任意指令。

<*来源:Stefan Esser (s.esser@ematters.de
  
  链接:http://security.e-matters.de/advisories/062004.html?SID=384b888de96e3bce19306db8577fca26
        http://www.debian.org/security/2004/dsa-506
        http://www.debian.org/security/2004/dsa-507
        http://www.linux-mandrake.com/en/security/2004/2004-049.php
*>

建议:
厂商补丁:

Debian
------
http://www.debian.org/security/2004/dsa-507

MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:049)以及相应补丁:
MDKSA-2004:049:Updated libneon packages fix heap variable overflow issues
链接:http://www.linux-mandrake.com/en/security/2004/2004-049.php

补丁下载:

Updated Packages:

Mandrakelinux 10.0:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/libneon0.24-0.24.5-0.2.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/libneon0.24-devel-0.24.5-0.2.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/libneon0.24-static-devel-0.24.5-0.2.100mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/libneon-0.24.5-0.2.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/lib64neon0.24-0.24.5-0.2.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/lib64neon0.24-devel-0.24.5-0.2.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/lib64neon0.24-static-devel-0.24.5-0.2.100mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/SRPMS/libneon-0.24.5-0.2.100mdk.src.rpm

Mandrakelinux 9.2:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libneon0.24-0.24.5-0.2.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libneon0.24-devel-0.24.5-0.2.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libneon0.24-static-devel-0.24.5-0.2.92mdk.i586.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/SRPMS/libneon-0.24.5-0.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64neon0.24-0.24.5-0.2.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64neon0.24-devel-0.24.5-0.2.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/lib64neon0.24-static-devel-0.24.5-0.2.92mdk.amd64.rpm
ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/SRPMS/libneon-0.24.5-0.2.92mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi.  The verification
of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php


上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
http://www.mandrakesecure.net/en/ftp.php

Neon
----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

Neon Upgrade neon-0.24.6.tar.gz
http://www.webdav.org/neon/neon-0.24.6.tar.gz

浏览次数:3430
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障