UMN Gopherd 2.x 远程缓冲区溢出
发布日期:2000-08-15
更新日期:2000-08-15
受影响系统:
University of Minnesota gopherd 2.3
- S.u.S.E. Linux 7.0
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- MandrakeSoft Linux Mandrake 7.1
- Debian Linux 2.1
不受影响系统:
University of Minnesota gopherd 2.3.1
描述:
在Minnesota大学开发的gopherd 2.x中存在一个缓冲区溢出漏洞,可能导致远程获得root权限。
当gopherd收到客户端发来的要求对"* [username] [ticket]"格式的登录票进行解码的指令时,
会调用函数生成一个gopher DES Key,这导致了溢出的发生。
<* 来源:Mike Schiffman (
michael.schiffman@guardent.com) *>
建议:
升级到gopherd 2.3.1:
ftp://boombox.micro.umn.edu/pub/gopher/Unix/gopher2_3.1.tar.gz
或者打下列补丁:
"patch < umn_gopher.patch"
diff -ru gopher2_3.old/gopherd/authenticate.c
gopher2_3/gopherd/authenticate.c
- --- gopher2_3.old/gopherd/authenticate.c Sat Jun 10 04:03:43 2000
+++ gopher2_3/gopherd/authenticate.c Thu Aug 3 07:00:56 2000
@@ -494,11 +494,12 @@
char keystr[256];
char *cp;
Desnum c;
- - int i;
+ int i, keysize;
- - strcpy(keystr, user);
- - strcat(keystr, ip);
- - strcat(keystr, key);
+ i = keysize = sizeof(keystr)-1;
+ strncpy(keystr, user, i), i -= strlen(keystr);
+ strncat(keystr, ip, i), i -= strlen(keystr);
+ strncat(keystr, key, i), keystr[keysize] = '\0';
Debug("Encoding key %s\n", keystr);
浏览次数:6673
严重程度:0(网友投票)