首页 -> 安全研究

安全研究

安全漏洞
Dia多个远程格式串处理漏洞

发布日期:2006-05-30
更新日期:2006-06-07

受影响系统:
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Linux Mandrake 2006.0 x86_64
MandrakeSoft Linux Mandrake 2006.0
Ubuntu Linux 5.10 powerpc
Ubuntu Linux 5.10 i386
Ubuntu Linux 5.10 amd64
Ubuntu Linux 5.0 4 powerpc
Ubuntu Linux 5.0 4 i386
Ubuntu Linux 5.0 4 amd64
Dia Dia 0.95-pre6
Dia Dia 0.95
Dia Dia 0.94
Dia Dia 0.93
Dia Dia 0.92.2
Dia Dia 0.91
Dia Dia 0.88.1
Dia Dia 0.87
描述:
BUGTRAQ  ID: 18166
CVE(CAN) ID: CVE-2006-2453

Dia是基于gtk+的图表创建工具。

Dia的实现存在几个格式串处理漏洞,攻击者可能利用此漏洞诱使用户打开恶意文件在用户机器上执行任意指令。

攻击者可以诱骗用户打开恶意的dia文件或有特殊名称的文件,导致以当前用户权限执行任意指令。

<*来源:Hans de Goede
  
  链接:http://secunia.com/advisories/20254/print/
        http://www.ubuntu.com/usn/usn-286-1
        https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=192830
        http://security.gentoo.org/glsa/glsa-200606-03.xml
        http://lwn.net/Alerts/186061
*>

建议:
厂商补丁:

RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2006:0541-02)以及相应补丁:
RHSA-2006:0541-02:Moderate: dia security update
链接:http://lwn.net/Alerts/186061

补丁下载:
Red Hat Enterprise Linux AS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/dia-0.94-5.7.1.src.rpm
d55df9a68f2c56a994dd8f71aee11380  dia-0.94-5.7.1.src.rpm

i386:
bc2e13813b8131cd8ea6dcdab910ed15  dia-0.94-5.7.1.i386.rpm
f0cfd596249745cce1dc26854fa2d785  dia-debuginfo-0.94-5.7.1.i386.rpm

ia64:
46e39c3112958e964d3aee06c5ec0562  dia-0.94-5.7.1.ia64.rpm
32a07c762ff0f4e2b35176c9b851d33c  dia-debuginfo-0.94-5.7.1.ia64.rpm

ppc:
c468d0fda6ef02ef7ed3706701b5ef80  dia-0.94-5.7.1.ppc.rpm
6e913ed7eb05ff1764178822ab0ea249  dia-debuginfo-0.94-5.7.1.ppc.rpm

s390:
fb8026ab24b596855a59552f78efcc44  dia-0.94-5.7.1.s390.rpm
4159c13dca73903490b98499c5c60eb2  dia-debuginfo-0.94-5.7.1.s390.rpm

s390x:
aa3cd319dac56c3b8f423cda410eef53  dia-0.94-5.7.1.s390x.rpm
579389e8483e1b94e381c2801e17d752  dia-debuginfo-0.94-5.7.1.s390x.rpm

x86_64:
8f0f6342f2c3fcb6cbd07ff8a0887ac8  dia-0.94-5.7.1.x86_64.rpm
851110084403997d62847d332f07b110  dia-debuginfo-0.94-5.7.1.x86_64.rpm

Red Hat Enterprise Linux Desktop version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/dia-0.94-5.7.1.src.rpm
d55df9a68f2c56a994dd8f71aee11380  dia-0.94-5.7.1.src.rpm

i386:
bc2e13813b8131cd8ea6dcdab910ed15  dia-0.94-5.7.1.i386.rpm
f0cfd596249745cce1dc26854fa2d785  dia-debuginfo-0.94-5.7.1.i386.rpm

x86_64:
8f0f6342f2c3fcb6cbd07ff8a0887ac8  dia-0.94-5.7.1.x86_64.rpm
851110084403997d62847d332f07b110  dia-debuginfo-0.94-5.7.1.x86_64.rpm

Red Hat Enterprise Linux ES version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/dia-0.94-5.7.1.src.rpm
d55df9a68f2c56a994dd8f71aee11380  dia-0.94-5.7.1.src.rpm

i386:
bc2e13813b8131cd8ea6dcdab910ed15  dia-0.94-5.7.1.i386.rpm
f0cfd596249745cce1dc26854fa2d785  dia-debuginfo-0.94-5.7.1.i386.rpm

ia64:
46e39c3112958e964d3aee06c5ec0562  dia-0.94-5.7.1.ia64.rpm
32a07c762ff0f4e2b35176c9b851d33c  dia-debuginfo-0.94-5.7.1.ia64.rpm

x86_64:
8f0f6342f2c3fcb6cbd07ff8a0887ac8  dia-0.94-5.7.1.x86_64.rpm
851110084403997d62847d332f07b110  dia-debuginfo-0.94-5.7.1.x86_64.rpm

Red Hat Enterprise Linux WS version 4:

SRPMS:
ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/dia-0.94-5.7.1.src.rpm
d55df9a68f2c56a994dd8f71aee11380  dia-0.94-5.7.1.src.rpm

i386:
bc2e13813b8131cd8ea6dcdab910ed15  dia-0.94-5.7.1.i386.rpm
f0cfd596249745cce1dc26854fa2d785  dia-debuginfo-0.94-5.7.1.i386.rpm

ia64:
46e39c3112958e964d3aee06c5ec0562  dia-0.94-5.7.1.ia64.rpm
32a07c762ff0f4e2b35176c9b851d33c  dia-debuginfo-0.94-5.7.1.ia64.rpm

x86_64:
8f0f6342f2c3fcb6cbd07ff8a0887ac8  dia-0.94-5.7.1.x86_64.rpm
851110084403997d62847d332f07b110  dia-debuginfo-0.94-5.7.1.x86_64.rpm

可使用下列命令安装补丁:

rpm -Fvh [文件名]

Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200606-03)以及相应补丁:
GLSA-200606-03:Dia: Format string vulnerabilities
链接:http://security.gentoo.org/glsa/glsa-200606-03.xml

所有Dia用户都应升级到最新版本:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-office/dia-0.95.1"

Ubuntu
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

-- Ubuntu 5.04 --

Source archives:

http://security.ubuntu.com/ubunt...ia/dia_0.94.0-5ubuntu1.3.diff.gz
Size/MD5: 17086 d5771a080f9fab65abe39fa461b0be3f
http://security.ubuntu.com/ubunt.../d/dia/dia_0.94.0-5ubuntu1.3.dsc
Size/MD5: 1408 dfca9d13543432df3ff0b89dd87694ad
http://security.ubuntu.com/ubunt...ain/d/dia/dia_0.94.0.orig.tar.gz
Size/MD5: 5241128 d2afdc10f55df29314250d98dbfd7a79

Architecture independent packages:

http://security.ubuntu.com/ubunt...common_0.94.0-5ubuntu1.3_all.deb
Size/MD5: 2148748 fc6799fd655d1417c1c382992dd28ab1

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubunt...nome_0.94.0-5ubuntu1.3_amd64.deb
Size/MD5: 194954 2912894e6aa809b200c0435475a02009
http://security.ubuntu.com/ubunt...libs_0.94.0-5ubuntu1.3_amd64.deb
Size/MD5: 659674 b318e38937352a027afd3772621566f9
http://security.ubuntu.com/ubunt.../dia_0.94.0-5ubuntu1.3_amd64.deb
Size/MD5: 193266 cd0496cef2874ef740abafe9f28d53ec

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubunt...gnome_0.94.0-5ubuntu1.3_i386.deb
Size/MD5: 176988 e9b27d3c32f4c683f9a0878f74b04df5
http://security.ubuntu.com/ubunt...-libs_0.94.0-5ubuntu1.3_i386.deb
Size/MD5: 580590 60aa194372a368dad6c15b096c74a3f4
http://security.ubuntu.com/ubunt...a/dia_0.94.0-5ubuntu1.3_i386.deb
Size/MD5: 175510 c8bdfa25f8d165aa319b91dcdaa10004

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubunt...me_0.94.0-5ubuntu1.3_powerpc.deb
Size/MD5: 184652 a2616015be8f766ed36ba7a0fe6f1fa0
http://security.ubuntu.com/ubunt...bs_0.94.0-5ubuntu1.3_powerpc.deb
Size/MD5: 675104 bca6250681070c0045dba899f6f11707
http://security.ubuntu.com/ubunt...ia_0.94.0-5ubuntu1.3_powerpc.deb
Size/MD5: 183176 38213309ad4f232332aa62b47c2286df

-- Ubuntu 5.10 --

Source archives:

http://security.ubuntu.com/ubunt...a/dia_0.94.0-11ubuntu1.2.diff.gz
Size/MD5: 32541 a71619e0d5df51e905a68328c54c01d9
http://security.ubuntu.com/ubunt...d/dia/dia_0.94.0-11ubuntu1.2.dsc
Size/MD5: 1423 8d3d29b9e45d9d53f690a15643e72e96
http://security.ubuntu.com/ubunt...ain/d/dia/dia_0.94.0.orig.tar.gz
Size/MD5: 5241128 d2afdc10f55df29314250d98dbfd7a79

Architecture independent packages:

http://security.ubuntu.com/ubunt...ommon_0.94.0-11ubuntu1.2_all.deb
Size/MD5: 2148928 ed8976d604e4929c85c8e9bab40406f0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubunt...ome_0.94.0-11ubuntu1.2_amd64.deb
Size/MD5: 194656 6a830bb38a1720bd19f12e96074a9418
http://security.ubuntu.com/ubunt...ibs_0.94.0-11ubuntu1.2_amd64.deb
Size/MD5: 659118 e831effa3a3d9b2990e4b2c3f7b9d46a
http://security.ubuntu.com/ubunt...dia_0.94.0-11ubuntu1.2_amd64.deb
Size/MD5: 193170 e7ac00a876bb8e24691a8fa3933ab0f5

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubunt...nome_0.94.0-11ubuntu1.2_i386.deb
Size/MD5: 171796 6ea1f835eb7c4315084190e8f628b6ec
http://security.ubuntu.com/ubunt...libs_0.94.0-11ubuntu1.2_i386.deb
Size/MD5: 549270 44d546e86e6c81936c1ab278a71f2ebc
http://security.ubuntu.com/ubunt.../dia_0.94.0-11ubuntu1.2_i386.deb
Size/MD5: 170448 e342deec10cef78f9f83fd8e691392d0

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubunt...e_0.94.0-11ubuntu1.2_powerpc.deb
Size/MD5: 185366 b2d487e8a89ace311fc5b9ed29088c92
http://security.ubuntu.com/ubunt...s_0.94.0-11ubuntu1.2_powerpc.deb
Size/MD5: 667448 0495b9a9ff9ea8836d9c371d254005f5
http://security.ubuntu.com/ubunt...a_0.94.0-11ubuntu1.2_powerpc.deb
Size/MD5: 183888 b422aa2ae4f2ad2021e4dcd27b63cfc2

浏览次数:3325
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客