首页 -> 安全研究
安全研究
安全漏洞
Gimp XCF_load_vector函数栈溢出漏洞
发布日期:2006-07-07
更新日期:2006-11-20
受影响系统:
GIMP GIMP 2.3.9不受影响系统:
GIMP GIMP 2.2.11
VMWare ESX Server 2.5.4
VMWare ESX Server 2.5.3
VMWare ESX Server 2.1.3
VMWare ESX Server 2.0.2
GIMP GIMP 2.2.12描述:
BUGTRAQ ID: 18877
CVE(CAN) ID: CVE-2006-3404
GIMP是GNU Image Manipulation Program(GNU图像处理程序)的缩写,是一款跨平台的图像处理软件。
GIMP的xcf_load_vector()函数在加载XCF文件时存在栈溢出漏洞,攻击者可能利用此漏洞诱使用户打开恶意文件在用户机器上执行任意指令。
恶意攻击者可以将很大的数字写入到XCF文件的num_axes字段位置,如果用户打开了该文件就会用文件中的数据覆盖部分栈缓冲区。在little-endian的系统中,实际读取浮点的xcf_read_float()函数对其读取的数据执行了字节顺序转换,但没有执行任何特别的浮点处理,因此攻击者可以直接控制写入栈中的数据。
<*来源:Henning Makholm
链接:http://bugzilla.gnome.org/show_bug.cgi?id=346742
http://secunia.com/advisories/20976/print/
http://secunia.com/advisories/22875/
http://www.debian.org/security/2006/dsa-1116
http://lwn.net/Alerts/191756/?format=printable
http://security.gentoo.org/glsa/glsa-200607-08.xml
http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102720-1
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1116-1)以及相应补丁:
DSA-1116-1:New gimp packages fix arbitrary code execution
链接:http://www.debian.org/security/2005/dsa-1116
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1.dsc
Size/MD5 checksum: 1089 979559b33614105fa58413378d7c204b
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1.diff.gz
Size/MD5 checksum: 26122 c56e7ce33568fa577bb965d91a5c9e1c
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6.orig.tar.gz
Size/MD5 checksum: 20496404 a6450200858c59bb46ace6987f1fc6ee
Architecture independent components:
http://security.debian.org/pool/updates/main/g/gimp/gimp-data_2.2.6-1sarge1_all.deb
Size/MD5 checksum: 6276584 013c82da61ca8f0c34e7b02995f9a2dc
http://security.debian.org/pool/updates/main/g/gimp/gimp1.2_2.2.6-1sarge1_all.deb
Size/MD5 checksum: 31674 f5bf9b1c4d272b6d6a293da92ff1b4cc
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-doc_2.2.6-1sarge1_all.deb
Size/MD5 checksum: 514958 5dcc11d084fd4e79e055493205cded03
Alpha architecture:
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_alpha.deb
Size/MD5 checksum: 3872520 f14c5800c1bb4da15eef57a6c9122c61
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_alpha.deb
Size/MD5 checksum: 44970 2476f295f24498674678c8f21b35f26f
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_alpha.deb
Size/MD5 checksum: 126646 244ae4e14a57803e0e04eed254ee845b
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_alpha.deb
Size/MD5 checksum: 44794 5cc2a15a835d6649bbebdd068beaf5d3
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_alpha.deb
Size/MD5 checksum: 576492 bf73a2b8130cc7a945cdcccb0546ce0b
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_alpha.deb
Size/MD5 checksum: 98262 7ff13a929c089f127fd29836f780dd38
AMD64 architecture:
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_amd64.deb
Size/MD5 checksum: 3266104 17d46a5010fb7451f6dfbd783caf73e6
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_amd64.deb
Size/MD5 checksum: 43722 0956d860d60ff4394ca0c9b9aac2957f
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_amd64.deb
Size/MD5 checksum: 122012 61a1ca703333bfad94692943c0e6ba86
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_amd64.deb
Size/MD5 checksum: 43464 496e21eff61fedf892eb2f8a52e92857
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_amd64.deb
Size/MD5 checksum: 543840 224ea85332d7e525aafa14cb1a639614
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_amd64.deb
Size/MD5 checksum: 98234 a9f687bb252e9adbc91f81b67e42d3d9
ARM architecture:
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_arm.deb
Size/MD5 checksum: 2938416 b0901f13d679d1bb41e91c56f22c41d8
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_arm.deb
Size/MD5 checksum: 41934 042f39449706ba1362676520935d98a0
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_arm.deb
Size/MD5 checksum: 114028 d3adb0e677eee5f8484674f1ec29ef11
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_arm.deb
Size/MD5 checksum: 42280 2300ed4a4de2537e30ad4f4df2cf540d
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_arm.deb
Size/MD5 checksum: 507710 0592a4510f85ebb8c03e74cb2d410d95
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_arm.deb
Size/MD5 checksum: 98332 57de081bea0749832e5c82e6cbdb28e9
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_i386.deb
Size/MD5 checksum: 3087556 d4a3d583f932d75e1c49f72a32e9de56
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_i386.deb
Size/MD5 checksum: 42692 35dedb9373d46897709de62a6ba56f22
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_i386.deb
Size/MD5 checksum: 117012 0a76a982e406a236658882f2dabdf464
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_i386.deb
Size/MD5 checksum: 43238 4e585d74f341874b8a31aad60d246caf
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_i386.deb
Size/MD5 checksum: 521758 bc33f00f99995ffd91ff9bb84c83c4c1
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_i386.deb
Size/MD5 checksum: 98248 a7d5db0fdf8401bdaef4a9266db6c705
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_ia64.deb
Size/MD5 checksum: 4581614 af2d82f8c7d4373286f6872709d8bca4
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_ia64.deb
Size/MD5 checksum: 46600 9186a0e6efb81e461d725fa761694f07
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_ia64.deb
Size/MD5 checksum: 135808 7fa53fef4e3772b8f3087e9c5e37e5a0
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_ia64.deb
Size/MD5 checksum: 46852 24434b0212a6792901bc9e2fbbd2bb1f
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_ia64.deb
Size/MD5 checksum: 632324 c4335842b443c43c0dbe68797264d943
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_ia64.deb
Size/MD5 checksum: 98240 f07c6a9cd8f7941ff7fd4a93589f7973
HP Precision architecture:
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_hppa.deb
Size/MD5 checksum: 3468190 e9a04a87c97ee78815a3e332dbcccff8
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_hppa.deb
Size/MD5 checksum: 43394 fed2f6e699416c5a03c1d3a130554418
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_hppa.deb
Size/MD5 checksum: 125686 19e8ee051e193546d55788c7b3fb1e7d
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_hppa.deb
Size/MD5 checksum: 43720 b4c52c60b267751689bc57fe7f1e3ded
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_hppa.deb
Size/MD5 checksum: 583078 bda2acb1a3b23edcd435730ea9c6cd0c
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_hppa.deb
Size/MD5 checksum: 98302 618bf48bcfe82ee886ad1ec2c9da8746
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_m68k.deb
Size/MD5 checksum: 2697910 e90af18d0136fbf8d60e2089bac3dbc0
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_m68k.deb
Size/MD5 checksum: 42302 6cffc71d58aa261293428323840eadfa
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_m68k.deb
Size/MD5 checksum: 118392 e533fe00cf69d53713fea16f7c3c351b
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_m68k.deb
Size/MD5 checksum: 42140 b77201f3a42f7be876c13ce803833891
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_m68k.deb
Size/MD5 checksum: 520078 29e62d2417f9d4bd266e81a65e4d5201
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_m68k.deb
Size/MD5 checksum: 98478 fe3705144e976a25c49330f2d0f958ab
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_mips.deb
Size/MD5 checksum: 3448914 3236ee1f78e5d6a30cece944ea1c149e
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_mips.deb
Size/MD5 checksum: 42690 e3a903955904332f1d6e14341de5c55d
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_mips.deb
Size/MD5 checksum: 116280 4e4425ac5ccf0f7923aaa33817f4d3a9
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_mips.deb
Size/MD5 checksum: 42960 8b6f4e92ed5b881e74fca99c4eac478f
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_mips.deb
Size/MD5 checksum: 524600 978e3ab35f44bd1e516ded87d0fa1a11
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_mips.deb
Size/MD5 checksum: 98256 b34836f926dea9bc7855c4fec1313db2
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_mipsel.deb
Size/MD5 checksum: 3445558 fa88e0923517217e1ebc47dcc9e13e91
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_mipsel.deb
Size/MD5 checksum: 42626 7df6dd0e0bcf0fd800b603ff62b088e4
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_mipsel.deb
Size/MD5 checksum: 115598 f5e2fa780ab32a0e8d192209f42cf22c
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_mipsel.deb
Size/MD5 checksum: 42882 8f2c5ead0311336fe8f9d5f73840bd66
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_mipsel.deb
Size/MD5 checksum: 522138 172dad30e71dacab1aaedfbe2b9ab404
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_mipsel.deb
Size/MD5 checksum: 98268 b7ad697195e7a622d584caef468bf24b
PowerPC architecture:
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_powerpc.deb
Size/MD5 checksum: 3341118 c3bd01a81f343030030f7285fd35a9a2
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_powerpc.deb
Size/MD5 checksum: 43938 66f8bf50052e465ab6306c0f93441fc1
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_powerpc.deb
Size/MD5 checksum: 118214 7b22438747c7d7eb3ff1112607f36942
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_powerpc.deb
Size/MD5 checksum: 44314 1452917365ca44d0849fd8783d5dc2b9
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_powerpc.deb
Size/MD5 checksum: 539510 17896bbe9f778c125eed47e96f2582b0
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_powerpc.deb
Size/MD5 checksum: 98282 c0c35190756c7bc71306d9e32e20770e
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_s390.deb
Size/MD5 checksum: 3134704 5e3ee587e3af969dbe6b2acf8add98a6
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_s390.deb
Size/MD5 checksum: 43896 17adcff9df203fcee2a2eccb4a7a78f6
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_s390.deb
Size/MD5 checksum: 123904 b0f18ce58f5eb93fa64033b82b64f192
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_s390.deb
Size/MD5 checksum: 43512 5ec341436fcf87c883a7bdff50eba154
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_s390.deb
Size/MD5 checksum: 555508 eb2c9b65d19b333113a216499ca5b429
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_s390.deb
Size/MD5 checksum: 98226 1883143a487595484af2def276b08017
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/g/gimp/gimp_2.2.6-1sarge1_sparc.deb
Size/MD5 checksum: 2929592 ab276607e00e8159b855d2d3ddbd7f49
http://security.debian.org/pool/updates/main/g/gimp/gimp-helpbrowser_2.2.6-1sarge1_sparc.deb
Size/MD5 checksum: 42236 0a2217eeb70903e12052b4111aac2c1d
http://security.debian.org/pool/updates/main/g/gimp/gimp-python_2.2.6-1sarge1_sparc.deb
Size/MD5 checksum: 116426 3eac44e9e3e28330e075385b1197a984
http://security.debian.org/pool/updates/main/g/gimp/gimp-svg_2.2.6-1sarge1_sparc.deb
Size/MD5 checksum: 42440 464fe9823e9544cce55688ed1840bd38
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0_2.2.6-1sarge1_sparc.deb
Size/MD5 checksum: 527522 ea220cad0822aaf7f580c0ad76f44cb2
http://security.debian.org/pool/updates/main/g/gimp/libgimp2.0-dev_2.2.6-1sarge1_sparc.deb
Size/MD5 checksum: 98290 b543cfe8b332246e3e33c4d785fa8957
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2006:0598-01)以及相应补丁:
RHSA-2006:0598-01:Moderate: gimp security update
链接:http://lwn.net/Alerts/191756/?format=printable
Sun
---
Sun已经为此发布了一个安全公告(Sun-Alert-102720)以及相应补丁:
Sun-Alert-102720:Security Vulnerability in GIMP(1) May Lead to Denial of Service (DoS) or Execution of Arbitrary Code
链接:http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102720-1
VMWare
------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.vmware.com/download/esx/esx-253-200610-patch.html
http://www.vmware.com/download/esx/esx-254-200610-patch.html
http://www.vmware.com/download/esx/esx-213-200610-patch.html
http://www.vmware.com/download/esx/esx-202-200610-patch.html
Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200607-08)以及相应补丁:
GLSA-200607-08:GIMP: Buffer overflow
链接:http://security.gentoo.org/glsa/glsa-200607-08.xml
所有GIMP用户都应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-gfx/gimp-1.2.12"
GIMP
----
http://www.debian.org/security/2006/dsa-1116
浏览次数:4043
严重程度:0(网友投票)
绿盟科技给您安全的保障