NSFOCUS绿盟科技

首页 -> 安全研究

安全研究

安全漏洞

LibGSF程序库远程堆溢出漏洞

发布日期：2006-11-30
更新日期：2006-12-01

受影响系统：

Jody Goldberg libgsf 1.14.1
Jody Goldberg libgsf 1.14
Jody Goldberg libgsf 1.13.2
Jody Goldberg libgsf 1.11.1

不受影响系统：

Jody Goldberg libgsf 1.14.2

描述：

BUGTRAQ  ID: 21358
CVE(CAN) ID: CVE-2006-4514

GNOME结构化文件库（LibGSF）是用于读写结构化文件格式的工具库。

多家厂商的操作系统中所捆绑的libgsf库的ole_init_info函数中存在堆溢出漏洞，远程攻击者可能利用此漏洞在用户机器上执行任意指令。

在分配内存时ole_init_info函数仅获得了num_bat中所指定数目的空间，然后在读取文件内容时num_metabat中所指定的数目被用作了循环的边界。由于没有充分地验证变量，因此攻击者可能通过诱骗用户打开特制的OLE文档触发堆溢出，导致执行任意指令。

<*来源：infamous41md （infamous41md@hotpop.com）

  链接：http://secunia.com/advisories/23164/
        http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=446
        http://www.debian.org/security/2006/dsa-1221
*>

建议：

厂商补丁：

Debian
------
Debian已经为此发布了一个安全公告（DSA-1221-1）以及相应补丁:
DSA-1221-1：New libgsf packages fix arbitrary code execution
链接：http://www.debian.org/security/2005/dsa-1221

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/libg/libgsf/libgsf_1.11.1-1sarge1.dsc
Size/MD5 checksum:      837 bc96a9630b2605bdd8091a0f3f934f09
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf_1.11.1-1sarge1.diff.gz
Size/MD5 checksum:     7678 23aa764ba57e0ec811916b78bf986917
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf_1.11.1.orig.tar.gz
Size/MD5 checksum:   572284 d3260e0411c3a972c4f5bf3f2d1fbdf3

Alpha architecture:

http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_alpha.deb
Size/MD5 checksum:   107854 37c60803868436da0effcaaac0eb3261
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_alpha.deb
Size/MD5 checksum:    84542 869400c0b10cab3e7a1e353091c15138
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_alpha.deb
Size/MD5 checksum:   211104 d80136fdc38edad9f97f2fc335a13c87
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_alpha.deb
Size/MD5 checksum:    42524 3c201fc969af6fc144ddfa9d308ca7d9
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_alpha.deb
Size/MD5 checksum:    10796 56f4a381eaadbc54ad5da1515fc02a28
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_alpha.deb
Size/MD5 checksum:    50690 a134d813591188748c8237b76ca07eff

AMD64 architecture:

http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_amd64.deb
Size/MD5 checksum:    95598 741f5e3cf1276c57a862c6c32989bf45
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_amd64.deb
Size/MD5 checksum:    72884 f1440dcac0f635ef12ecaf9321e19741
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_amd64.deb
Size/MD5 checksum:   172702 751adb98ffb3ae93b849c56bdfda3e35
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_amd64.deb
Size/MD5 checksum:    41496 5d8b547d18ec67bc74e577341e9127fe
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_amd64.deb
Size/MD5 checksum:    10274 c974e8cf41208991a4994274aed34cf4
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_amd64.deb
Size/MD5 checksum:    47474 36ccd40752ff3e33d220494388e82ba3

ARM architecture:

http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_arm.deb
Size/MD5 checksum:    92054 81c8e51b0f1a565c2c7975ca00c54aef
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_arm.deb
Size/MD5 checksum:    71122 4983eeffaa1ef96a18eabbb6eff072d6
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_arm.deb
Size/MD5 checksum:   171650 addecc2d0f2e2e9b9e0973af85e4d6d5
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_arm.deb
Size/MD5 checksum:    41006 7631c2c831ccb352ee3eaafa1ae08501
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_arm.deb
Size/MD5 checksum:     9650 0bef0c46800914370452657c52827a7b
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_arm.deb
Size/MD5 checksum:    47752 6446fcefbd64ec916cac67dd7629746d

HP Precision architecture:

http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_hppa.deb
Size/MD5 checksum:   109452 00cf9a2ea0ae3c7c77407ac31899f577
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_hppa.deb
Size/MD5 checksum:    87188 90c3ca91f8fadd35a892f94b975b4303
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_hppa.deb
Size/MD5 checksum:   184032 272c9099df0279b1da9eb533e64f4a8c
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_hppa.deb
Size/MD5 checksum:    42832 a4270866dd0ee896a1754ec02fdea6a2
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_hppa.deb
Size/MD5 checksum:    11366 6af045e1bd59419b2abbd1a065e83263
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_hppa.deb
Size/MD5 checksum:    48450 cfb513337e4b16dca1ae5b939739b02b

Intel IA-32 architecture:

http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_i386.deb
Size/MD5 checksum:    94438 b70e154e2bc349b763da552b36563c41
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_i386.deb
Size/MD5 checksum:    71724 cc4fd9cd9e3150632fdb600f61926d16
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_i386.deb
Size/MD5 checksum:   165774 75f1cda5fe58d7fa1e32e059ff56aa5c
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_i386.deb
Size/MD5 checksum:    41418 0462a3a69e5f6391f2d84609803af28c
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_i386.deb
Size/MD5 checksum:    10002 2296a2ef95208dd25b1245e5596fad8a
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_i386.deb
Size/MD5 checksum:    47022 dad57213a389b1c396940c6420b2a6d3

Intel IA-64 architecture:

http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_ia64.deb
Size/MD5 checksum:   120382 00ae4c44067d719530f10345b907b39d
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_ia64.deb
Size/MD5 checksum:    96808 219ae265d340982c4fcc625f0f4aac2e
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_ia64.deb
Size/MD5 checksum:   207722 321d9e0e5f245a1460934be4c53b3485
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_ia64.deb
Size/MD5 checksum:    44498 73ce9eb8ceb61f3eb5bdebc2f7fbd97a
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_ia64.deb
Size/MD5 checksum:    13112 7114570dd9b7d2ccae2482e8a9749836
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_ia64.deb
Size/MD5 checksum:    50314 0e341aa4f2d297c21b50c07ea5b022e5

Motorola 680x0 architecture:

http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_m68k.deb
Size/MD5 checksum:    93418 3241ab0596f2a1be8758b0df6f0b1b91
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_m68k.deb
Size/MD5 checksum:    70380 76e2fbd85c632cc917dbdd4631eaeab1
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_m68k.deb
Size/MD5 checksum:   159350 ad3e05a11cfc6950f5366e586af28c44
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_m68k.deb
Size/MD5 checksum:    41064 ccc2b9e4e7cd38f48d633c509b8359ba
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_m68k.deb
Size/MD5 checksum:     9520 13f4d5efeeb5033221455c053b52ef8e
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_m68k.deb
Size/MD5 checksum:    46432 ba90a1e901880066827139232f828e41

Big endian MIPS architecture:

http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_mips.deb
Size/MD5 checksum:    95486 47af6ae61145d336e6d67cb66572fa2c
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_mips.deb
Size/MD5 checksum:    71142 4d50bc59c572fb8de56626b17a96716c
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_mips.deb
Size/MD5 checksum:   181358 4680c5668264c0660f5915f5490a9862
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_mips.deb
Size/MD5 checksum:    41328 e14b22945be8551fe477286239829702
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_mips.deb
Size/MD5 checksum:     9502 a65d4536f7d5a7e217930f665acd1ce4
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_mips.deb
Size/MD5 checksum:    48412 062423f994430f2f458f72ff1c11aa60

Little endian MIPS architecture:

http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_mipsel.deb
Size/MD5 checksum:    95064 12574be55cbd0f0d161d438eb3681132
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_mipsel.deb
Size/MD5 checksum:    71040 2ef8b71ca0069594121861ea8f1cb138
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_mipsel.deb
Size/MD5 checksum:   181248 5b1d0d0d255bd232630232b944c90de3
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_mipsel.deb
Size/MD5 checksum:    41342 61d8b2256e13a2f42101eaaac777f147
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_mipsel.deb
Size/MD5 checksum:     9534 090bc4a1110ad678cc31f878a7f625fe
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_mipsel.deb
Size/MD5 checksum:    48484 8e6b7e08584b30d39676e324e8d2f160

PowerPC architecture:

http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_powerpc.deb
Size/MD5 checksum:    97424 a5fe077b6c128e6d3707f54f25446793
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_powerpc.deb
Size/MD5 checksum:    76080 80b8cfd0da0406e51e0650b31f6b855b
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_powerpc.deb
Size/MD5 checksum:   175872 c8608277b96bc3b9fe1c9acab58df7f5
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_powerpc.deb
Size/MD5 checksum:    42750 40d7d2fe820e4fe563ad45a52a993882
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_powerpc.deb
Size/MD5 checksum:    12502 f67804ec2e5e233f6eba20a306c87d0f
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_powerpc.deb
Size/MD5 checksum:    47456 67f2eab4c5e7626021e0203de6dd45b0

IBM S/390 architecture:

http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_s390.deb
Size/MD5 checksum:   104934 b4f495487d1d69c57bae68b1710c3c34
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_s390.deb
Size/MD5 checksum:    82180 ce2e17b2cb7894fe75f70bf6c0e3e3c8
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_s390.deb
Size/MD5 checksum:   179024 a117c2b0ff8c3ba57c950872d1dcbe63
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_s390.deb
Size/MD5 checksum:    42410 1e4cd37bee40b3064120794ffa40ed61
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_s390.deb
Size/MD5 checksum:    10518 6bf95840b71480e8a040bf7795af7bae
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_s390.deb
Size/MD5 checksum:    47984 a8ffd9f03d9e884f1b919ef8e31a2ef0

Sun Sparc architecture:

http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1_1.11.1-1sarge1_sparc.deb
Size/MD5 checksum:    95404 99a1f0843ed4865942a214b1f6cf5b2d
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dbg_1.11.1-1sarge1_sparc.deb
Size/MD5 checksum:    72240 af4c9ac2d4fb67f66f27cb7e2effd99f
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-1-dev_1.11.1-1sarge1_sparc.deb
Size/MD5 checksum:   168950 0848099749ef6395067268f3331b7da4
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1_1.11.1-1sarge1_sparc.deb
Size/MD5 checksum:    41156 ade5d9a99a9140a319fd885cb48d8161
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dbg_1.11.1-1sarge1_sparc.deb
Size/MD5 checksum:     9438 04f6af54df0a761be766ccab9deba73c
http://security.debian.org/pool/updates/main/libg/libgsf/libgsf-gnome-1-dev_1.11.1-1sarge1_sparc.deb
Size/MD5 checksum:    47262 97392dc7cab74baee5953c66d46fa894

补丁安装方法：

1. 手工安装补丁包：

  首先，使用下面的命令来下载补丁软件：
  # wget url  (url是补丁下载链接地址)

  然后，使用下面的命令来安装补丁：
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包：

   首先，使用下面的命令更新内部数据库：
   # apt-get update

   然后，使用下面的命令安装更新软件包：
   # apt-get upgrade

Jody Goldberg
-------------
http://www.debian.org/security/2006/dsa-1221

浏览次数：3006
严重程度：0（网友投票）

本安全漏洞由绿盟科技翻译整理，版权所有，未经许可，不得转载
绿盟科技给您安全的保障

关于我们: 公司介绍; 公司荣誉; 公司新闻

联系我们: 公司总部; 分支机构; 海外机构

快速链接: 绿盟云; 绿盟威胁情报中心NTI; 技术博客