NFS-SERVER远程缓冲区溢出漏洞
| CNNVD-ID编号 | CNNVD-200601-361 | CVE编号 | CVE-2006-0043 |
| 发布时间 | 2006-01-30 | 更新时间 | 2006-02-01 |
| 漏洞类型 | 缓冲区溢出 | 漏洞来源 | N/A |
| 危险等级 | 中危 | 威胁类型 | 本地 |
| 厂商 | suse | ||
漏洞介绍
nfs-server rpc.mountd的realpath函数中存在缓冲区溢出漏洞(用在SUSE Linux 9.1至10.0中),本地用户可以通过与安装请求和符号链接有关的未明向量执行任意代码。
漏洞补丁
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
nfs nfs-server 2.2.beta51
SuSE nfs-server-2.2beta51-206.4.i586.rpm
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/nfs-server-2.2bet a51-206.4.i586.rpm
SuSE nfs-server-2.2beta51-206.4.x86_64.rpm
SUSE LINUX 9.1:
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/nfs-server-2. 2beta51-206.4.x86_64.rpm
SuSE nfs-server-2.2beta51-208.2.i586.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/nfs-server-2.2bet a51-208.2.i586.rpm
SuSE nfs-server-2.2beta51-208.2.x86_64.rpm
SUSE LINUX 9.2:
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/x86_64/nfs-server-2.2b eta51-208.2.x86_64.rpm
SuSE nfs-server-2.2beta51-209.2.i586.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/nfs-server-2.2bet a51-209.2.i586.rpm
SuSE nfs-server-2.2beta51-209.2.x86_64.rpm
SUSE LINUX 9.3:
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/x86_64/nfs-server-2.2b eta51-209.2.x86_64.rpm
SuSE nfs-server-2.2beta51-212.2.i586.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/i586/nfs-server-2.2be ta51-212.2.i586.rpm
SuSE nfs-server-2.2beta51-212.2.ppc.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/ppc/nfs-server-2.2bet a51-212.2.ppc.rpm
SuSE nfs-server-2.2beta51-212.2.x86_64.rpm
SUSE LINUX 10.0:
ftp://ftp.suse.com/pub/suse/i386/update/10.0/rpm/x86_64/nfs-server-2.2 beta51-212.2.x86_64.rpm
nfs nfs-server 2.2.beta47
Debian nfs-user-server_2.2beta47-12woody1_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-use r-server_2.2beta47-12woody1_alpha.deb
Debian nfs-user-server_2.2beta47-12woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-use r-server_2.2beta47-12woody1_arm.deb
Debian nfs-user-server_2.2beta47-12woody1_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-use r-server_2.2beta47-12woody1_hppa.deb
Debian nfs-user-server_2.2beta47-12woody1_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-use r-server_2.2beta47-12woody1_i386.deb
Debian nfs-user-server_2.2beta47-12woody1_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-use r-server_2.2beta47-12woody1_ia64.deb
Debian nfs-user-server_2.2beta47-12woody1_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-use r-server_2.2beta47-12woody1_m68k.deb
Debian nfs-user-server_2.2beta47-12woody1_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-use r-server_2.2beta47-12woody1_mips.deb
Debian nfs-user-server_2.2beta47-12woody1_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-use r-server_2.2beta47-12woody1_mipsel.deb
Debian nfs-user-server_2.2beta47-12woody1_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-use r-server_2.2beta47-12woody1_powerpc.deb
Debian nfs-user-server_2.2beta47-12woody1_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-use r-server_2.2beta47-12woody1_s390.deb
Debian nfs-user-server_2.2beta47-12woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-use r-server_2.2beta47-12woody1_sparc.deb
Debian nfs-user-server_2.2beta47-20sarge2_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-use r-server_2.2beta47-20sarge2_alpha.deb
Debian nfs-user-server_2.2beta47-20sarge2_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/n/nfs-user-server/nfs-use r-server_2.2beta47-20sarge2_amd64.deb
Debian nfs-user-server_2.2beta47-20sarge2_arm.deb
Debian GNU/Linux 3.1 alias sa
参考网址
来源: SECUNIA
名称: 18638
链接:http://secunia.com/advisories/18638
来源: SUSE
名称: SUSE-SA:2006:005
链接:http://lists.suse.com/archive/suse-security-announce/2006-Jan/0007.html
来源: XF
名称: nfs-rpcmountd-realpath-bo(24347)
链接:http://xforce.iss.net/xforce/xfdb/24347
来源: BID
名称: 16388
链接:http://www.securityfocus.com/bid/16388
来源: VUPEN
名称: ADV-2006-0348
链接:http://www.frsirt.com/english/advisories/2006/0348
来源: SECUNIA
名称: 18614
链接:http://secunia.com/advisories/18614
来源: DEBIAN
名称: DSA-975
链接:http://www.debian.org/security/2006/dsa-975
来源: SECUNIA
名称: 18889
链接:http://secunia.com/advisories/18889
受影响实体
Suse Suse_linux:9.3:X86_64 Suse Suse_linux:9.3:Professional Suse Suse_linux:9.3:Personal Suse Suse_linux:9.2:X86_64 Suse Suse_linux:9.2:Professional信息来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200601-361
评论