Socks5 1.0r5缓冲区溢出漏洞

漏洞信息详情

Socks5 1.0r5缓冲区溢出漏洞

• CNNVD编号：CNNVD-199807-010
• 危害等级： 高危
  
  
• CVE编号：
  CVE-1999-1435
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  1998-07-10
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  nec
• 漏洞来源：
  This vulnerability…

Socks 5 (socks5) 1.0r5的libsocks5图书馆中存在缓冲区溢出漏洞，本地用户借助超长的环境变量获得特权。

Version 1.0r6 fixes this problem by replacing the call to vsprintf() with vsnprintf() and bounding the fill to the size of the fmt_cpy variable it is filling. This version, and subsequent version, are available at
http://www.socks.nec.com/.
As a temporary fix, the following patch can be applied:
diff -r -u socks-dist/lib/log.c socks5-v1.0r5/lib/log.c
— socks-dist/lib/log.c Thu Feb 19 10:49:56 1998
+++ socks5-v1.0r5/lib/log.c Wed Jul 1 16:39:30 1998
@@ -77,7 +77,8 @@
}
void S5LogvUpdate(const void *handle, int level, int msgID, const char *oformat, va_list pvar) {
– char fmt_cpy[2*1024 + 2*10], format[2*1024 + 2*10];
+#define FMT_BUFLEN (2*1024 + 2*10)
+ char fmt_cpy[FMT_BUFLEN], format[FMT_BUFLEN];
S5LogHandle *h = (S5LogHandle *)handle;
int serrno = GETERRNO();
static int dontLoop = 0;
@@ -112,7 +113,9 @@
strcat(format, ” “);
replacePercentM(oformat, format + strlen(format), sizeof(format) – strlen(format));
– vsprintf(fmt_cpy, format, pvar);
+ if(vsnprintf(fmt_cpy, FMT_BUFLEN-1,format, pvar)==-1) {
+ fmt_cpy[FMT_BUFLEN-1]=’\0′;
+ }
/* Log to the Local log facility, e.g. Stderr on Unix and maybe a window */
/* or something on NT. Neither system can deal with a NULL format so */

来源: BUGTRAQ
名称: 19980710 socks5 1.0r5 buffer overflow..
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525933&w=2

来源: BID
名称: 154
链接:http://www.securityfocus.com/bid/154