Dosemu S-Lang漏洞

漏洞信息详情

Dosemu S-Lang漏洞

• CNNVD编号：CNNVD-199901-030
• 危害等级： 高危
  
  
• CVE编号：
  CVE-1999-0390
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  1999-01-04
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  redhat
• 漏洞来源：
  The vulnerability …

Linux的Dosemu Slang图书馆中存在缓冲区溢出漏洞。

As noted by Erik Mouw (J.A.K.Mouw@ITS.TUDELFT.NL)
Last saturday, the Dosemu Team released Dosemu 0.99.6 which fixes the Slang hole. This is a development release, but the changes will also come in the next stable release, Dosemu 0.98.5. From the ChangeLog:
99/01/06 ver. 0.99.5.3 unofficial pre-release From Hans – upgraded to slang-1.2.2 because of buffer overrun exploits in 1.0.3. Verified, that _both_ exploits are fixed. – fixed (now) possible buffer overrun in verror (utilities.c), because slang-1.2.2 fixed its exploit by passing the involved printout via (*SLang_Exit_Error_Hook)() to _our_ hooking routine. (well, so we now have it 😉
Dosemu 0.99.6 is available at: ftp://ftp.dosemu.org:/dosemu/Development/dosemu-0.99.6.tgz
People using the 0.98 stable release should not run Dosemu suid root. Remove the s-bit from the Dosemu binary and wait for the next stable 0.98.5 release.
There is some security related documentation for Dosemu available at
http://www.dosemu.org/docs/README/0.98/README-3.html , although it is a bit outdated.
Note that any Dosemu version running suid root with DPMI enabled is inherently unsafe. A DPMI program in Dosemu is able to use Linux system calls, including system calls that require root privileges. The Dosemu Team is not able to fix this security hole; system administrators who are serious about security, should not install Dosemu suid-root. Dosemu can run non-suid on the Slangterminal, under X, in the background and even on serial lines (bbs’es for example).

来源: BID
名称: 187
链接:http://www.securityfocus.com/bid/187

来源: CALDERA
名称: CSSA-1999-006.1
链接:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-006.1.txt