漏洞信息详情
OmniHTTPD缓冲区溢出漏洞
- CNNVD编号:CNNVD-199910-040
- 危害等级: 超危
![图片[1]-OmniHTTPD缓冲区溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-07/c4e67a37c54aee8c0e1983d8333a9158.png)
- CVE编号:
CVE-1999-0951
- 漏洞类型:
缓冲区溢出
- 发布时间:
1999-10-22
- 威胁类型:
远程
- 更新时间:
2006-11-16
- 厂 商:
omnicron - 漏洞来源:
Posted to BugTraq … -
漏洞简介
OmniHTTPd CGI程序imagemap.exe存在缓冲区溢出漏洞。远程攻击者利用该漏洞执行命令。
漏洞公告
Since source code for the imagemap program is supplied, UNYUN of Shadow Penguin Security suggests that checking for oversized arguments be added to the code:
void main(int argc, char **argv)
{
———– omit ———-
char OutString[100];
———– omit ———-
if(argc >= 2) {
//
// extract x & y from passed values
//
strcpy(OutString, argv[1]);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Buffer overflow caused by this strcpy().
This overflow can be avoided if you put the following code before
strcpy().
if (strlen(argv[1])>99) exit
There are no known vendor provided solutions to this problem.
参考网址
来源: BID
名称: 739
链接:http://www.securityfocus.com/bid/739
来源: OSVDB
名称: 3380
链接:http://www.osvdb.org/3380
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
