多个供应商 “dump”缓冲区溢出漏洞-一一网

漏洞信息详情

多个供应商 “dump”缓冲区溢出漏洞

CNNVD编号：CNNVD-200002-081

危害等级：高危
CVE编号：
CVE-2000-0186
漏洞类型：

缓冲区溢出
发布时间：

2000-02-28
威胁类型：

本地
更新时间：

2005-05-02
厂商：

freebsd
漏洞来源：
First posted to Bu…

漏洞简介

Linux ext2fs backup包中转储工具存在缓冲区溢出漏洞。本地用户借助超长命令行参数可以提升特权。

漏洞公告

A work-around is to remove the setuid and setgid permissions from the file.
KimYongJun included the following patch in his post to BugTraq on February 28, 2000:
[root@loveyou SOURCES]# diff -ru dump-0.4b13/dump/main_orig.c dump-0.4b13/dump/main.c
— dump-0.4b13/dump/main_orig.c Mon Feb 28 14:40:01 2000
+++ dump-0.4b13/dump/main.c Mon Feb 28 14:40:57 2000
@@ -273,6 +273,9 @@
exit(X_STARTUP);
}
disk = *argv++;
+ if ( strlen(disk) > 255 )
+ exit(X_STARTUP);
+
argc–;
if (argc >= 1) {
(void)fprintf(stderr, “Unknown arguments to dump:”);
Fixes are available for TurboLInux at:
ftp://ftp.turbolinux.com/pub/updates/6.0/security/dump-0.4b16-1.i386.rpm
ftp://ftp.turbolinux.com/pub/updates/6.0/SRPMS/dump-0.4b16-1.src.rpm
Fixes are available for Connectiva Linux at:
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.0es/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/rmt-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/dump-0.4b18-1cl.i386.rpm
ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/rmt-0.4b18-1cl.i386.rpm
@ce.hannam.ac.kr>