漏洞信息详情
FreeBSD fts库缓冲区溢出漏洞
- CNNVD编号:CNNVD-200009-001
- 危害等级: 高危
![图片[1]-FreeBSD fts库缓冲区溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-07/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-1999-0761
- 漏洞类型:
缓冲区溢出
- 发布时间:
2000-09-16
- 威胁类型:
本地
- 更新时间:
2005-05-02
- 厂 商:
freebsd - 漏洞来源:
This vulnerability… -
漏洞简介
FreeBSD fts库存在缓冲区溢出漏洞。通常本地用户借助周期性的程序修改任意文件。
漏洞公告
This problem can be worked around via preventing coredumps from the periodic(3) program. However, this is NOT a suggested long term fix. The fts overflow could quite likely be exploited via any number of SUID scripts. The best solution for this is to apply the patch referenced later in this Solution. However, immediate work around information is as follows:
# mv /usr/sbin/periodic /usr/sbin/periodic.bin
# cat > /usr/sbin/periodic
#!/bin/sh
ulimit -c 0
/usr/sbin/periodic.bin $*
^D
# chmod 555 /usr/sbin/periodic
Apply the following patches to libc and do a make world. Please also see the companion advisory FreeBSD-SA-99:04.core.asc in the advisories directory of our ftp site for details on the kernel portions of this fix.
Index: lib/libc/gen/fts.c
===================================================================
RCS file: /home/imp/FreeBSD/CVS/src/lib/libc/gen/fts.c,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
— fts.c 1999/08/15 19:21:29 1.10
+++ fts.c 1999/09/02 07:45:07 1.11
@@ -963,6 +963,24 @@
return (sp->fts_path == NULL);
}
+static void
+ADJUST(p, addr)
+ FTSENT *p;
+ void *addr;
+{
+ if ((p)->fts_accpath >= (p)->fts_path &&
+ (p)->fts_accpath < (p)->fts_path + (p)->fts_pathlen) {
+ if (p->fts_accpath != p->fts_path)
+ errx(1, “fts ADJUST: accpath %p path %p”,
+ p->fts_accpath, p->fts_path);
+ if (p->fts_level != 0)
+ errx(1, “fts ADJUST: level %d not 0”, p->fts_level);
+ (p)->fts_accpath =
+ (char *)addr + ((p)->fts_accpath – (p)->fts_path);
+ }
+ (p)->fts_path = addr;
+}
+
/*
* When the path is realloc’d, have to fix all of the pointers in structures
* already returned.
@@ -974,18 +992,18 @@
{
FTSENT *p;
-#define ADJUST(p) { – (p)->fts_accpath = – (char *)addr + ((p)->fts_accpath – (p)->fts_path); +#define ADJUST1(p) { + if ((p)->fts_accpath == (p)->fts_path) + (p)->fts_accpath = (addr); (p)->fts_path = addr; }
/* Adjust the current set of children. */
for (p = sp->fts_child; p; p = p->fts_link)
– ADJUST(p);
+ ADJUST(p, addr);
/* Adjust the rest of the tree. */
for (p = sp->fts_cur; p->fts_level >= FTS_ROOTLEVEL;) {
– ADJUST(p);
ADJUST(p, addr);
p = p->fts_link ? p->fts_link : p->fts_parent;
}
}
参考网址
来源: BID
名称: 644
链接:http://www.securityfocus.com/bid/644
来源: OSVDB
名称: 1074
链接:http://www.osvdb.org/1074
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
