FreeBSD eject缓冲区溢出漏洞-一一网

漏洞信息详情

FreeBSD eject缓冲区溢出漏洞

CNNVD编号：CNNVD-200011-020

危害等级：高危
CVE编号：
CVE-2000-0852
漏洞类型：

缓冲区溢出
发布时间：

2000-11-14
威胁类型：

本地
更新时间：

2005-05-02
厂商：

freebsd
漏洞来源：
This vulnerability…

漏洞简介

FreeBSD，还可能有其他Oses上的eject存在多个缓冲区溢出漏洞。本地用户利用该漏洞提升根特权。

漏洞公告

One of the following (exerpted from the FreeBSD advisory):
1) Upgrade your entire ports collection and rebuild the eject port.
2) Deinstall the old package and install a new package dated after the
correction date, obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/eject-1.4.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/eject-1.4.tgz
NOTE: Be sure to check the file creation date on the package, because
the version number of the software has not changed.
3) download a new port skeleton for the eject port from:
http://www.freebsd.org/ports/
and use it to rebuild the port.
4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz