SLRN超长头缓冲区溢出漏洞

漏洞信息详情

SLRN超长头缓冲区溢出漏洞

• CNNVD编号：CNNVD-200106-178
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-0441
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2001-06-27
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  debian
• 漏洞来源：
  This vulnerability…

slrn新闻阅读器0.9.7.0之前版本的(1)wrapping和(2)unwrapping存在缓冲区溢出漏洞。远程攻击者借助超长消息头执行任意命令。

Updates available:
SLRN Development Team slrn 0.9.6 .3

• MandrakeSoft 1.0.1 i386 slrn-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/1.0.1/RPMS
  /slrn-0.9.6.3-10.2mdk.i586.rpm
• MandrakeSoft 1.0.1 i386 slrn-pull-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/1.0.1/RPMS
  /slrn-pull-0.9.6.3-10.2mdk.i586.rpm
• MandrakeSoft 6.0 i386 slrn-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.0/RPMS/s
  lrn-0.9.6.3-10.2mdk.i586.rpm
• MandrakeSoft 6.0 i386 slrn-pull-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.0/RPMS/s
  lrn-pull-0.9.6.3-10.2mdk.i586.rpm
• MandrakeSoft 6.1 i386 slrn-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.1/RPMS/s
  lrn-0.9.6.3-10.2mdk.i586.rpm
• MandrakeSoft 6.1 i386 slrn-pull-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/6.1/RPMS/s
  lrn-pull-0.9.6.3-10.2mdk.i586.rpm
• MandrakeSoft 7.0 i386 slrn-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.0/RPMS/s
  lrn-0.9.6.3-10.2mdk.i586.rpm
• MandrakeSoft 7.0 i386 slrn-pull-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.0/RPMS/s
  lrn-pull-0.9.6.3-10.2mdk.i586.rpm
• MandrakeSoft 7.1 i386 slrn-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/RPMS/s
  lrn-0.9.6.3-10.2mdk.i586.rpm
• MandrakeSoft 7.1 i386 slrn-pull-0.9.6.3-10.2mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.1/RPMS/s
  lrn-pull-0.9.6.3-10.2mdk.i586.rpm
• MandrakeSoft 7.2 i386 slrn-0.9.6.3-10.1mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/s
  lrn-0.9.6.3-10.1mdk.i586.rpm
• MandrakeSoft 7.2 i386 slrn-pull-0.9.6.3-10.1mdk.i586.rpm
  ftp://sunsite.ualberta.ca/pub/Mirror/Linux/mandrake/updates/7.2/RPMS/s
  lrn-pull-0.9.6.3-10.1mdk.i586.rpm

SLRN Development Team slrn 0.9.6 .2-9

• Debian 2.2 alpha slrn_0.9.6.2-9potato1_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/slrn
  _0.9.6.2-9potato1_alpha.deb
• Debian 2.2 alpha slrnpull_0.9.6.2-9potato1_alpha.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-alpha/slrn
  pull_0.9.6.2-9potato1_alpha.deb
• Debian 2.2 arm slrn_0.9.6.2-9potato1_arm.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-arm/slrn_0
  .9.6.2-9potato1_arm.deb
• Debian 2.2 arm slrnpull_0.9.6.2-9potato1_arm.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-arm/slrnpu
  ll_0.9.6.2-9potato1_arm.deb
• Debian 2.2 i386 slrn_0.9.6.2-9potato1_i386.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-i386/slrn_
  0.9.6.2-9potato1_i386.deb
• Debian 2.2 i386 slrnpull_0.9.6.2-9potato1_i386.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-i386/slrnp
  ull_0.9.6.2-9potato1_i386.deb
• Debian 2.2 m68k slrn_0.9.6.2-9potato1_m68k.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-m68k/slrn_
  0.9.6.2-9potato1_m68k.deb
• Debian 2.2 m68k slrnpull_0.9.6.2-9potato1_m68k.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-m68k/slrnp
  ull_0.9.6.2-9potato1_m68k.deb
• Debian 2.2 ppc slrn_0.9.6.2-9potato1_powerpc.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/sl
  rn_0.9.6.2-9potato1_powerpc.deb
• Debian 2.2 ppc slrnpull_0.9.6.2-9potato1_powerpc.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-powerpc/sl
  rnpull_0.9.6.2-9potato1_powerpc.deb
• Debian 2.2 sparc slrn_0.9.6.2-9potato1_sparc.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-sparc/slrn
  _0.9.6.2-9potato1_sparc.deb
• Debian 2.2 sparc slrnpull_0.9.6.2-9potato1_sparc.deb
  
  http://security.debian.org/dists/stable/updates/main/binary-sparc/slrn
  pull_0.9.6.2-9potato1_sparc.deb

SLRN Development Team slrn 0.9.6 .4

• FreeBSD ports-4 i386 slrn-0.9.7.0.tgz
  ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/news/sl
  rn-0.9.7.0.tgz
• FreeBSD ports-5 i386 slrn-0.9.7.0.tgz
  ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/news/s
  lrn-0.9.7.0.tgz
• Red Hat Inc. 6.2 i386 slrn-pull-0.9.6.4-0.6.i386.rpm
  ftp://updates.redhat.com/6.2/i386/slrn-pull-0.9.6.4-0.6.i386.rpm
• Red Hat Inc. 6.2 sparc slrn-0.9.6.4-0.6.sparc.rpm
  

  参考网址

  来源: REDHAT
  名称: RHSA-2001:028
  链接:http://www.redhat.com/support/errata/RHSA-2001-028.html

  来源: MANDRAKE
  名称: MDKSA-2001:028
  链接:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-028.php3

  来源: DEBIAN
  名称: DSA-040
  链接:http://www.debian.org/security/2001/dsa-040

  来源: FREEBSD
  名称: FreeBSD-SA-01:37
  链接:http://archives.neohapsis.com/archives/freebsd/2001-04/0610.html

  来源: XF
  名称: slrn-wrapping-bo
  链接:http://xforce.iss.net/static/6213.php

  来源: BID
  名称: 2493
  链接:http://www.securityfocus.com/bid/2493

  来源: BUGTRAQ
  名称: 20010316 Immunix OS Security update for slrn
  链接:http://marc.theaimsgroup.com/?l=bugtraq&m=98471253131191&w=2

  来源: CONECTIVA
  名称: CLA-2001:383
  链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000383