WindowMaker图象处理缓冲区溢出漏洞-一一网

WindowMaker图象处理缓冲区溢出漏洞

4年前更新

1720

漏洞信息详情

WindowMaker图象处理缓冲区溢出漏洞

CNNVD编号：CNNVD-200211-017

危害等级：高危
CVE编号：
CVE-2002-1277
漏洞类型：

边界条件错误
发布时间：

2002-11-12
威胁类型：

远程
更新时间：

2005-05-13
厂商：

windowmaker
漏洞来源：
Al Viro

漏洞简介

Window Maker是一款流行的桌面管理程序。
Window Maker在装载图象时使用的一个函数存在问题，远程攻击者可以利用这个漏洞构建恶意图象并诱使用户设置为背景图象而触发缓冲区溢出。
Window Maker当建立图象时会对图象长和宽相乘操作来分配缓冲区，但没有对其进行边界缓冲区检查，提供超大的图象长宽值可导致缓冲区溢出，可能以Window Maker进程权限在系统上执行任意指令。

漏洞公告

厂商补丁：
Conectiva
———
Conectiva已经为此发布了一个安全公告(CLA-2002:548)以及相应补丁:

CLA-2002:548：windowmaker

链接：http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548” target=”_blank”>
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548

补丁下载：

ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/WindowMaker-0.62.1-13U60_2cl.src.rpm

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/WindowMaker-0.62.1-13U60_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/6.0/RPMS/WindowMaker-devel-0.62.1-13U60_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/WindowMaker-0.65.1-2U70_2cl.src.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-0.65.1-2U70_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-devel-0.65.1-2U70_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-devel-static-0.65.1-2U70_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/7.0/RPMS/WindowMaker-doc-0.65.1-2U70_2cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/SRPMS/WindowMaker-0.80.0-3U80_1cl.src.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-0.80.0-3U80_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-devel-0.80.0-3U80_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-devel-static-0.80.0-3U80_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/WindowMaker-doc-0.80.0-3U80_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-2.2.0-13U80_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-devel-2.2.0-13U80_1cl.i386.rpm

ftp://atualizacoes.conectiva.com.br/8/RPMS/libwraster-devel-static-2.2.0-13U80_1cl.i386.rpm

Conectiva Linux version 6.0及以上版本的用户可以使用apt进行RPM包的更新：

– 把以下的文本行加入到/etc/apt/sources.list文件中：

rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates

(如果你不是使用6.0版本，用合适的版本号代替上面的6.0)

– 执行: apt-get update

– 更新以后，再执行: apt-get upgrade
Debian
——
Debian已经为此发布了一个安全公告(DSA-190-1)以及相应补丁:

DSA-190-1：buffer overflow in Window Maker

链接：http://www.debian.org/security/2002/dsa-190” target=”_blank”>
http://www.debian.org/security/2002/dsa-190

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0.orig.tar.gz

Size/MD5 checksum: 2452207 0768a12edff35cba82e769fcbc8de430

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.diff.gz

Size/MD5 checksum: 323198 c1a49502d07e18044d2e1b579c7144fb

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1.dsc

Size/MD5 checksum: 1463 81ac44a6b0ea1dedc49834f35e5bfb51

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_alpha.deb

Size/MD5 checksum: 2292278 015fa329febee7722ace1d233989c5b0

http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_alpha.deb

Size/MD5 checksum: 448638 642310838f93352e6461ba73d28ad178

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_alpha.deb

Size/MD5 checksum: 124220 7614f26566c44ce413e5ca05e8f3e146

http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_alpha.deb

Size/MD5 checksum: 60026 e74d2e084ac969d1ea7d349140d2721e

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_alpha.deb

Size/MD5 checksum: 108778 400114e0b4d35b37d573efee840e6e73

arm architecture (ARM)

http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/w/wmaker/libwings-dev_0.80.0-4.1_arm.deb

Size/MD5 checksum: 340944 9d611e16b7b35ed5985f037a4f8f5635

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2-dev_0.80.0-4.1_arm.deb

Size/MD5 checksum: 107852 23a35885f237a23b733ef105438761aa

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_arm.deb

Size/MD5 checksum: 2068456 aa0f4630de38323faf835cf4f965b7fe

http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/w/wmaker/libwmaker0-dev_0.80.0-4.1_arm.deb

Size/MD5 checksum: 59220 e334af4dad5edcc5cd1c1ac4e8cbefeb

http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/w/wmaker/libwraster2_0.80.0-4.1_arm.deb

Size/MD5 checksum: 95684 3a468466a4223b14b8f3b43acab410de

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/w/wmaker/wmaker_0.80.0-4.1_hppa.deb

Size/MD5 checksum: 2189302 ef8befcc5bba64f0599f082569d56958

http://security

参考网址

来源: BID
名称: 6119
链接:http://www.securityfocus.com/bid/6119

来源: REDHAT
名称: RHSA-2003:009
链接:http://www.redhat.com/support/errata/RHSA-2003-009.html

来源: DEBIAN
名称: DSA-190
链接:http://www.debian.org/security/2002/dsa-190

来源: XF
名称: window-maker-image-bo(10560)
链接:http://www.iss.net/security_center/static/10560.php

来源: REDHAT
名称: RHSA-2003:043
链接:http://www.redhat.com/support/errata/RHSA-2003-043.html

来源: MANDRAKE
名称: MDKSA-2002:085
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-085.php

来源: CONECTIVA
名称: CLA-2002:548
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548

受影响实体

Windowmaker Windowmaker:0.20.1.3
Windowmaker Windowmaker:0.52.2
Windowmaker Windowmaker:0.53
Windowmaker Windowmaker:0.61
Windowmaker Windowmaker:0.61.1

© 版权声明

文章版权归作者所有，未经允许请勿转载。

THE END

喜欢就支持一下吧

相关推荐