漏洞信息详情
Michael Krax log2mail远程缓冲区溢出漏洞
- CNNVD编号:CNNVD-200211-018
- 危害等级: 超危
![图片[1]-Michael Krax log2mail远程缓冲区溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-04-26/c4e67a37c54aee8c0e1983d8333a9158.png)
- CVE编号:
CVE-2002-1251
- 漏洞类型:
边界条件错误
- 发布时间:
2002-11-12
- 威胁类型:
远程
- 更新时间:
2005-05-13
- 厂 商:
log2mail - 漏洞来源:
Enrico Zini -
漏洞简介
log2mail是一款用于监视日志文件,能通过邮件发送日志与模型匹配的工具。
log2mail守护程序对畸形日志处理不正确,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能以root用户权限在系统上执行任意指令。
log2mail守护程序在系统启动阶段运行,而且一般以root用户权限运行,攻击者可以提交特殊的(远程)日志消息,可导致堆栈中静态缓冲区溢出,精心提交日志消息数据可能以root用户权限在系统上执行任意指令。
漏洞公告
厂商补丁:
Debian
——
Debian已经为此发布了一个安全公告(DSA-186-1)以及相应补丁:
DSA-186-1:New log2mail packages fix several vulnerabilities
链接:http://www.debian.org/security/2002/dsa-186” target=”_blank”>
http://www.debian.org/security/2002/dsa-186
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1.dsc
Size/MD5 checksum: 483 8e995f49a3dd170b6c736aec46f9b8ca
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1.tar.gz
Size/MD5 checksum: 28992 c87f9e8dedba478f8df8c7e7284891c3
Alpha architecture:
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_alpha.deb
Size/MD5 checksum: 70210 5be1472a8bd242c1fdb2b7847a3e2901
ARM architecture:
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_arm.deb
Size/MD5 checksum: 31340 fe1d7c47b0059389fa9e0005293c5eee
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_i386.deb
Size/MD5 checksum: 38532 ca7b3f97063ee1de06eb2ec97c3c4f52
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_ia64.deb
Size/MD5 checksum: 49148 15761601c3ad47f58bdf033fd68b5b59
HP Precision architecture:
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_hppa.deb
Size/MD5 checksum: 44656 6e7585d858feaa409f98c24a3f2845dc
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_m68k.deb
Size/MD5 checksum: 38626 e7b51b9ccf6a92a9e449f8b6dbaaf948
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_mips.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_mips.deb
Size/MD5 checksum: 48476 feb5fcd33b64f1dddd05a7a19653629f
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_mipsel.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_mipsel.deb
Size/MD5 checksum: 47776 614f65fe2efa766732f12c7f364751bb
PowerPC architecture:
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_powerpc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_powerpc.deb
Size/MD5 checksum: 36960 cd7dec5cb03828f1b68a061fdae8e3bb
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_s390.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_s390.deb
Size/MD5 checksum: 37192 6043652b8d87daf781ddb3b6540c591c
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_sparc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/l/log2mail/log2mail_0.2.5.1_sparc.deb
Size/MD5 checksum: 34836 e3c4cabc3e534c13d3fc8170384d3757
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
参考网址
来源: DEBIAN
名称: DSA-186
链接:http://www.debian.org/security/2002/dsa-186
来源: XF
名称: log2mail-log-file-bo(10527)
链接:http://www.iss.net/security_center/static/10527.php
来源: BID
名称: 6089
链接:http://www.securityfocus.com/bid/6089
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
