漏洞信息详情
CVS远程非法目录请求导致堆破坏漏洞
- CNNVD编号:CNNVD-200302-010
- 危害等级: 高危
![图片[1]-CVS远程非法目录请求导致堆破坏漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-04-26/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2003-0015
- 漏洞类型:
边界条件错误
- 发布时间:
2003-01-20
- 威胁类型:
远程
- 更新时间:
2006-11-06
- 厂 商:
cvs - 漏洞来源:
Stefan Esser※ s.es… -
漏洞简介
Concurrent Versions System (CVS)是一款开放源代码的版本控制软件。
CVS的服务代码在处理目录请求时存在缺陷,远程攻击者可以利用这个漏洞进行基于堆破坏的攻击,可能以CVS进程权限在系统上执行任意指令。
当攻击者发送畸形目录名给CVS的时会触发错误条件,使得函数释放了某个缓冲区后并没有分配新的缓冲区。这在下一个目录请求时会发生典型的double-free()问题。
通过其他CVS请求的帮助,可以泄露部分信息用于判断堆的位置或以其他已知漏洞在系统上执行任意代码。
漏洞公告
临时解决方法:
如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 采用Stefan Esser(s.esser@e-matters.de)第三方补丁在配置文件中关闭Update-prog和Checkin-prog:
http://security.e-matters.de/patches/cvs_disablexprog.diff” target=”_blank”>
http://security.e-matters.de/patches/cvs_disablexprog.diff
* 使用chrooted over SSH运行方式来代替普通的:pserver:模式在运行CVS服务:
http://www.netsys.com/library/papers/chrooted-ssh-cvs-server.txt” target=”_blank”>
http://www.netsys.com/library/papers/chrooted-ssh-cvs-server.txt
厂商补丁:
CVS
—
http://www.debian.org/security/2003/dsa-233” target=”_blank”>
http://www.debian.org/security/2003/dsa-233
Debian
——
Debian已经为此发布了一个安全公告(DSA-233-1)以及相应补丁:
DSA-233-1:New cvs packages fix arbitrary code execution
链接:http://www.debian.org/security/2002/dsa-233” target=”_blank”>
http://www.debian.org/security/2002/dsa-233
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2.dsc
Size/MD5 checksum: 582 5c3493da60574f2d207376ffc8023964
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2.diff.gz
Size/MD5 checksum: 35717 76d1e80427b67945e2b10c4bd449b1b7
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7.orig.tar.gz
Size/MD5 checksum: 2312181 614e72d2a6dff40f3f5bec2e9be270f2
Architecture independent components:
http://security.debian.org/pool/updates/main/c/cvs/cvs-doc_1.10.7-9.2_all.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs-doc_1.10.7-9.2_all.deb
Size/MD5 checksum: 875428 d7a1b05fc60c8524077b41abef40be82
Alpha architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_alpha.deb
Size/MD5 checksum: 559820 6d27ca86cf46ffdec1ff9ca0710c74d2
ARM architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_arm.deb
Size/MD5 checksum: 474478 93283c96da77a7c2906576632ff1f666
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_i386.deb
Size/MD5 checksum: 455974 32924918a5a027f287c1fff64139aa98
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_m68k.deb
Size/MD5 checksum: 434776 df8c02b15a87bec5658d88e913bb0617
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_powerpc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_powerpc.deb
Size/MD5 checksum: 484070 78114da539eb4db94d5be1b77e6f1145
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_sparc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.10.7-9.2_sparc.deb
Size/MD5 checksum: 476174 159dc8aefaffe14e4188efc9efae1b1a
Debian GNU/Linux 3.0 alias woody
– ——————————–
Source archives:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1.dsc
Size/MD5 checksum: 687 3bd481f023c7d48ebf940f18f7c33676
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1.diff.gz
Size/MD5 checksum: 46985 f82269f5699a64b3c8a1836f4307d5b1
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
Size/MD5 checksum: 2621658 500965ab9702b31605f8c58aa21a6205
Alpha architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_alpha.deb
Size/MD5 checksum: 1177920 eed3c107f8156965a2648ff6bc57ea1a
ARM architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_arm.deb
Size/MD5 checksum: 1104340 6d55d5b6013029726f33d27f756e8232
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_i386.deb
Size/MD5 checksum: 1085010 db4c58e92bfdc56730c14df95ba8fab8
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_ia64.deb
Size/MD5 checksum: 1269590 4cea089453af0476f3c304a9c0055092
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_hppa.deb
Size/MD5 checksum: 1146366 157380627dc8e7e8c0cc3d6510bb8c85
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_m68k.deb
Size/MD5 checksum: 1064640 c31eb6a3f549f1e3f88ce334895e5e28
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_mips.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_mips.deb
Size/MD5 checksum: 1128826 73112b82d7c2a1bb36bee6f172809e00
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_mipsel.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_mipsel.deb
Size/MD5 checksum: 1130112 f358566006b1ee33a1872c9e485e1ce1
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_powerpc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_powerpc.deb
Size/MD5 checksum: 1115310 9cce0571143b2bdf118b7e215d6aaa5e
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_s390.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_s390.deb
Size/MD5 checksum: 1096250 74df925521a9fb91bc9dfef9dce15e1a
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_sparc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-8.1_sparc.deb
Size/MD5 checksum: 1106098 d69a55f754484761aebc67a723b81aa6
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
&n
参考网址
来源:US-CERT Vulnerability Note: VU#650937
名称: VU#650937
链接:http://www.kb.cert.org/vuls/id/650937
来源:CERT/CC Advisory: CA-2003-02
名称: CA-2003-02
链接:http://www.cert.org/advisories/CA-2003-02.html
来源: security.e-matters.de
链接:http://security.e-matters.de/advisories/012003.html
来源: REDHAT
名称: RHSA-2003:013
链接:http://rhn.redhat.com/errata/RHSA-2003-013.html
来源: XF
名称: cvs-doublefree-memory-corruption(11108)
链接:http://xforce.iss.net/xforce/xfdb/11108
来源: BID
名称: 6650
链接:http://www.securityfocus.com/bid/6650
来源: REDHAT
名称: RHSA-2003:012
链接:http://www.redhat.com/support/errata/RHSA-2003-012.html
来源: MANDRAKE
名称: MDKSA-2003:009
链接:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009
来源: DEBIAN
名称: DSA-233
链接:http://www.debian.org/security/2003/dsa-233
来源: CIAC
名称: N-032
链接:http://www.ciac.org/ciac/bulletins/n-032.shtml
来源: FREEBSD
名称: FreeBSD-SA-03:01
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104438807203491&w=2
来源: BUGTRAQ
名称: 20030202 Exploit for CVS double free() for Linux pserver
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104428571204468&w=2
来源: BUGTRAQ
名称: 20030124 Test program for CVS double-free.
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104342550612736&w=2
来源: BUGTRAQ
名称: 20030122 [security@slackware.com: [slackware-security] New CVS packages available]
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104333092200589&w=2
来源: ccvs.cvshome.org
链接:http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14
来源: VULNWATCH
名称: 20030120 Advisory 01/2003: CVS remote vulnerability
链接:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
