Man程序不安全返回值命令执行漏洞

漏洞信息详情

Man程序不安全返回值命令执行漏洞

• CNNVD编号：CNNVD-200303-055
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2003-0124
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2003-03-18
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2006-11-02
  
• 厂        商：
  
  andries_brouwer
• 漏洞来源：
  Discovery credited…

Man 1.5l之前的版本存在漏洞。远程攻击者可以借助一个带有不正确引用的畸形man文件执行任意代码，该漏洞可以导致my_xsprintf函数返回一个带有“unsafe”值的字符串，然后借助系统调用像程序一样执行，该系统调用在运行man的用户搜索路径上。

Sorcerer Linux has released an advisory. Users are advised to update man sources by issuing the following commands:
augur synch && augur update
It is recommended that all Gentoo Linux users who are running
sys-apps/man upgrade to man-1.5l as follows:
emerge sync
emerge man
emerge clean
Mandrake has released a security advisory (MDKSA-2003:054) containing fixes to address this issue. Users are advised to apply fixes as soon as possible.
Sun has released an update for Sun Linux 5.0.5.
Fixes available:
Andries Brouwer man 1.5 k

• Andries Brouwer man-1.5l.tar.gz
  ftp://ftp.win.tue.nl/pub/linux-local/utils/man/man-1.5l.tar.gz
• Conectiva man-1.5l-1U60_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/6.0/RPMS/man-1.5l-1U60_1cl.i386.rp
  m
• Conectiva man-1.5l-1U70_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/7.0/RPMS/man-1.5l-1U70_1cl.i386.rp
  m
• Conectiva man-1.5l-1U80_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/8/RPMS/man-1.5l-1U80_1cl.i386.rpm
• Mandrake man-1.5k-2.1mdk.i586.rpm Corporate Server 2.1
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake man-1.5k-2.1mdk.i586.rpm Mandrake Linux 9.0
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake man-1.5k-8.1mdk.i586.rpm Mandrake Linux 9.1
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake man-1.5k-8.1mdk.ppc.rpm Mandrake Linux 9.1/PPC
  
  http://www.mandrakesecure.net/en/ftp.php
• Red Hat man-1.5k-0.8x.0.i386.rpm
  ftp://updates.redhat.com/8.0/en/os/i386/man-1.5k-0.8x.0.i386.rpm

Andries Brouwer man 1.5 i

• Andries Brouwer man-1.5l.tar.gz
  ftp://ftp.win.tue.nl/pub/linux-local/utils/man/man-1.5l.tar.gz

Andries Brouwer man 1.5 i2

• Andries Brouwer man-1.5l.tar.gz
  ftp://ftp.win.tue.nl/pub/linux-local/utils/man/man-1.5l.tar.gz

Andries Brouwer man 1.5 j

• Andries Brouwer man-1.5l.tar.gz
  ftp://ftp.win.tue.nl/pub/linux-local/utils/man/man-1.5l.tar.gz
• Mandrake man-1.5j-4.1mdk.i586.rpm Mandrake Linux 8.2
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake man-1.5j-4.1mdk.i586.rpm Multi Network Firewall 8.2
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake man-1.5j-4.1mdk.ppc.rpm Mandrake Linux 8.2/PPC
  
  http://www.mandrakesecure.net/en/ftp.php
• Red Hat man-1.5j-7.7x.0.i386.rpm
  ftp://updates.redhat.com/7.1/en/os/i386/man-1.5j-7.7x.0.i386.rpm
• Red Hat man-1.5j-7.7x.0.i386.rpm
  ftp://updates.redhat.com/7.2/en/os/i386/man-1.5j-7.7x.0.i386.rpm
• Red Hat man-1.5j-7.7x.0.i386.rpm
  ftp://updates.redhat.com/7.3/en/os/i386/man-1.5j-7.7x.0.i386.rpm
• Red Hat man-1.5j-7.7x.0.ia64.rpm
  ftp://updates.redhat.com/7.2/en/os/ia64/man-1.5j-7.7x.0.ia64.rpm
• Sun man-1.5j-7.7x.0.i386.rpm
  ftp://ftp.cobalt.sun.com/pub/products/sunlinux/5.0/en/updates/i386/RPM
  S/man-1.5j-7.7x.0.i386.rpm

Andries Brouwer man 1.5 h1

• Andries Brouwer man-1.5l.tar.gz
  ftp://ftp.win.tue.nl/pub/linux-local/utils/man/man-1.5l.tar.gz

来源: BID
名称: 7066
链接:http://www.securityfocus.com/bid/7066

来源: BUGTRAQ
名称: 20030311 Vulnerability in man < 1.5l
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104740927915154&w=2

来源: XF
名称: man-myxsprintf-code-execution(11512)
链接:http://xforce.iss.net/xforce/xfdb/11512

来源: REDHAT
名称: RHSA-2003:134
链接:http://www.redhat.com/support/errata/RHSA-2003-134.html

来源: REDHAT
名称: RHSA-2003:133
链接:http://www.redhat.com/support/errata/RHSA-2003-133.html

来源: GENTOO
名称: GLSA-200303-13
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=104802285112752&w=2

来源: CONECTIVA
名称: CLSA-2003:620
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620