xfstt未明内存泄漏漏洞

漏洞信息详情

xfstt未明内存泄漏漏洞

• CNNVD编号：CNNVD-200308-152
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2003-0625
  
• 漏洞类型：
  
  
  边界条件错误
  
• 发布时间：
  
  2003-08-27
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  xfstt
• 漏洞来源：
  Discovery of this …

xfstt的某个版本存在Off-by-one错误。远程攻击者可以借助握手连接中的畸形客户端请求读取潜在敏感内存，该漏洞泄漏服务器响应中的内存。

Debian has released a security advisory (DSA 360-1) that contains fixes to address this issue. Information relating to obtaining and applying fixes can be found in the referenced advisory.
xfstt xfstt 1.2.1

• Debian xfstt_1.2.1-3_alpha.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_alp
  ha.deb
• Debian xfstt_1.2.1-3_arm.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_arm
  .deb
• Debian xfstt_1.2.1-3_hppa.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_hpp
  a.deb
• Debian xfstt_1.2.1-3_i386.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_i38
  6.deb
• Debian xfstt_1.2.1-3_ia64.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_ia6
  4.deb
• Debian xfstt_1.2.1-3_m68k.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_m68
  k.deb
• Debian xfstt_1.2.1-3_mips.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_mip
  s.deb
• Debian xfstt_1.2.1-3_mipsel.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_mip
  sel.deb
• Debian xfstt_1.2.1-3_powerpc.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_pow
  erpc.deb
• Debian xfstt_1.2.1-3_s390.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_s39
  0.deb
• Debian xfstt_1.2.1-3_sparc.debDebian GNU/Linux 3.0 (woody)
  
  http://security.debian.org/pool/updates/main/x/xfstt/xfstt_1.2.1-3_spa
  rc.deb

来源: DEBIAN
名称: DSA-360
链接:http://www.debian.org/security/2003/dsa-360

来源: BID
名称: 8255
链接:http://www.securityfocus.com/bid/8255

来源: BUGTRAQ
名称: 20030727 [PAPER]: Address relay fingerprinting.
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105941103709264&w=2

来源: developer.berlios.de
链接:http://developer.berlios.de/forum/forum.php?forum_id=2819