Net-SNMP snmpnetstat远程基于堆溢出漏洞-一一网

Net-SNMP snmpnetstat远程基于堆溢出漏洞

4年前更新

1540

漏洞信息详情

Net-SNMP snmpnetstat远程基于堆溢出漏洞

CNNVD编号：CNNVD-200311-020

危害等级：高危
CVE编号：
CVE-2002-1570
漏洞类型：

缓冲区溢出
发布时间：

2003-11-03
威胁类型：

远程
更新时间：

2006-09-22
厂商：

ucd-snmp
漏洞来源：
Discovered by Juan…

漏洞简介

ucd-snmp 4.2.3及其早期版本中的snmpnetstat和net-snmp存在基于堆的缓冲区溢出漏洞。远程攻击者可以通过多个具有和ifindex变量冲突的getnextrequest PDU信息执行任意代码，该漏洞导致snmpnetstat写入变量数据越过数组末尾。

漏洞公告

SCO have released an advisory (CSSA-2003-029.0) and fixes to address this issue in OpenLinux server and workstation. Affected users are advised to apply upgrades as soon as possible. Further information regarding the application of these upgrades is available in the referenced advisory. Fixes are linked below.
Fixes are available:
SCO OpenLinux Workstation 3.1.1

SCO ucd-snmp-4.2.1-18.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02
9.0/RPMS/ucd-snmp-4.2.1-18.i386.rpm
SCO ucd-snmp-devel-4.2.1-18.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02
9.0/RPMS/ucd-snmp-devel-4.2.1-18.i386.rpm
SCO ucd-snmp-tkmib-4.2.1-18.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02
9.0/RPMS/ucd-snmp-tkmib-4.2.1-18.i386.rpm
SCO ucd-snmp-utils-4.2.1-18.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-02
9.0/RPMS/ucd-snmp-utils-4.2.1-18.i386.rpm

SCO OpenLinux Server 3.1.1

SCO ucd-snmp-4.2.1-18.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R
PMS/ucd-snmp-4.2.1-18.i386.rpm
SCO ucd-snmp-devel-4.2.1-18.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R
PMS/ucd-snmp-devel-4.2.1-18.i386.rpm
SCO ucd-snmp-tkmib-4.2.1-18.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R
PMS/ucd-snmp-tkmib-4.2.1-18.i386.rpm
SCO ucd-snmp-utils-4.2.1-18.i386.rpm
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-029.0/R
PMS/ucd-snmp-utils-4.2.1-18.i386.rpm

Net-SNMP ucd-snmp 4.2.3

Conectiva ucd-snmp-4.2.3-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-4.2.3-1U70_2cl.i
386.rpm
Conectiva ucd-snmp-4.2.3-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-4.2.3-4U80_1cl.i38
6.rpm
Conectiva ucd-snmp-devel-4.2.3-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-devel-4.2.3-1U70
_2cl.i386.rpm
Conectiva ucd-snmp-devel-4.2.3-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-devel-4.2.3-4U80_1
cl.i386.rpm
Conectiva ucd-snmp-devel-static-4.2.3-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-devel-static-4.2
.3-1U70_2cl.i386.rpm
Conectiva ucd-snmp-devel-static-4.2.3-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-devel-static-4.2.3
-4U80_1cl.i386.rpm
Conectiva ucd-snmp-utils-4.2.3-1U70_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/ucd-snmp-utils-4.2.3-1U70
_2cl.i386.rpm
Conectiva ucd-snmp-utils-4.2.3-4U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/ucd-snmp-utils-4.2.3-4U80_1
cl.i386.rpm

参考网址

来源: XF
名称: netsnmp-snmpnetstat-heap-overflow(7776)
链接:http://xforce.iss.net/xforce/xfdb/7776

来源: BID
名称: 3780
链接:http://www.securityfocus.com/bid/3780

来源: BUGTRAQ
名称: 20020103 Heap overflow in snmpnetstat
链接:http://www.securityfocus.com/archive/1/248141

来源: CONECTIVA
名称: CLA-2003:696
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000696

受影响实体

Ucd-Snmp Ucd-Snmp:4.2.3

© 版权声明

文章版权归作者所有，未经允许请勿转载。

THE END

喜欢就支持一下吧

相关推荐