SETI @ home的客户端程序远程缓冲区溢出漏洞

漏洞信息详情

SETI @ home的客户端程序远程缓冲区溢出漏洞

• CNNVD编号：CNNVD-200312-067
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2003-1118
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2003-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-08-24
  
• 厂        商：
  
  university_of_california
• 漏洞来源：
  .’);”>The discovery of t…

SETI@home客户端3.03以及其他版本存在缓冲区溢出漏洞。远程攻击者借助包含以＼n（换行）字符结尾的超长字符串的欺骗服务器响应导致服务拒绝（客户端程序崩溃）并执行任意代码。

FreeBSD have released an advisory (FreeBSD-SN-03:02) to address this issue.
The vendor has addressed this issue in version 3.08. Users are advised to upgrade their clients as soon as possible.
Gentoo Linux has released an advisory. Users who have installed app-sci/setiathome are advised to upgrade to setiathome-3.08 by issuing the following commands:
emerge sync
emerge setiathome
emerge clean
Fix:
SETI SETI@home 3.3

• SETI SETI@home 3.08
  
  http://setiathome.ssl.berkeley.edu/download.html

SETI SETI@home 3.4

• SETI SETI@home 3.08
  
  http://setiathome.ssl.berkeley.edu/download.html

SETI SETI@home 3.5

• SETI SETI@home 3.08
  
  http://setiathome.ssl.berkeley.edu/download.html

SETI SETI@home 3.6

• SETI SETI@home 3.08
  
  http://setiathome.ssl.berkeley.edu/download.html

SETI SETI@home 3.7

• SETI SETI@home 3.08
  
  http://setiathome.ssl.berkeley.edu/download.html

来源:US-CERT Vulnerability Note: VU#146785
名称: VU#146785
链接:http://www.kb.cert.org/vuls/id/146785

来源: BID
名称: 7292
链接:http://www.securityfocus.com/bid/7292

来源: XF
名称: seti@home-newline-bo(11731)
链接:http://xforce.iss.net/xforce/xfdb/11731

来源: FULLDISC
名称: 20030406 Seti@home information leakage and remote compromise
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004383.html