LCDproc LCDd 多个远程漏洞

漏洞信息详情

LCDproc LCDd 多个远程漏洞

• CNNVD编号：CNNVD-200404-004
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-1917
  
• 漏洞类型：
  
  
  格式化字符串
  
• 发布时间：
  
  2004-04-08
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  lcdproc
• 漏洞来源：
  Discovery of these…

LCDProc 0.4.1以及之前的版本的test_func_func存在格式化字符串漏洞。远程攻击者借助str变量中格式字符串说明符执行任意代码。

NOTE: It has been reported that the previously referenced fix was insufficient to resolve this issue.
Gentoo has released updates to address this issue. These updates may be applied with the following commands:
# emerge sync
# emerge -pv “>=app-misc/lcdproc-0.4.5”
# emerge “>=app-misc/lcdproc-0.4.5”
The vendor has released an upgraded version of the software which is reported to deal with this issue completely:
LCDProc LCDProc 4.4

• LCDProc lcdproc-0.4.5.tar.gz
  
  http://lcdproc.omnipotent.net/download/lcdproc-0.4.5.tar.gz

来源: BID
名称: 10085
链接:http://www.securityfocus.com/bid/10085

来源: GENTOO
名称: GLSA-200404-19
链接:http://security.gentoo.org/glsa/glsa-200404-19.xml

来源: SECUNIA
名称: 11333
链接:http://secunia.com/advisories/11333

来源: XF
名称: lcdproc-testfuncfunc-format-string(15817)
链接:http://xforce.iss.net/xforce/xfdb/15817

来源: BUGTRAQ
名称: 20040408 PSR – #2004-002 Remote – LCDProc
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108146376315229&w=2

来源: lists.omnipotent.net
链接:http://lists.omnipotent.net/pipermail/lcdproc/2004-April/008884.html