漏洞信息详情
CVS多次Entry已被修改或未被修改标记插入操作堆溢出漏洞
- CNNVD编号:CNNVD-200406-041
- 危害等级: 高危
![图片[1]-CVS多次Entry已被修改或未被修改标记插入操作堆溢出漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-17/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2004-0396
- 漏洞类型:
边界条件错误
- 发布时间:
2004-05-19
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
cvs - 漏洞来源:
Stefan Esser※ s.es… -
漏洞简介
Concurrent Versions System (CVS)是一款使用极为广泛的开放源代码的版本控制软件。
CVS服务器在处理用户提交的给Entry数据打上已被修改或未被修改标记的Is-modified和Unchanged命令时存在问题,远程攻击者可以利用这个漏洞对CVS服务程序进行基于堆的溢出攻击,精心构建提交数据可能以进程权限在系统上执行任意指令。
当客户端发送一条Entry行给服务器,会额外增加字节来标记Entry是否为已被修改的或未被修改的。CVS服务器在处理标记粘附的操作逻辑上存在问题,导致允许插入任意多个\’\’M\’\’字符到用于存放Entry数据的堆缓冲区中。利用malloc() off-by-one利用技术可以触发缓冲区溢出,可能以CVS进程权限在系统上执行任意指令。
漏洞公告
厂商补丁:
CVS
—
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
CVS Upgrade cvs-1.11.16.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&dlID=489” target=”_blank”>
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&dlID=489
CVS Upgrade cvs-1.12.8.tar.gz
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&dlID=491” target=”_blank”>
http://ccvs.cvshome.org/servlets/ProjectDownloadList?action=download&dlID=491
Debian
——
Debian已经为此发布了一个安全公告(DSA-505-1)以及相应补丁:
DSA-505-1:New cvs packages fix remote exploit
链接:http://www.debian.org/security/2002/dsa-505” target=”_blank”>
http://www.debian.org/security/2002/dsa-505
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4.dsc” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4.dsc
Size/MD5 checksum: 693 c4580daf3d02e68bf271c3fc2fa9fe8c
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4.diff.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4.diff.gz
Size/MD5 checksum: 52212 a44f53ccf950679f3257a2f3487220b7
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian.orig.tar.gz
Size/MD5 checksum: 2621658 500965ab9702b31605f8c58aa21a6205
Alpha architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_alpha.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_alpha.deb
Size/MD5 checksum: 1178736 503ab302999d5fec9c4cb41f735bc2ab
ARM architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_arm.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_arm.deb
Size/MD5 checksum: 1105276 8b2536e975a3272b5d10590bd768b6c7
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_i386.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_i386.deb
Size/MD5 checksum: 1085994 195aa822dbd450bbb3321f17442b3644
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_ia64.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_ia64.deb
Size/MD5 checksum: 1270986 2adee3e24f61234e0c597c55983257df
HP Precision architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_hppa.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_hppa.deb
Size/MD5 checksum: 1147338 e1a7eec47c9f6ca11d342c7a680abd93
Motorola 680×0 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_m68k.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_m68k.deb
Size/MD5 checksum: 1065866 5238933fe0b1d9a9e7e2506cc39d8411
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_mips.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_mips.deb
Size/MD5 checksum: 1129740 c6e9a932c2bdabbfee51c792d813a439
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_mipsel.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_mipsel.deb
Size/MD5 checksum: 1131106 05424d6056d0c9123c88b7e7f6b27f7d
PowerPC architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_powerpc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_powerpc.deb
Size/MD5 checksum: 1116184 1fe49f6356a160087cf669f7afc12700
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_s390.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_s390.deb
Size/MD5 checksum: 1097006 6e98ead7e926fc07203cf43e84b1152d
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_sparc.deb” target=”_blank”>
http://security.debian.org/pool/updates/main/c/cvs/cvs_1.11.1p1debian-9woody4_sparc.deb
Size/MD5 checksum: 1107284 47f8dad7b309c9c19542bf1fc9502f77
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
FreeBSD
——-
FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-04:10)以及相应补丁:
FreeBSD-SA-04:10:CVS pserver protocol parser errors
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc
补丁下载:
执行以下步骤之一:
1) 将有漏洞的系统升级到4-STABLE,或修订日期后的_5_2,RELENG_4_9或RELENG_4_8
安全版本。
2) 为当前系统打补丁:
已验证下列补丁可应用于FreeBSD 4.7, 4.8, 4.9, 4.10, 5.0, 5.1和5.2系统。
a) 从以下位置下载相关补丁,并使用PGP工具验证附带的PGP签名。
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:10/cvs.patch
# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:10/cvs.patch.asc
b) 以root执行以下命令:
# cd /usr/src
# patch < /path/to/patch
# cd /usr/src/gnu/usr.bin/cvs
# make obj && make depend && make && make install
VI. 更新细节
下面列出了已修正的FreeBSD版本中每个被修改文件的
MandrakeSoft
————
http://www.debian.org/security/2004/dsa-505” target=”_blank”>
http://www.debian.org/security/2004/dsa-505
S.u.S.E.
——–
S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2004:013)以及相应补丁:
SuSE-SA:2004:013:cvs
链接:
补丁下载:
CVS CVS 1.11.1 p1:
SuSE Upgrade cvs-1.11.1p1-329.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cvs-1.11.1p1-329.i586.rpm
SuSE Upgrade cvs-1.11.1p1-329.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/cvs-1.11.1p1-329.i586.patch.rpm
SuSE Upgrade cvs-1.11.1p1-329.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/cvs-1.11.1p1-329.i386.rpm
SuSE Upgrade cvs-1.11.1p1-329.i386.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.0/d3/cvs-1.11.1p1-329.i386.patch.rpm
CVS CVS 1.11.5:
SuSE Upgrade cvs-1.11.5-112.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cvs-1.11.5-112.i586.rpm
SuSE Upgrade cvs-1.11.5-112.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/cvs-1.11.5-112.i586.patch.rpm
CVS Upgrade cvs-1.11.16.tar.gz
来源:US-CERT Vulnerability Note: VU#192038
名称: VU#192038
链接:http://www.kb.cert.org/vuls/id/192038
来源:US-CERT Technical Alert: TA04-147A
名称: TA04-147A
链接:http://www.us-cert.gov/cas/techalerts/TA04-147A.html
来源: REDHAT
名称: RHSA-2004:190
链接:http://www.redhat.com/support/errata/RHSA-2004-190.html
来源: DEBIAN
名称: DSA-505
链接:http://www.debian.org/security/2004/dsa-505
来源: BUGTRAQ
名称: 20040519 Advisory 07/2004: CVS remote vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108498454829020&w=2
来源: GENTOO
名称: GLSA-200405-12
链接:http://security.gentoo.org/glsa/glsa-200405-12.xml
来源: security.e-matters.de
链接:http://security.e-matters.de/advisories/072004.html
来源: OVAL
名称: oval:org.mitre.oval:def:9058
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9058
来源: SUSE
名称: SuSE-SA:2004:013
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-May/021742.html
来源: NETBSD
名称: NetBSD-SA2004-008
链接:ftp://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2004-008.txt.asc
来源: FREEBSD
名称: FreeBSD-SA-04:10
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:10.cvs.asc
来源: XF
名称: cvs-entry-line-bo(16193)
链接:http://xforce.iss.net/xforce/xfdb/16193
来源: SLACKWARE
名称: SSA:2004-140-01
链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.395865
来源: BID
名称: 10384
链接:http://www.securityfocus.com/bid/10384
来源: OSVDB
名称: 6305
链接:http://www.osvdb.org/6305
来源: MANDRAKE
名称: MDKSA-2004:048
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:048
来源: CIAC
名称: O-147
链接:http://www.ciac.org/ciac/bulletins/o-147.shtml
来源: SECUNIA
名称: 11674
链接:http://secunia.com/advisories/11674
来源: SECUNIA
名称: 11652
链接:http://secunia.com/advisories/11652
来源: SECUNIA
名称: 11651
链接:http://secunia.com/advisories/11651
来源: SECUNIA
名称: 11647
链接:http://secunia.com/advisories/11647
来源: SECUNIA
名称: 11641
链接:http://secunia.com/advisories/11641
来源: OPENBSD
名称: 20040520 cvs server buffer overflow vulnerability
链接:http://marc.theaimsgroup.com/?l=openbsd-security-announce&m=108508894405639&w=2
来源: FEDORA
名称: FEDORA-2004-1620
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108636445031613&w=2
来源: BUGTRAQ
名称: 20040519 [OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108500040719512&w=2
来源: BUGTRAQ
名称: 20040519 Advisory 07/2004: CVS remote vulnerability
链接:http://cert.uni-stuttgart.de/archive/bugtraq/2004/05/msg00219.html
来源: FULLDISC
名称: 20040519 Advisory 07/2004: CVS remote vulnerability
链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0980.html
来源: US Government Resource: oval:org.mitre.oval:def:970
名称: oval:org.mitre.oval:def:970
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:970
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
