Sun DtMail本地命令行格式化字符串漏洞

漏洞信息详情

Sun DtMail本地命令行格式化字符串漏洞

• CNNVD编号：CNNVD-200408-215
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-0800
  
• 漏洞类型：
  
  
  格式化字符串
  
• 发布时间：
  
  2004-08-24
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  avaya
• 漏洞来源：
  iDEFENSE Labs is c…

Solaris 8和9版本的CDE Mailer (dtmail)存在格式化字符串漏洞。本地用户借助argv[0]值格式化字符串提升权限。

Sun has released Sun Alert 5762 along with patches dealing with this issue. Please see the referenced web advisory for more information.
Avaya has released advisory ASA-2005-110 to identify affected versions of CMS. Patches will be released in the near future. Please see the referenced Avaya advisory for more information.
Sun Solaris 9_x86

• Sun 113870-05
  
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=113870&rev=05

Sun Solaris 8_x86

• Sun 109614-07
  
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109614&rev=07

Sun Solaris 8

• Sun 109613-07
  
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109613&rev=07

Sun Solaris 9

• Sun 109614-07
  
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=109614&rev=07
• Sun 112810-06
  
  http://sunsolve.sun.com/pub-cgi/findPatch.pl?patchId=112810&rev=06

来源:US-CERT Vulnerability Note: VU#928598
名称: VU#928598
链接:http://www.kb.cert.org/vuls/id/928598

来源: IDEFENSE
名称: 20040824 CDE Mailer argv[0] Format String Vulnerability
链接:http://www.idefense.com/application/poi/display?id=132&type=vulnerabilities

来源: XF
名称: dtmail-argv-format-string(17095)
链接:http://xforce.iss.net/xforce/xfdb/17095

来源: BID
名称: 11027
链接:http://www.securityfocus.com/bid/11027

来源: CIAC
名称: O-202
链接:http://www.ciac.org/ciac/bulletins/o-202.shtml

来源: US Government Resource: oval:org.mitre.oval:def:4030
名称: oval:org.mitre.oval:def:4030
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4030