Dell OpenManage Web Server POST请求堆溢出漏洞

漏洞信息详情

Dell OpenManage Web Server POST请求堆溢出漏洞

• CNNVD编号：CNNVD-200411-104
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-0331
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2004-11-23
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  dell
• 漏洞来源：
  .’);”>Discovery of this …

Dell OpenManage Web Server 3.4.0存在基于堆的缓冲区溢出漏洞。远程攻击者可以借助一个带有超长应用变量的HTTP POST导致服务拒绝（崩溃）。

The vendor has released patches to address this issue.
Dell OpenManage 3.2

• Dell SA_Security_Patch_LX_A01.tar.gzLinux Platforms
  
  http://support.dell.com/filelib/Format.aspx?ReleaseID=R74030
• Dell SA_Security_Patch_NW_A01.exeNetware Platforms
  
  http://support.dell.com/filelib/Format.aspx?ReleaseID=R74031
• Dell SA_Security_Patch_WIN_A01.exeMicrosoft Windows Platforms
  
  http://support.dell.com/filelib/Format.aspx?ReleaseID=R74029

Dell OpenManage 3.4

• Dell SA_Security_Patch_LX_A01.tar.gzLinux Platforms
  
  http://support.dell.com/filelib/Format.aspx?ReleaseID=R74030
• Dell SA_Security_Patch_NW_A01.exeNetware Platforms
  
  http://support.dell.com/filelib/Format.aspx?ReleaseID=R74031
• Dell SA_Security_Patch_WIN_A01.exeMicrosoft Windows Platforms
  
  http://support.dell.com/filelib/Format.aspx?ReleaseID=R74029

Dell OpenManage 3.7

• Dell SA_Security_Patch_LX_A01.tar.gzLinux Platforms
  
  http://support.dell.com/filelib/Format.aspx?ReleaseID=R74030
• Dell SA_Security_Patch_NW_A01.exeNetware Platforms
  
  http://support.dell.com/filelib/Format.aspx?ReleaseID=R74031
• Dell SA_Security_Patch_WIN_A01.exeMicrosoft Windows Platforms
  
  http://support.dell.com/filelib/Format.aspx?ReleaseID=R74029

Dell OpenManage 3.7.1

• Dell SA_Security_Patch_LX_A01.tar.gzLinux Platforms
  
  http://support.dell.com/filelib/Format.aspx?ReleaseID=R74030
• Dell SA_Security_Patch_NW_A01.exeNetware Platforms
  
  http://support.dell.com/filelib/Format.aspx?ReleaseID=R74031
• Dell SA_Security_Patch_WIN_A01.exeMicrosoft Windows Platforms
  
  http://support.dell.com/filelib/Format.aspx?ReleaseID=R74029

来源: BID
名称: 9750
链接:http://www.securityfocus.com/bid/9750

来源: XF
名称: dell-openmanage-ocsgetoeminpathfile-bo(15325)
链接:http://xforce.iss.net/xforce/xfdb/15325

来源: sh0dan.org
链接:http://sh0dan.org/files/domadv.txt

来源: BUGTRAQ
名称: 20040226 Dell OpenManage Web Server Heap Overflow (Pre-Auth)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=107781539829143&w=2