HP – UX FTP服务器调试日志记录模式缓冲区溢出漏洞

漏洞信息详情

HP – UX FTP服务器调试日志记录模式缓冲区溢出漏洞

• CNNVD编号：CNNVD-200412-1202
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2004-1332
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2009-03-04
  
• 厂        商：
  
  hp
• 漏洞来源：
  Discovery credited…

HP-UX 11.11i版本中的FTP daemon存在基于栈的缓冲区溢出漏洞。与- v（调试）选项一起启用时，远程攻击者可以通过超长的命令请求来执行任意代码。

The original advisory from iDEFENSE listed patches for specific versions of HP-UX. On December 23, 2004, HP re-issued advisory HPSBUX0107-162 (originally published in 2001) stating that the fixes listed in the advisory correct this issue. However, the patch numbers listed in the advisory are different than what was included in the iDEFENSE report.
HP has released advisory HPSBUX01118 – SSRT4883 on February 8th, 2005 dealing with this issue. The patches provided in this advisory match those reported by iDEFENSE. Users are advised to update their products with these patches as soon as possible.
HP HP-UX B.11.11

• HP PHNE_29461
  
  http://itrc.hp.com

HP HP-UX B.11.22

• HP PHNE_29462
  
  http://itrc.hp.com

HP HP-UX B.11.00

• HP PHNE_29460
  
  http://itrc.hp.com

HP HP-UX B.11.04

• HP PHNE_31034
  
  http://itrc.hp.com

来源:US-CERT Vulnerability Note: VU#647438
名称: VU#647438
链接:http://www.kb.cert.org/vuls/id/647438

来源: BID
名称: 12077
链接:http://www.securityfocus.com/bid/12077

来源: SECUNIA
名称: 13608
链接:http://secunia.com/advisories/13608

来源: HP
名称: HPSBUX01118
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110797179710695&w=2

来源: XF
名称: hp-ftpd-bo(18636)
链接:http://xforce.iss.net/xforce/xfdb/18636

来源: IDEFENSE
名称: 20041221 Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability
链接:http://www.idefense.com/application/poi/display?id=175&type=vulnerabilities&flashstatus=false

来源: SECTRACK
名称: 1012650
链接:http://securitytracker.com/id?1012650

来源: OVAL
名称: oval:org.mitre.oval:def:5701
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5701