GNU Sharutils shar命令行解析缓冲区溢出漏洞

漏洞信息详情

GNU Sharutils shar命令行解析缓冲区溢出漏洞

• CNNVD编号：CNNVD-200412-854
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-1772
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  gnu
• 漏洞来源：
  Disclosure of this…

GNU sharutils 4.2.1版本的GNU sharutils存在基于栈的缓冲区溢出漏洞。本地用户可以借助超长的-o命令行参数执行任意代码。

Please see the referenced advisories for more information.

GNU sharutils 4.2.1

• Fedora sharutils-4.2.1-18.1.FC2.i386.rpmRedHat Fedora Core 2
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
• Fedora sharutils-4.2.1-18.1.FC2.x86_64.rpmRedHat Fedora Core 2
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
• Fedora sharutils-4.2.1-22.1.FC3.i386.rpmRedHat Fedora Core 3
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
• Fedora sharutils-4.2.1-22.1.FC3.x86_64.rpmRedHat Fedora Core 3
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
• Fedora sharutils-debuginfo-4.2.1-18.1.FC2.i386.rpmRedHat Fedora Core 2
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
• Fedora sharutils-debuginfo-4.2.1-18.1.FC2.x86_64.rpmRedHat Fedora Core 2
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
• Fedora sharutils-debuginfo-4.2.1-22.1.FC3.i386.rpmRedHat Fedora Core 3
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
• Fedora sharutils-debuginfo-4.2.1-22.1.FC3.x86_64.rpmRedHat Fedora Core 3
  
  http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/
• Mandrake sharutils-4.2.1-14.1.100mdk.amd64.rpmMandrake Linux 10.0/AMD64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake sharutils-4.2.1-14.1.100mdk.i586.rpmMandrake Linux 10.0
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake sharutils-4.2.1-14.1.C21mdk.i586.rpmMandrake Corporate Server 2.1
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake sharutils-4.2.1-14.1.C21mdk.x86_64.rpmMandrake Corporate Server 2.1/x86_64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake sharutils-4.2.1-14.1.C30mdk.i586.rpmMandrake Corporate Server 3.0
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake sharutils-4.2.1-14.1.C30mdk.x86_64.rpmMandrake Corporate Server 3.0/x86_64
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake sharutils-4.2.1-17.1.101mdk.i586.rpmMandrake Linux 10.1
  
  http://www.mandrakesecure.net/en/ftp.php
• Mandrake sharutils-4.2.1-17.1.101mdk.x86_64.rpmMandrake Linux 10.1/x86_64
  
  http://www.mandrakesecure.net/en/ftp.php
• OpenPKG sharutils-4.2.1-2.0.1.src.rpm
  ftp://ftp.openpkg.org/release/2.0/UPD/sharutils-4.2.1-2.0.1.src.rpm
• Ubuntu sharutils-doc_4.2.1-10ubuntu0.1_all.debUbuntu 4.10 (Warty Warthog)
  
  http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils-doc_
  4.2.1-10ubuntu0.1_all.deb
• Ubuntu sharutils_4.2.1-10ubuntu0.1_amd64.debUbuntu 4.10 (Warty Warthog)
  
  http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.
  1-10ubuntu0.1_amd64.deb
• Ubuntu sharutils_4.2.1-10ubuntu0.1_i386.debUbuntu 4.10 (Warty Warthog)
  
  http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.
  1-10ubuntu0.1_i386.deb
• Ubuntu sharutils_4.2.1-10ubuntu0.1_powerpc.debUbuntu 4.10 (Warty Warthog)
  
  http://security.ubuntu.com/ubuntu/pool/main/s/sharutils/sharutils_4.2.
  1-10ubuntu0.1_powerpc.deb

来源: FEDORA
名称: FLSA:2155
链接:https://bugzilla.fedora.us/show_bug.cgi?id=2155

来源: BID
名称: 10066
链接:http://www.securityfocus.com/bid/10066

来源: BUGTRAQ
名称: 20040406 GNU Sharutils buffer overflow vulnerability.
链接:http://www.securityfocus.com/archive/1/359639

来源: OPENPKG
名称: OpenPKG-SA-2004.011
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108137386310299&w=2

来源: XF
名称: sharutils-shar-bo(15759)
链接:http://xforce.iss.net/xforce/xfdb/15759

来源: REDHAT
名称: RHSA-2005:377
链接:http://www.redhat.com/support/errata/RHSA-2005-377.html

来源: OVAL
名称: oval:org.mitre.oval:def:11722
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11722