Midnight Commander extfs.c缓冲区溢出漏洞

漏洞信息详情

Midnight Commander extfs.c缓冲区溢出漏洞

漏洞简介

Midnight Commander 是 Unix系统上流行的文件管理工具,类似MS-DOS里的PcTools。
Midnight Commander (mc) 4.5.55及之前版本的extfs.c存在缓冲区溢出,远程攻击者可以借此发起拒绝服务攻击并可能执行任意代码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Debian Linux 3.0 s/390
Debian gmc_4.5.55-1.2woody5_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _s390.deb
Debian mc-common_4.5.55-1.2woody5_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_s390.deb
Debian mc_4.5.55-1.2woody5_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ s390.deb
Debian Linux 3.0 alpha
Debian gmc_4.5.55-1.2woody5_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _alpha.deb
Debian mc-common_4.5.55-1.2woody5_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_alpha.deb
Debian mc_4.5.55-1.2woody5_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ alpha.deb
Debian Linux 3.0 mips
Debian gmc_4.5.55-1.2woody5_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _mips.deb
Debian mc-common_4.5.55-1.2woody5_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_mips.deb
Debian mc_4.5.55-1.2woody5_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ mips.deb
Debian Linux 3.0 mipsel
Debian gmc_4.5.55-1.2woody5_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _mipsel.deb
Debian mc-common_4.5.55-1.2woody5_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_mipsel.deb
Debian mc_4.5.55-1.2woody5_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ mipsel.deb
Debian Linux 3.0 m68k
Debian gmc_4.5.55-1.2woody5_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _m68k.deb
Debian mc-common_4.5.55-1.2woody5_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_m68k.deb
Debian mc_4.5.55-1.2woody5_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ m68k.deb
Debian Linux 3.0 hppa
Debian gmc_4.5.55-1.2woody5_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _hppa.deb
Debian mc-common_4.5.55-1.2woody5_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_hppa.deb
Debian mc_4.5.55-1.2woody5_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ hppa.deb
Debian Linux 3.0 arm
Debian gmc_4.5.55-1.2woody5_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _arm.deb
Debian mc-common_4.5.55-1.2woody5_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_arm.deb
Debian mc_4.5.55-1.2woody5_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ arm.deb
Debian Linux 3.0 sparc
Debian gmc_4.5.55-1.2woody5_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _sparc.deb
Debian mc-common_4.5.55-1.2woody5_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_sparc.deb
Debian mc_4.5.55-1.2woody5_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ sparc.deb
Debian Linux 3.0 ia-64
Debian gmc_4.5.55-1.2woody5_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _ia64.deb
Debian mc-common_4.5.55-1.2woody5_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_ia64.deb
Debian mc_4.5.55-1.2woody5_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ ia64.deb
Debian Linux 3.0 ppc
Debian gmc_4.5.55-1.2woody5_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _powerpc.deb
Debian mc-common_4.5.55-1.2woody5_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_powerpc.deb
Debian mc_4.5.55-1.2woody5_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ powerpc.deb
Debian Linux 3.0 ia-32
Debian gmc_4.5.55-1.2woody5_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/gmc_4.5.55-1.2woody5 _i386.deb
Debian mc-common_4.5.55-1.2woody5_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc-common_4.5.55-1.2 woody5_i386.deb
Debian mc_4.5.55-1.2woody5_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mc/mc_4.5.55-1.2woody5_ i386.deb
Midnight Commander Midnight Commander 4.5.54
TurboLinux mc-4.5.54-7.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/upd ates/RPMS/mc-4.5.54-7.i586.rpm
TurboLinux mc-4.5.54-7.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/upd ates/RPMS/mc-4.5.54-7.i586.rpm
TurboLinux mc-4.5.54-7.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 7/updates/RPMS/mc-4.5.54-7.i586.rpm
TurboLinux mc-4.5.54-7.i586.rpm
ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/ 8/updates/RPMS/mc-4.5.54-7.i586.rpm
Midnight Commander Midnight Commander 4.5.55
SuSE mc-4.5.55-762.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/mc-4.5.55-762.i58 6.rpm
Midnight Commander Midnight Commander 4.6
SuSE mc-4.6.0-324.10.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mc-4.6.0-324.10.i 586.rpm
SuSE mc-4.6.0-324.10.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mc-4.6.0-324. 10.x86_64.rpm
SuSE mc-4.6.0-332.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mc-4.6.0-332.2.i5 86.rpm
SuSE mc-4.6.0-332.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/mc-4.6.0-332. 2.x86_64.rpm
SuSE mc-4.6.0-336.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mc-4.6.0-336.i586 .rpm
SuSE mc-4.6.0-336.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mc-4.6.0-336. x86_64.rpm

参考网址

来源: DEBIAN
名称: DSA-639
链接:http://www.debian.org/security/2005/dsa-639

来源: SECUNIA
名称: 13863
链接:http://secunia.com/advisories/13863

来源: XF
名称: midnight-commander-extfs-dos(18911)
链接:http://xforce.iss.net/xforce/xfdb/18911

来源: REDHAT
名称: RHSA-2005:217
链接:http://www.redhat.com/support/errata/RHSA-2005-217.html

来源: GENTOO
名称: GLSA-200502-24
链接:http://www.gentoo.org/security/en/glsa/glsa-200502-24.xml

来源: SECTRACK
名称: 1012903
链接:http://securitytracker.com/id?1012903

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享