bzip2 资源管理错误漏洞

漏洞信息详情

bzip2 资源管理错误漏洞

• CNNVD编号：CNNVD-200505-1122
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2005-1260
  
• 漏洞类型：
  
  
  资源管理错误
  
• 发布时间：
  
  2005-04-01
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2020-11-17
  
• 厂        商：
  
  ubuntu
• 漏洞来源：
  The discoverer of …

bzip2是一款开源的压缩/解压缩应用程序。

bzip2 存在资源管理错误漏洞，该漏洞允许远程攻击者通过一个可造成无限循环的特制bzip2文件发起拒绝服务攻击(硬盘损耗)，(又称为\”解压炸弹\”)。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Sun Solaris 10.0

Sun Solaris 10 SPARC platform patch 126868-01

http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -126868-01-1

Turbolinux Appliance Server 1.0 Workgroup Edition

Turbolinux bzip2-1.0.2-8.i586.rpm

Turbolinux Appliance Server 1.0 Workgroup Edition

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

Turbolinux bzip2-devel-1.0.2-8.i586.rpm

Turbolinux Appliance Server 1.0 Workgroup Edition

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/

IPCop IPCop 1.4.1

IPCop IPCop 1.4.8

http://sourceforge.net/project/showfiles.php?group_id=40604&package_id =35093&release_id=351848

MandrakeSoft Linux Mandrake 10.0 AMD64

Mandriva bzip2-1.0.2-17.1.100mdk.amd64.rpm

Mandrakelinux 10.0/AMD64:

http://www.mandriva.com/en/download

Mandriva bzip2-1.0.2-17.1.100mdk.src.rpm

Mandrakelinux 10.0/AMD64:

http://www.mandriva.com/en/download

Mandriva lib64bzip2_1-1.0.2-17.1.100mdk.amd64.rpm

Mandrakelinux 10.0/AMD64:

http://www.mandriva.com/en/download

Mandriva lib64bzip2_1-devel-1.0.2-17.1.100mdk.amd64.rpm

Mandrakelinux 10.0/AMD64:

http://www.mandriva.com/en/download

Turbolinux Turbolinux Server 10.0

Turbolinux bzip2-1.0.2-8.i586.rpm

Turbolinux 10 Server

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/bzip2-1.0.2-8.i586.rpm

Turbolinux bzip2-devel-1.0.2-8.i586.rpm

Turbolinux 10 Server

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/up dates/RPMS/bzip2-devel-1.0.2-8.i586.rpm

Turbolinux Turbolinux Desktop 10.0

Turbolinux bzip2-1.0.2-8.i586.rpm

Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/bzip2-1.0.2-8.i586.rpm

Turbolinux bzip2-devel-1.0.2-8.i586.rpm

Turbolinux 10 Desktop, Turbolinux 10 F…, Turbolinux Home

ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/bzip2-devel-1.0.2-8.i586.rpm

MandrakeSoft Linux Mandrake 10.1 x86_64

Mandriva bzip2-1.0.2-20.1.101mdk.src.rpm

Mandrakelinux 10.1/X86_64:

http://www.mandriva.com/en/download

Mandriva bzip2-1.0.2-20.1.101mdk.x86_64.rpm

Mandrakelinux 10.1/X86_64:

http://www.mandriva.com/en/download

Mandriva lib64bzip2_1-1.0.2-20.1.101mdk.x86_64.rpm

Mandrakelinux 10.1/X86_64:

http://www.mandriva.com/en/download

Mandriva lib64bzip2_1-devel-1.0.2-20.1.101mdk.x86_64.rpm

Mandrakelinux 10.1/X86_64:

http://www.mandriva.com/en/download

Apple Mac OS X 10.4.10

Apple Mac OS X 10.4.11 Combo Update (Intel)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

Apple Mac OS X 10.4.2

Apple Mac OS X 10.4.11 Combo Update (Intel)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

Apple Mac OS X 10.4.3

Apple Mac OS X 10.4.11 Combo Update (Intel)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

Apple Mac OS X 10.4.4

Apple Mac OS X 10.4.11 Combo Update (Intel)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16036&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11Intel.dmg

Apple Mac OS X 10.4.11 Combo Update (PPC)

http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=16051&cat= 1&platform=osx&method=sa/MacOSXUpdCombo10.4.11PPC.dmg

MandrakeSoft Corporate Server 3.0

Mandriva bzip2-1.0.2-17.1.C30mdk.i586.rpm

Corporate 3.0:

http://www.mandriva.com/en/download

Mandriva bzip2-1.0.2-17.1.C30mdk.src.rpm

Corporate 3.0:

来源:SUNALERT

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1

来源:SUNALERT

链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1

来源:FEDORA

链接:http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749

来源:BID

链接:https://www.securityfocus.com/bid/26444

来源:REDHAT

链接:http://www.redhat.com/support/errata/RHSA-2005-474.html

来源:CONFIRM

链接:http://docs.info.apple.com/article.html?artnum=307041

来源:SECUNIA

链接:http://secunia.com/advisories/19183

来源:BID

链接:https://www.securityfocus.com/bid/13657

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2007/3525

来源:VUPEN

链接:http://www.vupen.com/english/advisories/2007/3868

来源:OVAL

链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700

来源:UBUNTU

链接:https://usn.ubuntu.com/127-1/

来源:SECUNIA

链接:http://secunia.com/advisories/15447

来源:CERT

链接:http://www.us-cert.gov/cas/techalerts/TA07-319A.html

来源:DEBIAN

链接:https://www.debian.org/security/2005/dsa-741

来源:SECUNIA

链接:http://secunia.com/advisories/27643

来源:APPLE

链接:http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html

来源:SECUNIA

链接:http://secunia.com/advisories/27274