漏洞信息详情
ELinks ‘loadmsgcat.c’ 未信任搜索路径漏洞
- CNNVD编号:CNNVD-200704-247
- 危害等级: 中危
![图片[1]-ELinks ‘loadmsgcat.c’ 未信任搜索路径漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-07-05/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2007-2027
- 漏洞类型:
格式化字符串
- 发布时间:
2007-04-13
- 威胁类型:
本地
- 更新时间:
2007-08-02
- 厂 商:
elinks - 漏洞来源:
Arnaud Giersch is … -
漏洞简介
Elinks的intl/gettext/loadmsgcat.c中的add_filename_to_string函数存在未信任搜索路径漏洞。本地用户可以通过造成Elinks使用\”../po\”\”目录中的不可信的gettext通讯录,执行格式化字符串攻击。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
ELinks ELinks 0.10.6
Ubuntu elinks-lite_0.10.6-1ubuntu3.1_amd64.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.10.6-1ubuntu3.1_amd64.deb
Ubuntu elinks-lite_0.10.6-1ubuntu3.1_i386.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.10.6-1ubuntu3.1_i386.deb
Ubuntu elinks-lite_0.10.6-1ubuntu3.1_powerpc.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.10.6-1ubuntu3.1_powerpc.deb
Ubuntu elinks-lite_0.10.6-1ubuntu3.1_sparc.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.10.6-1ubuntu3.1_sparc.deb
Ubuntu elinks-lite_0.11.1-1ubuntu2.1_amd64.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1ubuntu2.1_amd64.deb
Ubuntu elinks-lite_0.11.1-1ubuntu2.1_i386.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1ubuntu2.1_i386.deb
Ubuntu elinks_0.10.6-1ubuntu3.1_amd64.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ub
untu3.1_amd64.deb
Ubuntu elinks_0.10.6-1ubuntu3.1_i386.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ub
untu3.1_i386.deb
Ubuntu elinks_0.10.6-1ubuntu3.1_powerpc.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ub
untu3.1_powerpc.deb
Ubuntu elinks_0.10.6-1ubuntu3.1_sparc.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ub
untu3.1_sparc.deb
Ubuntu elinks_0.11.1-1ubuntu2.1_amd64.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ub
untu2.1_amd64.deb
ELinks ELinks 0.11.1
Ubuntu elinks-lite_0.11.1-1.2ubuntu2.1_amd64.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1.2ubuntu2.1_amd64.deb
Ubuntu elinks-lite_0.11.1-1.2ubuntu2.1_i386.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1.2ubuntu2.1_i386.deb
Ubuntu elinks-lite_0.11.1-1.2ubuntu2.1_powerpc.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1.2ubuntu2.1_powerpc.deb
Ubuntu elinks-lite_0.11.1-1.2ubuntu2.1_sparc.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1.2ubuntu2.1_sparc.deb
Ubuntu elinks-lite_0.11.1-1ubuntu2.1_amd64.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1ubuntu2.1_amd64.deb
Ubuntu elinks-lite_0.11.1-1ubuntu2.1_i386.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1ubuntu2.1_i386.deb
Ubuntu elinks-lite_0.11.1-1ubuntu2.1_powerpc.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1ubuntu2.1_powerpc.deb
Ubuntu elinks-lite_0.11.1-1ubuntu2.1_sparc.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1ubuntu2.1_sparc.deb
Ubuntu elinks_0.11.1-1.2ubuntu2.1_amd64.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2
ubuntu2.1_amd64.deb
Ubuntu elinks_0.11.1-1.2ubuntu2.1_i386.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2
ubuntu2.1_i386.deb
Ubuntu elinks_0.11.1-1.2ubuntu2.1_powerpc.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2
ubuntu2.1_powerpc.deb
Ubuntu elinks_0.11.1-1.2ubuntu2.1_sparc.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2
ubuntu2.1_sparc.deb
Ubuntu elinks_0.11.1-1ubuntu2.1_amd64.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ub
untu2.1_amd64.deb
Ubuntu elinks_0.11.1-1ubuntu2.1_i386.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ub
untu2.1_i386.deb
Ubuntu elinks_0.11.1-1ubuntu2.1_powerpc.debUbuntu 6.06 LTS:
参考网址
来源: VUPEN
名称: ADV-2007-1686
链接:http://www.frsirt.com/english/advisories/2007/1686
来源: bugzilla.redhat.com
链接:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411
来源: UBUNTU
名称: USN-457-1
链接:http://www.ubuntu.com/usn/usn-457-1
来源: BID
名称: 23844
链接:http://www.securityfocus.com/bid/23844
来源: GENTOO
名称: GLSA-200706-03
链接:http://security.gentoo.org/glsa/glsa-200706-03.xml
来源: SECUNIA
名称: 25550
链接:http://secunia.com/advisories/25550
来源: SECUNIA
名称: 25255
链接:http://secunia.com/advisories/25255
来源: SECUNIA
名称: 25198
链接:http://secunia.com/advisories/25198
来源: SECUNIA
名称: 25169
链接:http://secunia.com/advisories/25169
来源: OSVDB
名称: 35668
来源:bugs.debian.org
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
