Tcl/Tk Tk Toolkit ‘ReadImage()’ GIF文件 缓冲区溢出漏洞

漏洞信息详情

Tcl/Tk Tk Toolkit ‘ReadImage()’ GIF文件 缓冲区溢出漏洞

• CNNVD编号：CNNVD-200802-109
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2008-0553
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2008-02-07
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2009-01-02
  
• 厂        商：
  
  tcl_tk
• 漏洞来源：
  Stephen Fewer
  Alex…

Tk (Tcl/Tk) 8.5.1之前版本中的tkImgGIF.c存在堆栈缓冲区溢出漏洞，允许远程攻击者通过一个特制的GIF图像执行任意的代码。CVE-2006-4484存在类似的问题。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：
http://www.vmware.com/secURIty/advisories/VMSA-2008-0009.HTML

来源: BID
名称: 27655
链接:http://www.securityfocus.com/bid/27655

来源: SECUNIA
名称: 28784
链接:http://secunia.com/advisories/28784

来源: FEDORA
名称: FEDORA-2008-3545
链接:https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00116.html

来源: FEDORA
名称: FEDORA-2008-1384
链接:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00205.html

来源: FEDORA
名称: FEDORA-2008-1122
链接:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00193.html

来源: FEDORA
名称: FEDORA-2008-1131
链接:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00132.html

来源: FEDORA
名称: FEDORA-2008-1323
链接:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00115.html

来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-2215

来源: bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=431518

来源: www.vmware.com
链接:http://www.vmware.com/security/advisories/VMSA-2008-0009.html

来源: BUGTRAQ
名称: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues
链接:http://www.securityfocus.com/archive/1/archive/1/493080/100/0/threaded

来源: BUGTRAQ
名称: 20080212 rPSA-2008-0054-1 tk
链接:http://www.securityfocus.com/archive/1/archive/1/488069/100/0/threaded

来源: REDHAT
名称: RHSA-2008:0136
链接:http://www.redhat.com/support/errata/RHSA-2008-0136.html

来源: REDHAT
名称: RHSA-2008:0135
链接:http://www.redhat.com/support/errata/RHSA-2008-0135.html

来源: REDHAT
名称: RHSA-2008:0134
链接:http://www.redhat.com/support/errata/RHSA-2008-0134.html

来源: SUSE
名称: SUSE-SR:2008:013
链接:http://www.novell.com/linux/security/advisories/2008_13_sr.html

来源: MANDRIVA
名称: MDVSA-2008:041
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2008:041

来源: VUPEN
名称: ADV-2008-1744
链接:http://www.frsirt.com/english/advisories/2008/1744

来源: VUPEN
名称: ADV-2008-1456
链接:http://www.frsirt.com/english/advisories/2008/1456/references

来源: VUPEN
名称: ADV-2008-0430
链接:http://www.frsirt.com/english/advisories/2008/0430

来源: DEBIAN
名称: DSA-1598
链接:http://www.debian.org/security/2008/dsa-1598

来源: DEBIAN
名称: DSA-1491
链接:http://www.debian.org/security/2008/dsa-1491

来源: DEBIAN
名称: DSA-1490
链接:http://www.debian.org/security/2008/dsa-1490

来源: wiki.rpath.com
链接:http://wiki.rpath.com/Advisories:rPSA-2008-0054

来源: SUNALERT
名称: 237465
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-237465-1

来源: sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=573933&group_id=10894

来源: SECTRACK
名称: 1019309
链接:http://securitytracker.com/id?1019309

来源: SECUNIA
名称: 30783
链接:http://secunia.com/advisories/30783

来源: SECUNIA
名称: 30717
链接:http://secunia.com/advisories/30717

来源: SECUNIA
名称: 30535
链接:http://secunia.com/advisories/30535

来源: SECUNIA
名称: 30188
链接:http://secunia.com/advisories/30188

来源: SECUNIA
名称: 30129
链接:http://secunia.com/advisories/30129

来源: SECUNIA
名称: 29622
链接:http://secunia.com/advisories/29622

来源: SECUNIA
名称: 29070
链接:http://secunia.com/advisories/29070

来源: SECUNIA
名称: 29069
链接:http://secunia.com/advisories/29069

来源: SECUNIA
名称: 28954
链接:http://secunia.com/advisories/28954

来源: SECUNIA
名称: 28867
链接:http://secunia.com/advisories/28867

来源: SECUNIA
名称: 28857
链接:http://secunia.com/advisories/28857

来源: SECUNIA
名称: 28848
链接:http://secunia.com/advisories/28848

来源: SECUNIA
名称: 28807
链接:http://secunia.com/advisories/28807

来源: SUSE
名称: SUSE-SR:2008:008
链接:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00005.html