首页 -> 安全研究
安全研究
绿盟月刊
绿盟安全月刊->第35期->最新漏洞
日期:2002-09-16
PGP远程缓冲区溢出及口令泄露漏洞
发布日期:2002-09-04
更新日期:2002-09-08
受影响系统:
Network Associates PGP 7.1.1
Network Associates PGP 7.1
Network Associates PGP 7.0.4
Network Associates PGP 7.0.3
Network Associates PGP 7.0
Network Associates PGP 6.5.8
Network Associates PGP 6.5.3i for Windows
Network Associates PGP 6.5.1i
Network Associates PGP 6.0.2i
Network Associates PGP 6.0.2
Network Associates PGP 5.5.5
Network Associates PGP 5.5.3i for Windows
Network Associates PGP 5.0i
Network Associates PGP 5.0
- HP HP-UX 11.0
- IBM AIX 4.3
- Microsoft Windows NT 4.0
- Microsoft Windows 98
- Microsoft Windows 95
- RedHat Linux 7.0
- Sun Solaris 8.0
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 5656
CVE(CAN) ID: CAN-2002-0850
PGP(Pretty Good Privacy)是一款由Network Associates维护的加密应用程序,可使用在多种Linux、Unix和Microsoft Windows操作系统下。
PGP对长文件名缺少正确检查,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击者,导致以当前用户权限执行任意指令或者导致口令泄露。
PGP在加密或者解密一个带有超长文件名的文件时,可导致PGP崩溃,远程攻击者可以建立一个加密文件,发送给目标用户,当用户使用PGP处理时可能导致以用户进程的权限在系统上执行任意指令。
攻击者可以构建类似如下的文件名:
<196 bytes><eip><9 bytes><可读地址><29 bytes>
然后攻击者使用目标用户的公钥加密文件。在多数情况下,公钥一般包含使用PGP客户端软件的banner信息和相关的版本,这表示攻击者可以容易从PGP KEY服务器上找到受此漏洞影响的用户。
加密的档案可以通过Outlook附件形式发给目标用户,当用户打开长文件名的时候可导致缓冲区溢出发生。
在部分情况下,攻击者也可以在PGP被加密的恶意文件破坏后及在包含口令的内存被覆盖之前获得目标用户的口令。
<*来源:Foundstone Labs (labs@foundstone.com)
链接:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0106.html
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Foundstone Labs (labs@foundstone.com)提供了如下测试方法:
可以构建类似如下的文件名:
<196 bytes><eip><9 bytes><可读地址><29 bytes>
并使用目标用户的公钥加密文件,发送给用户。
建议:
--------------------------------------------------------------------------------
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 暂时不要使用PGP加密文件。
厂商补丁:
Network Associates
------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Network Associates PGP 5.0 i:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP 5.0:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP 5.5.3 i for Windows:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP 5.5.5:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP 6.0.2 i:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP 6.0.2:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP 6.5.1 i:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP 6.5.3 i for Windows:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP 6.5.3:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP 6.5.8:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP 7.0:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP Freeware 7.0.3:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP 7.0.3:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP 7.0.4:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP Corporate Desktop 7.1:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP 7.1:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP Corporate Desktop 7.1.1:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
Network Associates PGP 7.1.1:
Network Associates Hotfix PGPhotfix_OutlookLFN_20020828.zip
http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/PGPhotfix_OutlookLFN_20020828.zip
版权所有,未经许可,不得转载