首页 -> 安全研究
安全研究
安全漏洞
VNC HTTP服务存在拒绝服务漏洞
发布日期:2002-03-21
更新日期:2002-03-28
受影响系统:
描述:
AT&T VNC 3.3.3R2
BUGTRAQ ID: 4345
VNC是一款AT&T公司发行的免费的虚拟网络电脑程序,设计用来允许足够权利的用户访问远程桌面,使用在Unix和Linux系统下,也可以在Microsoft Windows平台上使用。
Red Hat VNC存在漏洞,可以导致VNC中的一款小型HTTP服务有拒绝服务攻击问题。
Red Hat VNC服务包含一款小型HTTP服务实现,其中由于zlib库实现上存在堆破坏漏洞,攻击者可以传递恶意的压缩输入给VNC HTTP服务程序,导致HTTP服务程序崩溃,拒绝对任意合法用户服务。
目前尚不知此漏洞是否对其他版本的VNC有影响。
<*来源:Const Kaplinsky
链接:https://www.redhat.com/support/errata/RHSA-2002-026.html
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 对VNC访问端口设置访问过滤,只允许合法可信用户访问该服务端口。
厂商补丁:
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:026-43)以及相应补丁:
RHSA-2002:026-43:Vulnerability in zlib library
链接:https://www.redhat.com/support/errata/RHSA-2002-026.html
补丁下载:
AT&T VNC 3.3.3R2:
Red Hat Upgrade vnc-3.3.3r2-18.4.src.rpm
ftp://updates.redhat.com/7.0/en/os/SRPMS/vnc-3.3.3r2-18.4.src.rpm
Source RPM.
Red Hat Upgrade vnc-3.3.3r2-18.4.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/vnc-3.3.3r2-18.4.alpha.rpm
Red Hat Upgrade vnc-doc-3.3.3r2-18.4.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/vnc-doc-3.3.3r2-18.4.alpha.rpm
Red Hat Upgrade vnc-server-3.3.3r2-18.4.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/vnc-server-3.3.3r2-18.4.alpha.rpm
Red Hat Upgrade vnc-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/vnc-3.3.3r2-18.4.i386.rpm
Red Hat Upgrade vnc-doc-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/vnc-doc-3.3.3r2-18.4.i386.rpm
Red Hat Upgrade vnc-server-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/vnc-server-3.3.3r2-18.4.i386.rpm
Red Hat Upgrade vnc-3.3.3r2-18.4.src.rpm
ftp://updates.redhat.com/7.1/en/os/SRPMS/vnc-3.3.3r2-18.4.src.rpm
Source RPM.
Red Hat Upgrade vnc-3.3.3r2-18.4.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/vnc-3.3.3r2-18.4.alpha.rpm
Red Hat Upgrade vnc-doc-3.3.3r2-18.4.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/vnc-doc-3.3.3r2-18.4.alpha.rpm
Red Hat Upgrade vnc-server-3.3.3r2-18.4.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/vnc-server-3.3.3r2-18.4.alpha.rpm
Red Hat Upgrade vnc-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/vnc-3.3.3r2-18.4.i386.rpm
Red Hat Upgrade vnc-doc-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/vnc-doc-3.3.3r2-18.4.i386.rpm
Red Hat Upgrade vnc-server-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/vnc-server-3.3.3r2-18.4.i386.rpm
Red Hat Upgrade vnc-3.3.3r2-18.4.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/vnc-3.3.3r2-18.4.src.rpm
Source RPM.
Red Hat Upgrade vnc-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/vnc-3.3.3r2-18.4.i386.rpm
Red Hat Upgrade vnc-doc-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/vnc-doc-3.3.3r2-18.4.i386.rpm
Red Hat Upgrade vnc-server-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/vnc-server-3.3.3r2-18.4.i386.rpm
可使用下列命令安装补丁:
rpm -Fvh [文件名]
浏览次数:3640
严重程度:0(网友投票)
绿盟科技给您安全的保障