首页 -> 安全研究
安全研究
安全漏洞
Libsafe格式化串攻击防护可绕过漏洞
发布日期:2002-03-20
更新日期:2002-03-28
受影响系统:
Avaya Labs Libsafe 2.0-10不受影响系统:
- Debian Linux 2.2 sparc
- Debian Linux 2.2 68k
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 alpha
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- RedHat Linux 7.2 x86
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2 ia64
- RedHat Linux 7.1 x86
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1
- RedHat Linux 7.1 ia64
- RedHat Linux 7.0 x86
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0
- RedHat Linux 7.0 sparc
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2
- RedHat Linux 6.2 x86
- RedHat Linux 6.2 alpha
- RedHat Linux 6.1 sparc
- RedHat Linux 6.1
- RedHat Linux 6.1 x86
- RedHat Linux 6.1 alpha
- RedHat Linux 6.0
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 x86
- RedHat Linux 5.2 x86
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2
- RedHat Linux 5.2 sparc
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
Avaya Labs Libsafe 2.0-11
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 alpha
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 sparc
- Debian Linux 2.2 68k
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2 ia64
- RedHat Linux 7.2 x86
- RedHat Linux 7.1 x86
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1
- RedHat Linux 7.1 ia64
- RedHat Linux 7.0 x86
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0
- RedHat Linux 7.0 sparc
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2
- RedHat Linux 6.2 x86
- RedHat Linux 6.2 alpha
- RedHat Linux 6.1 sparc
- RedHat Linux 6.1
- RedHat Linux 6.1 x86
- RedHat Linux 6.1 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 x86
- RedHat Linux 6.0
- RedHat Linux 6.0 alpha
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 x86
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
Avaya Labs Libsafe 2.0-9
- Debian Linux 2.2 arm
- Debian Linux 2.2 sparc
- Debian Linux 2.2 68k
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 alpha
- Debian Linux 2.2 powerpc
- Mandrake Linux 8.1
- Mandrake Linux 8.0
- RedHat Linux 7.2 x86
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2 ia64
- RedHat Linux 7.1 x86
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1
- RedHat Linux 7.1 ia64
- RedHat Linux 7.0
- RedHat Linux 7.0 sparc
- RedHat Linux 7.0 x86
- RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2
- RedHat Linux 6.2 x86
- RedHat Linux 6.2 alpha
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 sparc
- RedHat Linux 6.1
- RedHat Linux 6.1 x86
- RedHat Linux 6.0 x86
- RedHat Linux 6.0
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 5.2 x86
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2
- RedHat Linux 5.2 sparc
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
Avaya Labs Libsafe 2.0-12描述:
- Debian Linux 2.2 arm
Avaya Labs Libsafe 2.0-12
- Debian Linux 2.2 sparc
Avaya Labs Libsafe 2.0-12
- Debian Linux 2.2 68k
Avaya Labs Libsafe 2.0-12
- Debian Linux 2.2 IA-32
Avaya Labs Libsafe 2.0-12
- Debian Linux 2.2 alpha
Avaya Labs Libsafe 2.0-12
- Debian Linux 2.2 powerpc
Avaya Labs Libsafe 2.0-12
- Mandrake Linux 8.1
Avaya Labs Libsafe 2.0-12
- Mandrake Linux 8.0
Avaya Labs Libsafe 2.0-12
- RedHat Linux 7.2 x86
Avaya Labs Libsafe 2.0-12
- RedHat Linux 7.2 alpha
Avaya Labs Libsafe 2.0-12
- RedHat Linux 7.2 ia64
Avaya Labs Libsafe 2.0-12
- RedHat Linux 7.1 x86
Avaya Labs Libsafe 2.0-12
- RedHat Linux 7.1 alpha
Avaya Labs Libsafe 2.0-12
- RedHat Linux 7.1
Avaya Labs Libsafe 2.0-12
- RedHat Linux 7.1 ia64
Avaya Labs Libsafe 2.0-12
- RedHat Linux 7.0
Avaya Labs Libsafe 2.0-12
- RedHat Linux 7.0 sparc
Avaya Labs Libsafe 2.0-12
- RedHat Linux 7.0 x86
Avaya Labs Libsafe 2.0-12
- RedHat Linux 7.0 alpha
Avaya Labs Libsafe 2.0-12
- RedHat Linux 6.2 sparc
Avaya Labs Libsafe 2.0-12
- RedHat Linux 6.2
Avaya Labs Libsafe 2.0-12
- RedHat Linux 6.2 x86
Avaya Labs Libsafe 2.0-12
- RedHat Linux 6.2 alpha
Avaya Labs Libsafe 2.0-12
- RedHat Linux 6.1 alpha
Avaya Labs Libsafe 2.0-12
- RedHat Linux 6.1 sparc
Avaya Labs Libsafe 2.0-12
- RedHat Linux 6.1
Avaya Labs Libsafe 2.0-12
- RedHat Linux 6.1 x86
Avaya Labs Libsafe 2.0-12
- RedHat Linux 6.0 x86
Avaya Labs Libsafe 2.0-12
- RedHat Linux 6.0
Avaya Labs Libsafe 2.0-12
- RedHat Linux 6.0 alpha
Avaya Labs Libsafe 2.0-12
- RedHat Linux 6.0 sparc
Avaya Labs Libsafe 2.0-12
- RedHat Linux 5.2 x86
Avaya Labs Libsafe 2.0-12
- RedHat Linux 5.2 alpha
Avaya Labs Libsafe 2.0-12
- RedHat Linux 5.2
Avaya Labs Libsafe 2.0-12
- RedHat Linux 5.2 sparc
Avaya Labs Libsafe 2.0-12
- Slackware Linux 8.0
Avaya Labs Libsafe 2.0-12
- Slackware Linux 7.1
Avaya Labs Libsafe 2.0-12
- Slackware Linux 7.0
Avaya Labs Libsafe 2.0-12
- SuSE Linux 7.3 i386
Avaya Labs Libsafe 2.0-12
- SuSE Linux 7.3 powerpc
Avaya Labs Libsafe 2.0-12
- SuSE Linux 7.3 sparc
Avaya Labs Libsafe 2.0-12
- SuSE Linux 7.2 i386
Avaya Labs Libsafe 2.0-12
- SuSE Linux 7.2
Avaya Labs Libsafe 2.0-12
- SuSE Linux 7.1 i386
Avaya Labs Libsafe 2.0-12
- SuSE Linux 7.1
Avaya Labs Libsafe 2.0-12
- SuSE Linux 7.1 powerpc
Avaya Labs Libsafe 2.0-12
- SuSE Linux 7.1 alpha
Avaya Labs Libsafe 2.0-12
- SuSE Linux 7.1 sparc
Avaya Labs Libsafe 2.0-12
- SuSE Linux 7.0 powerpc
Avaya Labs Libsafe 2.0-12
- SuSE Linux 7.0 alpha
Avaya Labs Libsafe 2.0-12
- SuSE Linux 7.0 sparc
Avaya Labs Libsafe 2.0-12
- SuSE Linux 7.0 i386
Avaya Labs Libsafe 2.0-12
- SuSE Linux 7.0
Avaya Labs Libsafe 2.0-12
- SuSE Linux 6.4
Avaya Labs Libsafe 2.0-12
- SuSE Linux 6.4 i386
Avaya Labs Libsafe 2.0-12
- SuSE Linux 6.4 powerpc
Avaya Labs Libsafe 2.0-12
- SuSE Linux 6.4 alpha
BUGTRAQ ID: 4326
CVE(CAN) ID: CVE-2002-0175
Libsafe是免费开放源代码设计用于防护缓冲溢出和格式化串攻击的程序,由Avaya Labs开发维护,运行在Linux系统下。
Libsafe对部分C库格式标识不能处理,可导致格式化串攻击可绕过。
Libsafe对某些格式标识类型缺少实现,C库中的格式标识"%'n" 和 "%In"在Libsafe上不能正确处理,因此攻击者可以通过这些格式标识对格式化串漏洞进行攻击而绕过Libsafe的检查。
<*来源:Wojciech Purczynski (cliph@isec.pl)
链接:http://archives.neohapsis.com/archives/bugtraq/2002-03/0239.html
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
暂时没有合适的临时解决方法。
厂商补丁:
Avaya Labs
----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Avaya Labs Libsafe 2.0-9:
Avaya Labs Upgrade libsafe-2.0-12.tgz
http://www.research.avayalabs.com/project/libsafe/src/libsafe-2.0-12.tgz
Avaya Labs Libsafe 2.0-11:
Avaya Labs Upgrade libsafe-2.0-12.tgz
http://www.research.avayalabs.com/project/libsafe/src/libsafe-2.0-12.tgz
Avaya Labs Libsafe 2.0-10:
Avaya Labs Upgrade libsafe-2.0-12.tgz
http://www.research.avayalabs.com/project/libsafe/src/libsafe-2.0-12.tgz
浏览次数:3017
严重程度:0(网友投票)
绿盟科技给您安全的保障