安全研究
安全漏洞
man工具-H选项本地缓冲区溢出漏洞
发布日期:2007-04-06
更新日期:2007-04-10
受影响系统:
Savannah man-db 2.x不受影响系统:
Savannah man-db 2.4.4描述:
BUGTRAQ ID: 23355
CVE(CAN) ID: CVE-2006-4250
man-db是一个在线用户手册数据库,允许使用man命令实现对标准Unix文档系统的访问。
man在处理特定的命令行选项时存在缓冲区溢出漏洞,本地攻击者可能利用此漏洞提升自己的权限。
如果man工具使用的BROWSER环境变量中包含有“%s”扩展的话,就可能触发缓冲区溢出,导致以提升的权限执行任意指令。
<*来源:Jochen Voß
链接:http://secunia.com/advisories/24801/
http://www.debian.org/security/2007/dsa-1278
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1278-1)以及相应补丁:
DSA-1278-1:New man-db packages fix arbitrary code execution
链接:http://www.debian.org/security/2007/dsa-1278
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2.orig.tar.gz
Size/MD5 checksum: 730134 15855f899a76aa302c83ffec81526ab4
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1.dsc
Size/MD5 checksum: 673 add0d09882262adb0cbbde6845af0fbb
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1.diff.gz
Size/MD5 checksum: 104832 c5befcaee1865b8582d7bbe8ac21f537
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_alpha.deb
Size/MD5 checksum: 641194 92131ea27cf1f17fcdaaea36accfa930
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_amd64.deb
Size/MD5 checksum: 607660 464ca88aca62d8cd8ee84072993ce0f7
arm architecture (ARM)
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_arm.deb
Size/MD5 checksum: 559372 1d5563046ce831b2b7088caa044694de
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_hppa.deb
Size/MD5 checksum: 609530 efa1144900b1ee014dd93eb5fb1bf223
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_i386.deb
Size/MD5 checksum: 579774 feb44785cde0c8f64cd22f35aa674ab8
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_ia64.deb
Size/MD5 checksum: 687208 1400e1e708ec327de4517557de51eca3
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_m68k.deb
Size/MD5 checksum: 544688 d9bd8753aeaf7ceaa7ff29903085ca33
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_mips.deb
Size/MD5 checksum: 609644 b8cc5d9b03e70a2bf671983a31d858ba
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_mipsel.deb
Size/MD5 checksum: 611036 6e3cf522a309f851111ce579d1985c83
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_powerpc.deb
Size/MD5 checksum: 602320 05dac7703f16fde62ecf61f07e8ecf97
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_s390.deb
Size/MD5 checksum: 600014 a9d162c3c25869260895ada582042e95
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/m/man-db/man-db_2.4.2-21sarge1_sparc.deb
Size/MD5 checksum: 574580 ee5ab4089c0ff87d3f976f82b4e01c27
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
Savannah
--------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.nongnu.org/man-db/
浏览次数:2990
严重程度:0(网友投票)
绿盟科技给您安全的保障