安全研究

安全漏洞
GNU Emacs GIF图形处理远程拒绝服务漏洞

发布日期:2007-06-21
更新日期:2007-06-22

受影响系统:
GNU Emacs
描述:
BUGTRAQ  ID: 24570
CVE(CAN) ID: CVE-2007-2833

Emacs是一个可扩展的实时显示编辑器。

Emacs在处理畸形GIF图形时存在漏洞,远程攻击者可能利用此漏洞导致用户Emacs崩溃。

Emacs没有正确地计算某些GIF图形的大小,如果用户受骗打开了恶意的GIF图形的话,就会导致Emacs出现分段错误而崩溃。

<*来源:Hendrik Tews (H.Tews@cs.ru.nl
  
  链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408929
        http://www.debian.org/security/2007/dsa-1316
*>

测试方法:

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;filename=spam-bug;att=1;bug=408929

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1316-1)以及相应补丁:
DSA-1316-1:New emacs21 packages fix denial of service
链接:http://www.debian.org/security/2007/dsa-1316

补丁下载:

Source archives:

http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1.orig.tar.gz
Size/MD5 checksum: 15188829 2614ad1ce5c547e682e76049717a704d
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1.diff.gz
Size/MD5 checksum:   189123 efad0ca53f0dbddb93b2cbef0edb350d
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1.dsc
Size/MD5 checksum:      893 01f93796b7e4cbfb0c07fc211b49ebfa

Architecture independent packages:

http://security.debian.org/pool/updates/main/e/emacs21/emacs21-common_21.4a+1-3etch1_all.deb
Size/MD5 checksum:  9450540 eb73296f7683a65384cd41905f6dc39c
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-el_21.4a+1-3etch1_all.deb
Size/MD5 checksum:  7218194 cac7a6629afe81db77af34e344194852
http://security.debian.org/pool/updates/main/e/emacs21/emacs_21.4a+1-3etch1_all.deb
Size/MD5 checksum:    23846 b8675a67384a58f59befec0577eca744

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_alpha.deb
Size/MD5 checksum:  2329172 9468d7d11509518ec4d6e97caf26cc86
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_alpha.deb
Size/MD5 checksum:  2085080 6576dd8ef28a1055cb1017ffcc9aad74
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_alpha.deb
Size/MD5 checksum:   182974 565e5a66ab03c426078faa70c3305349

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_amd64.deb
Size/MD5 checksum:  1969826 691f4641f9c3e3fd37b149ae5478d65d
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_amd64.deb
Size/MD5 checksum:  2187854 9fcfd83efc6ce06c675e68fa43b8fded
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_amd64.deb
Size/MD5 checksum:   162136 1973e185e0c221c03dbf77df2e460df7

arm architecture (ARM)

http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_arm.deb
Size/MD5 checksum:  1828924 f6bce578f44fb1f1a1ab31217f926708
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_arm.deb
Size/MD5 checksum:  2030164 e3991619fdb58d75d95ab480fb191c79
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_arm.deb
Size/MD5 checksum:   147964 84453604acd1f52971da2bdd785fad17

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_hppa.deb
Size/MD5 checksum:  1961192 f169821c8a1f27c44c3a2f41ca2f3651
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_hppa.deb
Size/MD5 checksum:  2187120 37e9cc501a0ed894506700f3979a9cc0
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_hppa.deb
Size/MD5 checksum:   162908 be7bc21995279915d27c5755904373d5

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_i386.deb
Size/MD5 checksum:   146884 f295798eef85bf559ca830f0a87de5c1
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_i386.deb
Size/MD5 checksum:  2029074 0ad01edbae57f38fd98b7e166363c15d
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_i386.deb
Size/MD5 checksum:  1837132 3228c6d0f29ef3367c962893e6ea7325

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_ia64.deb
Size/MD5 checksum:   215278 adc3e9e2590f28ddaa4a415e6e07d57e
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_ia64.deb
Size/MD5 checksum:  2351410 8b0192deacf060b17623a2a3274b179b
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_ia64.deb
Size/MD5 checksum:  2707896 a13cc5a1192c910f17b9b8d56ae2af35

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_mips.deb
Size/MD5 checksum:  2264302 f15a5884dde71bb4be70030b84accdf9
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_mips.deb
Size/MD5 checksum:  2026274 65936d472970fccab319540e5508ce57
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_mips.deb
Size/MD5 checksum:   165656 9c9483290fd960b049e1a63cb1295165

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_mipsel.deb
Size/MD5 checksum:  1978868 9822056f7ef84d0f5691585ee3d524a0
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_mipsel.deb
Size/MD5 checksum:   165668 431c39dd0dd50d17ca2958f90ee7df33
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_mipsel.deb
Size/MD5 checksum:  2216624 66e1c85453ae9c7a49c9a2fb9d4a8480

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_powerpc.deb
Size/MD5 checksum:  2118924 c39baa8043ded1bb0bed737e9c117dba
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_powerpc.deb
Size/MD5 checksum:  1905208 4d1d6f37948fc7c22787365a449fd2b7
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_powerpc.deb
Size/MD5 checksum:   155700 e9cd7d62d7897ead5daaafe6c4baf83e

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_s390.deb
Size/MD5 checksum:  1931752 2c9d6527bfc7bb263e342815f658804b
http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_s390.deb
Size/MD5 checksum:  2146028 8fdce62a7aa6800bf6cdfe5560402886
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_s390.deb
Size/MD5 checksum:   157108 7e3c170c7b558bd49bb04a150c2fa05d

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/e/emacs21/emacs21_21.4a+1-3etch1_sparc.deb
Size/MD5 checksum:  2114942 2739d3fbe7ccdb9376018324921f3250
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-bin-common_21.4a+1-3etch1_sparc.deb
Size/MD5 checksum:   148146 3f31d435a2477804cd2a1bf6c2c93a77
http://security.debian.org/pool/updates/main/e/emacs21/emacs21-nox_21.4a+1-3etch1_sparc.deb
Size/MD5 checksum:  1913248 5746adae76a13ffabbf243f254d531e7

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

浏览次数:3388
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客