发布日期：2009-03-23
更新日期：2009-03-25

受影响系统：

Citadel/UX webcit < 7.39

不受影响系统：

Citadel/UX webcit 7.39

描述：

---

BUGTRAQ  ID: 34206
CVE(CAN) ID: CVE-2009-0364

WebCit是Citadel邮件和协作组件所使用的基于WEB的用户界面。

webcit模块calendar_view.c文件的embeddable_mini_calendar()函数中存在格式串漏洞，远程攻击者可以通过向服务器提交特制的URL请求导致注入并执行任意指令。

<*来源：Wilfried Goesgens
  
  链接：http://secunia.com/advisories/34434/
        http://www.debian.org/security/2009/dsa-1752
*>

建议：

---

厂商补丁：

Debian
------
Debian已经为此发布了一个安全公告（DSA-1752-1）以及相应补丁:
DSA-1752-1：New webcit packages fix potential remote code execution
链接：http://www.debian.org/security/2009/dsa-1752

补丁下载：

Source archives:

http://security.debian.org/pool/updates/main/w/webcit/webcit_7.37-dfsg.orig.tar.gz
Size/MD5 checksum:  1192317 e3e47149a6553e43694e826f4885ba46
http://security.debian.org/pool/updates/main/w/webcit/webcit_7.37-dfsg-7.diff.gz
Size/MD5 checksum:    18735 f30f31bff85ef9cc40aba5bf5f3c1278
http://security.debian.org/pool/updates/main/w/webcit/webcit_7.37-dfsg-7.dsc
Size/MD5 checksum:     1253 f2b409fdfbde0c38af85070180a4321f

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_alpha.deb
Size/MD5 checksum:   547908 84e6dfa88008d2c51070803d0af04148

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_amd64.deb
Size/MD5 checksum:   509426 4e9e9b518be1a1e87cd08d0def32f612

arm architecture (ARM)

http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_arm.deb
Size/MD5 checksum:   505092 a3027a329b7a17166eddafe66eff5fde

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_armel.deb
Size/MD5 checksum:   504990 d6df9145a39f0be111667d14528a0a52

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_hppa.deb
Size/MD5 checksum:   527860 f46e26bac6a926b6b7a28f9f7557077b

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_i386.deb
Size/MD5 checksum:   496954 43aac6120f334b606edddd9f9a182b44

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_ia64.deb
Size/MD5 checksum:   605578 2231aac4aaa8ef730485ea8d40c5019b

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_mips.deb
Size/MD5 checksum:   512552 cc2904da25b4ec9e70d56b63d50e57aa

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_mipsel.deb
Size/MD5 checksum:   511294 e0e4de0530cb84f0472765fb2bd6b62f

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_powerpc.deb
Size/MD5 checksum:   522134 a8b1970f336c836884eddb62c614f436

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_s390.deb
Size/MD5 checksum:   505406 621a33e619037bd739bf45451ef589eb

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/w/webcit/citadel-webcit_7.37-dfsg-7_sparc.deb
Size/MD5 checksum:   507950 1d22cf3b4f1faf910d031acb6504bfae

补丁安装方法：

1. 手工安装补丁包：

  首先，使用下面的命令来下载补丁软件：
  # wget url  (url是补丁下载链接地址)

  然后，使用下面的命令来安装补丁：  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包：

   首先，使用下面的命令更新内部数据库：
   # apt-get update
  
   然后，使用下面的命令安装更新软件包：
   # apt-get upgrade

浏览次数：2565
严重程度：0（网友投票）