安全研究

安全漏洞
aMule wxExecute()函数命令注入漏洞

发布日期:2009-04-22
更新日期:2009-04-23

受影响系统:
aMule Project aMule 2.2.4
aMule Project aMule 2.1.2
描述:
BUGTRAQ  ID: 34683
CVE(CAN) ID: CVE-2009-1440

aMule是一个开源的P2P文件共享程序。

aMule的src/DownloadListCtrl.cpp文件执行了以下操作:

command = wxT("xterm -T \"aMule Preview\" -iconic -e mplayer '$file'");
[...]
wxString rawFileName = file->GetFullName().GetRaw();
command.Replace(wxT("$file"), rawFileName);
[...]
wxExecute(command, wxEXEC_ASYNC, p);

尽管通过删除:/<>和其他字符对file->GetFullName()执行了过滤,但既没有转义也没有过滤单引号(')。如果远程攻击者诱骗用户下载了包含有特制文件名的恶意文件的话,就可能导致注入并执行任意代码。

<*来源:Sam Hocevar
  
  链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=525078
        http://secunia.com/advisories/34839/
        http://www.debian.org/security/2009/dsa-1821
*>

建议:
厂商补丁:

Debian
------
Debian已经为此发布了一个安全公告(DSA-1821-1)以及相应补丁:
DSA-1821-1:New amule packages fix insufficient input sanitising
链接:http://www.debian.org/security/2009/dsa-1821

补丁下载:
Source archives:

http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1.orig.tar.gz
Size/MD5 checksum:  5945095 4af457cf1112cd2c23f133f98d0b1123
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2.diff.gz
Size/MD5 checksum:    21192 cbae4dfde8c2ee4108354ae5a3b33b7c
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2.dsc
Size/MD5 checksum:     1360 44eaea8c76492a09197b4764f6602c38

Architecture independent packages:

http://security.debian.org/pool/updates/main/a/amule/amule-common_2.2.1-1+lenny2_all.deb
Size/MD5 checksum:  2253976 3a393eacd88cbe16e4c6714d244b600c

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_alpha.deb
Size/MD5 checksum:   464220 8d763c84917f2591e724d9db0c3bf730
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_alpha.deb
Size/MD5 checksum:  1428344 8924427d6f9f3c7c59b04829b1e689e4
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_alpha.deb
Size/MD5 checksum:  1350778 af463e0b04b01767c32a4d40cd611065
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_alpha.deb
Size/MD5 checksum:  2094352 e12c37ac77be795df6b6e57503b2085e

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_amd64.deb
Size/MD5 checksum:  1294100 fd70acd8c4b1c86aa09da145450de94b
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_amd64.deb
Size/MD5 checksum:   448166 64d61b24c0307c21e6a13cc676bb7361
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_amd64.deb
Size/MD5 checksum:  1192552 6a3c91f293913531a70dd4647cffa6e7
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_amd64.deb
Size/MD5 checksum:  1858846 2933a8ad9f7dda33940efff5ee9194b6

arm architecture (ARM)

http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_arm.deb
Size/MD5 checksum:   449514 1dee31e34becbb25690e98f5bcb7fc81
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_arm.deb
Size/MD5 checksum:  1976994 ebff75684dbab7ac1b6b5f0f217acd35
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_arm.deb
Size/MD5 checksum:  1266254 a8ca8a7f528ef533baf6a4022f15d625
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_arm.deb
Size/MD5 checksum:  1351714 a66eb56243ef7c70957dbaebfafc0ae7

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_armel.deb
Size/MD5 checksum:   429464 ac82fc01cf3792d837b68df26d2509aa
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_armel.deb
Size/MD5 checksum:  1092808 3a8d674aa4f3c1a5bfb2836e4d5e5d3f
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_armel.deb
Size/MD5 checksum:  1236006 205dae928f6231ce664ce1bde3c222cc
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_armel.deb
Size/MD5 checksum:  1765870 fac2d32b45a4f69d631aedc004103450

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_hppa.deb
Size/MD5 checksum:  1442768 9b34faff8e0338be7a872d24ce6f6116
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_hppa.deb
Size/MD5 checksum:  1351038 56ed6958e047640353ec93342d522deb
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_hppa.deb
Size/MD5 checksum:  2098164 77a7a340f20e60bd2d9d62126f5da5b4
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_hppa.deb
Size/MD5 checksum:   465580 e9b5ee45e63b84dbd30cdbcb8663c833

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_i386.deb
Size/MD5 checksum:   441412 7d950e97f28fc52a2ad904c97d695647
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_i386.deb
Size/MD5 checksum:  1282022 41cb881f954cfee01544cc79cc637de9
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_i386.deb
Size/MD5 checksum:  1834186 092acc92d4efd8f8cfcdfc20d91bf1e4
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_i386.deb
Size/MD5 checksum:  1160416 59a189fcb605d3cd53c25157ac08775e

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_ia64.deb
Size/MD5 checksum:  1543554 e48c437c956f1a7fa663bb4f7c86ae98
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_ia64.deb
Size/MD5 checksum:  2354916 49d3399f61a5d25fa53d61093d0d6aa4
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_ia64.deb
Size/MD5 checksum:  1594620 ae20084bfa0522b83263bab081671835
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_ia64.deb
Size/MD5 checksum:   491456 253e201bce8de74d789c01596a87950d

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_mips.deb
Size/MD5 checksum:  1244756 95fc39ecfdbe4c8be3b07cc8e26727f3
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_mips.deb
Size/MD5 checksum:  1329214 09b790f67e09fc528300d137b199f5ce
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_mips.deb
Size/MD5 checksum:  1952694 00cbb0c1cd2710710131f38cf7dd000f
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_mips.deb
Size/MD5 checksum:   444304 42da3ebfcdfaaf6c2f3df7edb9355ef1

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_mipsel.deb
Size/MD5 checksum:  1903990 c593afa800e0d46e565b89a29d9f1d84
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_mipsel.deb
Size/MD5 checksum:  1286918 ab7f0967f74ce64dbbe004c6fbd66ee1
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_mipsel.deb
Size/MD5 checksum:  1231682 c2c6ffe9862979549089cd7a86b848e9
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_mipsel.deb
Size/MD5 checksum:   443016 961d4bf791fa0fcb6f9e508369370745

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_powerpc.deb
Size/MD5 checksum:  1369070 e7ea8113da751779df3f27c22a290167
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_powerpc.deb
Size/MD5 checksum:  1233354 5dee3db5c0be3c25fea36c9e0585aabd
http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_powerpc.deb
Size/MD5 checksum:  1952042 8be4209ffbc1d92bda69a4a7c225871c
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_powerpc.deb
Size/MD5 checksum:   459252 4f50ff6ebb0c8f51def95a0231231ac3

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_s390.deb
Size/MD5 checksum:  1845666 276351af0fd557f30dddfe163a778a49
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_s390.deb
Size/MD5 checksum:   441768 a18c5708f99b5dc49c0f9a73dc06d153
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_s390.deb
Size/MD5 checksum:  1301370 873dd9d9b0c965c81c4d38b6d2b2073e
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_s390.deb
Size/MD5 checksum:  1143174 c249ffbc639a4b922f2e85a4ae7cf822

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/a/amule/amule_2.2.1-1+lenny2_sparc.deb
Size/MD5 checksum:  1886608 721e115be6a2739137a6829157152ab5
http://security.debian.org/pool/updates/main/a/amule/amule-daemon_2.2.1-1+lenny2_sparc.deb
Size/MD5 checksum:  1161476 d40bd787ba3017e6378add6127792dfd
http://security.debian.org/pool/updates/main/a/amule/amule-utils-gui_2.2.1-1+lenny2_sparc.deb
Size/MD5 checksum:  1319292 8eca735707f026977e2b949a0e465c4c
http://security.debian.org/pool/updates/main/a/amule/amule-utils_2.2.1-1+lenny2_sparc.deb
Size/MD5 checksum:   442942 d2083c9c69c3279dc70fa5cdd225210c

补丁安装方法:

1. 手工安装补丁包:

  首先,使用下面的命令来下载补丁软件:
  # wget url  (url是补丁下载链接地址)

  然后,使用下面的命令来安装补丁:  
  # dpkg -i file.deb (file是相应的补丁名)

2. 使用apt-get自动安装补丁包:

   首先,使用下面的命令更新内部数据库:
   # apt-get update
  
   然后,使用下面的命令安装更新软件包:
   # apt-get upgrade

aMule Project
-------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.amule.org/wiki/index.php/Changelog_latest

浏览次数:3552
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障
关于我们
公司介绍
公司荣誉
公司新闻
联系我们
公司总部
分支机构
海外机构
快速链接
绿盟云
绿盟威胁情报中心NTI
技术博客