安全研究
安全漏洞
BarnOwl错误验证libzephyr返回值漏洞
发布日期:2010-08-13
更新日期:2010-08-19
受影响系统:
MIT BarnOwl < 1.6.2不受影响系统:
MIT BarnOwl 1.6.2描述:
BUGTRAQ ID: 42318
CVE(CAN) ID: CVE-2010-2725
BarnOwl是基于curses库的即时消息客户端,目前支持Zephyr、AIM、Jabber和IRC通讯协议
BarnOwl没有正确地检查对libzephyr库中ZPending和ZReceiveNotice函数调用的返回值,远程攻击者可以通过发送恶意聊天消息导致拒绝服务或执行任意代码。
<*来源:Nelson Elhage (nelhage@mit.edu)
链接:http://secunia.com/advisories/40953/
http://barnowl.mit.edu/wiki/release-notes/1.6.2
http://www.debian.org/security/2010/dsa-2102
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-2102-1)以及相应补丁:
DSA-2102-1:New barnowl packages fix arbitrary code execution
链接:http://www.debian.org/security/2010/dsa-2102
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1.orig.tar.gz
Size/MD5 checksum: 606923 5036fe3559becc5fa81de9a4dc028767
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2.dsc
Size/MD5 checksum: 1131 2cf38ea3565cbc819c2599045d41e594
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2.diff.gz
Size/MD5 checksum: 17407 6eef7b2e31097c85d1fce993e9d08f27
Architecture independent packages:
http://security.debian.org/pool/updates/main/b/barnowl/barnowl-irc_1.0.1-4+lenny2_all.deb
Size/MD5 checksum: 39502 7dd6dd51b6f8fbb189e174390973d0e0
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_alpha.deb
Size/MD5 checksum: 521794 5e8b418204f0ea86cf2d44333c3df11f
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_amd64.deb
Size/MD5 checksum: 498014 191fb4aa4ab528baf40b59f18d7eb36c
arm architecture (ARM)
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_arm.deb
Size/MD5 checksum: 453436 42b05b0c60b5c90129605c34daffcf11
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_armel.deb
Size/MD5 checksum: 453674 ef893ba37cebe84bf3af1bed1e16b1af
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_hppa.deb
Size/MD5 checksum: 485238 f482a5079043bb2955751b535f60c1c5
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_i386.deb
Size/MD5 checksum: 468532 e70847f4b14dde80a4afcbf095f738bf
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_ia64.deb
Size/MD5 checksum: 580308 44a07fa48b54dca15fed0c158129c3a8
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_mips.deb
Size/MD5 checksum: 461644 69976cc4a85f19bf4efe074800833baa
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_mipsel.deb
Size/MD5 checksum: 460558 1a8aca0efbb4b986a15f202f7cc4c638
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_powerpc.deb
Size/MD5 checksum: 485170 3389955dfaea0e8eadd03a944e6e9ab8
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_s390.deb
Size/MD5 checksum: 488548 4f49e79c9d4cb4d0af71f846521c21fa
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/b/barnowl/barnowl_1.0.1-4+lenny2_sparc.deb
Size/MD5 checksum: 463242 ed7a0bd6e9330b3cf534e8069cbce8c4
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
MIT
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://github.com/barnowl/barnowl/blob/barnowl-1.6.2/ChangeLog
浏览次数:2589
严重程度:0(网友投票)
绿盟科技给您安全的保障