绿盟科技NSFOCUS安全漏洞系统

安全研究

安全漏洞

Libsafe格式串参数数目检查可绕过漏洞

发布日期：2002-03-20
更新日期：2002-03-28

受影响系统：

Avaya Labs Libsafe 2.0-10
    - Debian Linux 2.2 sparc
    - Debian Linux 2.2 68k
    - Debian Linux 2.2 IA-32
    - Debian Linux 2.2 alpha
    - Debian Linux 2.2 powerpc
    - Debian Linux 2.2 arm
    - Mandrake Linux 8.1
    - Mandrake Linux 8.0
    - RedHat Linux 7.2 x86
    - RedHat Linux 7.2 alpha
    - RedHat Linux 7.2 ia64
    - RedHat Linux 7.1 x86
    - RedHat Linux 7.1 alpha
    - RedHat Linux 7.1
    - RedHat Linux 7.1 ia64
    - RedHat Linux 7.0 x86
    - RedHat Linux 7.0 alpha
    - RedHat Linux 7.0
    - RedHat Linux 7.0 sparc
    - RedHat Linux 6.2 sparc
    - RedHat Linux 6.2
    - RedHat Linux 6.2 x86
    - RedHat Linux 6.2 alpha
    - RedHat Linux 6.1 sparc
    - RedHat Linux 6.1
    - RedHat Linux 6.1 x86
    - RedHat Linux 6.1 alpha
    - RedHat Linux 6.0
    - RedHat Linux 6.0 alpha
    - RedHat Linux 6.0 sparc
    - RedHat Linux 6.0 x86
    - RedHat Linux 5.2 x86
    - RedHat Linux 5.2 alpha
    - RedHat Linux 5.2
    - RedHat Linux 5.2 sparc
    - Slackware Linux 8.0
    - Slackware Linux 7.1
    - Slackware Linux 7.0
Avaya Labs Libsafe 2.0-11
    - Debian Linux 2.2 IA-32
    - Debian Linux 2.2 alpha
    - Debian Linux 2.2 powerpc
    - Debian Linux 2.2 arm
    - Debian Linux 2.2 sparc
    - Debian Linux 2.2 68k
    - Mandrake Linux 8.1
    - Mandrake Linux 8.0
    - RedHat Linux 7.2 alpha
    - RedHat Linux 7.2 ia64
    - RedHat Linux 7.2 x86
    - RedHat Linux 7.1 x86
    - RedHat Linux 7.1 alpha
    - RedHat Linux 7.1
    - RedHat Linux 7.1 ia64
    - RedHat Linux 7.0 x86
    - RedHat Linux 7.0 alpha
    - RedHat Linux 7.0
    - RedHat Linux 7.0 sparc
    - RedHat Linux 6.2 sparc
    - RedHat Linux 6.2
    - RedHat Linux 6.2 x86
    - RedHat Linux 6.2 alpha
    - RedHat Linux 6.1 sparc
    - RedHat Linux 6.1
    - RedHat Linux 6.1 x86
    - RedHat Linux 6.1 alpha
    - RedHat Linux 6.0 sparc
    - RedHat Linux 6.0 x86
    - RedHat Linux 6.0
    - RedHat Linux 6.0 alpha
    - RedHat Linux 5.2 alpha
    - RedHat Linux 5.2
    - RedHat Linux 5.2 sparc
    - RedHat Linux 5.2 x86
    - Slackware Linux 8.0
    - Slackware Linux 7.1
    - Slackware Linux 7.0
Avaya Labs Libsafe 2.0-9
    - Debian Linux 2.2 arm
    - Debian Linux 2.2 sparc
    - Debian Linux 2.2 68k
    - Debian Linux 2.2 IA-32
    - Debian Linux 2.2 alpha
    - Debian Linux 2.2 powerpc
    - Mandrake Linux 8.1
    - Mandrake Linux 8.0
    - RedHat Linux 7.2 x86
    - RedHat Linux 7.2 alpha
    - RedHat Linux 7.2 ia64
    - RedHat Linux 7.1 x86
    - RedHat Linux 7.1 alpha
    - RedHat Linux 7.1
    - RedHat Linux 7.1 ia64
    - RedHat Linux 7.0
    - RedHat Linux 7.0 sparc
    - RedHat Linux 7.0 x86
    - RedHat Linux 7.0 alpha
    - RedHat Linux 6.2 sparc
    - RedHat Linux 6.2
    - RedHat Linux 6.2 x86
    - RedHat Linux 6.2 alpha
    - RedHat Linux 6.1 alpha
    - RedHat Linux 6.1 sparc
    - RedHat Linux 6.1
    - RedHat Linux 6.1 x86
    - RedHat Linux 6.0 x86
    - RedHat Linux 6.0
    - RedHat Linux 6.0 alpha
    - RedHat Linux 6.0 sparc
    - RedHat Linux 5.2 x86
    - RedHat Linux 5.2 alpha
    - RedHat Linux 5.2
    - RedHat Linux 5.2 sparc
    - Slackware Linux 8.0
    - Slackware Linux 7.1
    - Slackware Linux 7.0

不受影响系统：

Avaya Labs Libsafe 2.0-12
    - Debian Linux 2.2 arm
Avaya Labs Libsafe 2.0-12
    - Debian Linux 2.2 sparc
Avaya Labs Libsafe 2.0-12
    - Debian Linux 2.2 68k
Avaya Labs Libsafe 2.0-12
    - Debian Linux 2.2 IA-32
Avaya Labs Libsafe 2.0-12
    - Debian Linux 2.2 alpha
Avaya Labs Libsafe 2.0-12
    - Debian Linux 2.2 powerpc
Avaya Labs Libsafe 2.0-12
    - Mandrake Linux 8.1
Avaya Labs Libsafe 2.0-12
    - Mandrake Linux 8.0
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 7.2 x86
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 7.2 alpha
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 7.2 ia64
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 7.1 x86
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 7.1 alpha
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 7.1
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 7.1 ia64
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 7.0
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 7.0 sparc
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 7.0 x86
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 7.0 alpha
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 6.2 sparc
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 6.2
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 6.2 x86
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 6.2 alpha
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 6.1 alpha
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 6.1 sparc
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 6.1
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 6.1 x86
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 6.0 x86
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 6.0
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 6.0 alpha
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 6.0 sparc
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 5.2 x86
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 5.2 alpha
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 5.2
Avaya Labs Libsafe 2.0-12
    - RedHat Linux 5.2 sparc
Avaya Labs Libsafe 2.0-12
    - Slackware Linux 8.0
Avaya Labs Libsafe 2.0-12
    - Slackware Linux 7.1
Avaya Labs Libsafe 2.0-12
    - Slackware Linux 7.0
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 7.3 i386
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 7.3 powerpc
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 7.3 sparc
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 7.2 i386
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 7.2
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 7.1 i386
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 7.1
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 7.1 powerpc
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 7.1 alpha
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 7.1 sparc
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 7.0 powerpc
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 7.0 alpha
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 7.0 sparc
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 7.0 i386
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 7.0
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 6.4
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 6.4 i386
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 6.4 powerpc
Avaya Labs Libsafe 2.0-12
    - SuSE Linux 6.4 alpha

描述：

BUGTRAQ  ID: 4327
CVE(CAN) ID: CVE-2002-0176

Libsafe是免费开放源代码设计用于保护缓冲溢出和格式化串攻击的程序，由Avaya Labs开发维护，运行在Linux系统下。

Libsafe对部分C库格式标识不能正确解析，可导致格式字符串攻击可绕过。

Libsafe对C库中的格式标识"%2$n"没有进行正确的解析，当此格式标识"%2$n"使用两个参数的时候，第一个参数的格式化串将被Libsafe检查，而第二个参数的格式化串没有被Libsafe检查，因此攻击者可以第二个格式化串不检查漏洞进行攻击而绕过Libsafe的保护。

<*来源：Wojciech Purczynski （cliph@isec.pl）

  链接：http://archives.neohapsis.com/archives/bugtraq/2002-03/0239.html
*>

建议：

临时解决方法：

如果您不能立刻安装补丁或者升级，NSFOCUS建议您采取以下措施以降低威胁：

* 暂时没有好的临时解决方法。

厂商补丁：

Avaya Labs
----------
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

Avaya Labs Libsafe 2.0-9:

Avaya Labs Upgrade libsafe-2.0-12.tgz
http://www.research.avayalabs.com/project/libsafe/src/libsafe-2.0-12.tgz

Avaya Labs Libsafe 2.0-11:

Avaya Labs Upgrade libsafe-2.0-12.tgz
http://www.research.avayalabs.com/project/libsafe/src/libsafe-2.0-12.tgz

Avaya Labs Libsafe 2.0-10:

Avaya Labs Upgrade libsafe-2.0-12.tgz
http://www.research.avayalabs.com/project/libsafe/src/libsafe-2.0-12.tgz

浏览次数：3368
严重程度：0（网友投票）

关于我们: 公司介绍; 公司荣誉; 公司新闻

联系我们: 公司总部; 分支机构; 海外机构

快速链接: 绿盟云; 绿盟威胁情报中心NTI; 技术博客