安全研究
安全漏洞
Linux nfs-utils xlog()远程缓冲区单字节溢出漏洞
发布日期:2003-07-14
更新日期:2003-07-17
受影响系统:
Linux NFS nfs-utils 1.0.3不受影响系统:
- Debian Linux 3.0
- Mandrake Linux 9.1
- Mandrake Linux 9.0
- RedHat Linux 9.0
- RedHat Linux 8.0
- Slackware Linux 9.0
- Slackware Linux 8.1
Linux NFS nfs-utils 1.0.4描述:
CVE(CAN) ID: CVE-2003-0252
Linux NFS utils是网络文件系统实现。
nfs-utils存在单字节溢出漏洞,远程攻击者可以利用这个漏洞构造伪造的请求给rpc.mountd守护程序,可能以root用户权限在系统上执行任意指令。
问题存在于xlog()函数,处理请求的日志记录,当函数尝试增加新行字符到要记录的字符串时会触发溢出。由于错误的计算,如果传递给函数的字符串等于或超过1023字节,会由于写‘\0'字节超过缓冲区边界:
- ------8<------cut-here------8<------
char buff[1024];
...
va_start(args, fmt);
vsnprintf(buff, sizeof (buff), fmt, args);
va_end(args);
buff[sizeof (buff) - 1] = 0;
if ((n = strlen(buff)) > 0 && buff[n-1] != '\n') {
buff[n++] = '\n'; buff[n++] = '\0';
}
- ------8<------cut-here------8<------
本地或远程攻击者可以发送精心构建的RPC请求,发送到rpc.mountd守护进程中,可导致拒绝服务攻击,或者以root用户权限在系统上执行任意指令。
<*来源:Janusz Niewiadomski (funkysh@isec.pl)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105820223707191&w=2
http://www.debian.org/security/2003/dsa-349
https://www.redhat.com/support/errata/RHSA-2003-206.html
*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-349-1)以及相应补丁:
DSA-349-1:New nfs-utils package fixes buffer overflow
链接:http://www.debian.org/security/2002/dsa-349
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-utils_1.0-2woody1.dsc
Size/MD5 checksum: 547 a4c33f7a535608512f31b7ee34d4272e
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-utils_1.0-2woody1.tar.gz
Size/MD5 checksum: 240859 5c573fee27a1e10ff7f664b4bdf732a2
Alpha architecture:
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_alpha.deb
Size/MD5 checksum: 52698 29882fb7f6fd28f81f815ed562ac68a7
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_alpha.deb
Size/MD5 checksum: 79386 49ff8885c51710a768cd93f6dd649d71
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_alpha.deb
Size/MD5 checksum: 36662 0dc3e1ba2c91f2232e3fcb20918057e4
ARM architecture:
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_arm.deb
Size/MD5 checksum: 44804 296f0f554fd1cf4b59d9ea1cdab9321d
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_arm.deb
Size/MD5 checksum: 67516 f3bea88a8d1ba73a2534b8c0bd7c423c
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_arm.deb
Size/MD5 checksum: 34344 3c266dc34f4ac4be196b499c5eef3975
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_i386.deb
Size/MD5 checksum: 44400 233409f10f8767e36f6ad10072ede8ab
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_i386.deb
Size/MD5 checksum: 66596 07ea3180828ef48a92c58855d9b5b54a
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_i386.deb
Size/MD5 checksum: 33482 11d03d87740fb81054b46a859741d77c
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_ia64.deb
Size/MD5 checksum: 58974 33483f9fe4df2b84cb26d4e1cd76fc91
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_ia64.deb
Size/MD5 checksum: 93340 eb51718186119e3b73d193c4eb7f5707
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_ia64.deb
Size/MD5 checksum: 41470 3ad514dec2b983446a2fb704e56be337
HP Precision architecture:
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_hppa.deb
Size/MD5 checksum: 49896 9444fd4edfbb2abbcf83e838fda6d214
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_hppa.deb
Size/MD5 checksum: 74924 2270c3317f7453cec6966e2e16147d42
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_hppa.deb
Size/MD5 checksum: 36746 3f10fa97c70fa41776f874e670e57642
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_m68k.deb
Size/MD5 checksum: 43548 1896cab837cdfaabdcb728668e6f0273
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_m68k.deb
Size/MD5 checksum: 64216 822c887cd14d049528029f36cc1a2240
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_m68k.deb
Size/MD5 checksum: 33168 11468a2b2cc746b6ed363fa481575124
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_mips.deb
Size/MD5 checksum: 47534 2dc98eeed2317d0dfc7a564b4148491f
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_mips.deb
Size/MD5 checksum: 74732 eff1441d229295fecc3e46113763b242
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_mips.deb
Size/MD5 checksum: 35674 e58f28fd4ed296573efda02226f68f78
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_mipsel.deb
Size/MD5 checksum: 47672 4b4f9619231ee353a4a9585c5d25d97f
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_mipsel.deb
Size/MD5 checksum: 74758 5cb3ed2cc13787e8e4cec25bae4888fd
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_mipsel.deb
Size/MD5 checksum: 35592 c0f83d36cbf8ce91068aab57b67e27e3
PowerPC architecture:
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_powerpc.deb
Size/MD5 checksum: 45836 2403d7768e90f4816f352e709c170db6
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_powerpc.deb
Size/MD5 checksum: 68946 7f02fb3dff57fc7653748a2b4596495d
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_powerpc.deb
Size/MD5 checksum: 34400 c6f488e6dd8fda796e4deaaa27b88efc
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_s390.deb
Size/MD5 checksum: 46006 96b6534bda89d5972f2abb3810b7c54b
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_s390.deb
Size/MD5 checksum: 70004 52f4f090ad8cd97e8703806ba6af1db8
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_s390.deb
Size/MD5 checksum: 34536 921a9d188d539b82cd671f910aff0c26
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-common_1.0-2woody1_sparc.deb
Size/MD5 checksum: 51968 8e9df57876f846d04ca688b28d9434f6
http://security.debian.org/pool/updates/main/n/nfs-utils/nfs-kernel-server_1.0-2woody1_sparc.deb
Size/MD5 checksum: 76244 cdafde849c69da57312aedf4b0e564cf
http://security.debian.org/pool/updates/main/n/nfs-utils/nhfsstone_1.0-2woody1_sparc.deb
Size/MD5 checksum: 36928 726481a036653add593ed2a009ac7d6d
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2003:206-01)以及相应补丁:
RHSA-2003:206-01:Updated nfs-utils packages fix denial of service vulnerability
链接:https://www.redhat.com/support/errata/RHSA-2003-206.html
补丁下载:
Red Hat Linux 7.1:
SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/nfs-utils-0.3.1-6.71.src.rpm
i386:
ftp://updates.redhat.com/7.1/en/os/i386/nfs-utils-0.3.1-6.71.i386.rpm
Red Hat Linux 7.2:
SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/nfs-utils-0.3.1-14.72.src.rpm
i386:
ftp://updates.redhat.com/7.2/en/os/i386/nfs-utils-0.3.1-14.72.i386.rpm
ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/nfs-utils-0.3.1-14.72.ia64.rpm
Red Hat Linux 7.3:
SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/nfs-utils-0.3.3-6.73.src.rpm
i386:
ftp://updates.redhat.com/7.3/en/os/i386/nfs-utils-0.3.3-6.73.i386.rpm
Red Hat Linux 8.0:
SRPMS:
ftp://updates.redhat.com/8.0/en/os/SRPMS/nfs-utils-1.0.1-2.80.src.rpm
i386:
ftp://updates.redhat.com/8.0/en/os/i386/nfs-utils-1.0.1-2.80.i386.rpm
Red Hat Linux 9:
SRPMS:
ftp://updates.redhat.com/9/en/os/SRPMS/nfs-utils-1.0.1-3.9.src.rpm
i386:
ftp://updates.redhat.com/9/en/os/i386/nfs-utils-1.0.1-3.9.i386.rpm
S.u.S.E.
--------
http://www.debian.org/security/2003/dsa-349
Linux NFS
---------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
nfs-utils 1.0.4版本已经解决这个问题:
http://sourceforge.net/projects/nfs/
浏览次数:4504
严重程度:0(网友投票)
绿盟科技给您安全的保障