xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

qDecoder存在远程缓冲溢出漏洞


发布时间:2001-02-05
更新时间:2001-02-05
严重程度:
威胁程度:普通用户访问权限
错误类型:输入验证错误
利用方式:服务器模式

受影响系统
受影响系统:
qDecoder qDecoder 5.0.3
   + Nobreak Technologies CrazyWWWBoard 3.0.1
   + Nobreak Technologies CrazyWWWBoard 2000.0px
   + Nobreak Technologies CrazyWWWBoard 2000.0LEpx
   + Nobreak Technologies CrazyWWWBoard 98PE
   + Nobreak Technologies CrazyWWWBoard 98
   + Nobreak Technologies CrazyWWWBoard 2000px
   + Nobreak Technologies CrazyWWWBoard 2000LEpx
qDecoder qDecoder 5.0.2
   + Nobreak Technologies CrazyWWWBoard 3.0.1
   + Nobreak Technologies CrazyWWWBoard 2000.0px
   + Nobreak Technologies CrazyWWWBoard 2000.0LEpx
   + Nobreak Technologies CrazyWWWBoard 98PE
   + Nobreak Technologies CrazyWWWBoard 98
   + Nobreak Technologies CrazyWWWBoard 2000px
   + Nobreak Technologies CrazyWWWBoard 2000LEpx
qDecoder qDecoder 5.0.1
   + Nobreak Technologies CrazyWWWBoard 3.0.1
   + Nobreak Technologies CrazyWWWBoard 2000.0px
   + Nobreak Technologies CrazyWWWBoard 2000.0LEpx
   + Nobreak Technologies CrazyWWWBoard 98PE
   + Nobreak Technologies CrazyWWWBoard 98
   + Nobreak Technologies CrazyWWWBoard 2000px
   + Nobreak Technologies CrazyWWWBoard 2000LEpx
qDecoder qDecoder 5.0
   + Nobreak Technologies CrazyWWWBoard 3.0.1
   + Nobreak Technologies CrazyWWWBoard 2000.0px
   + Nobreak Technologies CrazyWWWBoard 2000.0LEpx
   + Nobreak Technologies CrazyWWWBoard 98PE
   + Nobreak Technologies CrazyWWWBoard 98
   + Nobreak Technologies CrazyWWWBoard 2000px
   + Nobreak Technologies CrazyWWWBoard 2000LEpx
qDecoder qDecoder 4.3.1
   + Nobreak Technologies CrazyWWWBoard 3.0.1
   + Nobreak Technologies CrazyWWWBoard 2000.0px
   + Nobreak Technologies CrazyWWWBoard 2000.0LEpx
   + Nobreak Technologies CrazyWWWBoard 98PE
   + Nobreak Technologies CrazyWWWBoard 98
   + Nobreak Technologies CrazyWWWBoard 2000px
   + Nobreak Technologies CrazyWWWBoard 2000LEpx
qDecoder qDecoder 4.3
   + Nobreak Technologies CrazyWWWBoard 3.0.1
   + Nobreak Technologies CrazyWWWBoard 2000.0px
   + Nobreak Technologies CrazyWWWBoard 2000.0LEpx
   + Nobreak Technologies CrazyWWWBoard 98PE
   + Nobreak Technologies CrazyWWWBoard 98
   + Nobreak Technologies CrazyWWWBoard 2000px
   + Nobreak Technologies CrazyWWWBoard 2000LEpx
qDecoder qDecoder 4.0.1
   + Nobreak Technologies CrazyWWWBoard 3.0.1
   + Nobreak Technologies CrazyWWWBoard 2000.0px
   + Nobreak Technologies CrazyWWWBoard 2000.0LEpx
   + Nobreak Technologies CrazyWWWBoard 98PE
   + Nobreak Technologies CrazyWWWBoard 98
   + Nobreak Technologies CrazyWWWBoard 2000px
   + Nobreak Technologies CrazyWWWBoard 2000LEpx
qDecoder qDecoder 4.0
   + Nobreak Technologies CrazyWWWBoard 3.0.1
   + Nobreak Technologies CrazyWWWBoard 2000.0px
   + Nobreak Technologies CrazyWWWBoard 2000.0LEpx
   + Nobreak Technologies CrazyWWWBoard 98PE
   + Nobreak Technologies CrazyWWWBoard 98
   + Nobreak Technologies CrazyWWWBoard 2000px
   + Nobreak Technologies CrazyWWWBoard 2000LEpx

不受影响系统:
qDecoder qDecoder 6.0.3
详细描述
qDecoder是一个使用ANSI C库来开发CGI软件的工具,其中由于对一脚本的用户输入没有很好的检查,通过Content-Type头可以建立缓冲溢出。如果超过254个字符拷贝到堆栈中可以覆盖堆栈内容如函数返回地址,进而执行任意程序。

测试代码
可以在下面的ULR下载测试程序:
http://www.securityfocus.com/data/vulnerabilities/exploits/crazywww.pl

解决方案
采用补丁程序:

qDecoder qDecoder 5.0.2:

You, Jin-Ho <jhyou@chonnam.chonnam.ac.kr> patch qdecoder.diff
http://www.securityfocus.com//sfweb/data/vulnerabilities/patches/qdecoder.diff

qDecoder qDecoder 5.0.1:

You, Jin-Ho <jhyou@chonnam.chonnam.ac.kr> patch qdecoder.diff
http://www.securityfocus.com//sfweb/data/vulnerabilities/patches/qdecoder.diff

qDecoder qDecoder 5.0:

You, Jin-Ho <jhyou@chonnam.chonnam.ac.kr> patch qdecoder.diff
http://www.securityfocus.com//sfweb/data/vulnerabilities/patches/qdecoder.diff

qDecoder qDecoder 4.3.1:

You, Jin-Ho <jhyou@chonnam.chonnam.ac.kr> patch qdecoder.diff
http://www.securityfocus.com//sfweb/data/vulnerabilities/patches/qdecoder.diff

qDecoder qDecoder 4.3:

You, Jin-Ho <jhyou@chonnam.chonnam.ac.kr> patch qdecoder.diff
http://www.securityfocus.com//sfweb/data/vulnerabilities/patches/qdecoder.diff

qDecoder qDecoder 4.0.1:

You, Jin-Ho <jhyou@chonnam.chonnam.ac.kr> patch qdecoder.diff
http://www.securityfocus.com//sfweb/data/vulnerabilities/patches/qdecoder.diff

qDecoder qDecoder 4.0:

You, Jin-Ho <jhyou@chonnam.chonnam.ac.kr> patch qdecoder.diff
http://www.securityfocus.com//sfweb/data/vulnerabilities/patches/qdecoder.diff

相关信息
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved