Unixware Libcurses存在缓冲溢出漏洞发布时间:2001-06-26 更新时间:2001-06-26 严重程度:高 威胁程度:本地管理员权限 错误类型:输入验证错误 利用方式:服务器模式 受影响系统 SCO Open Server 5.0.6详细描述 curses库是一个基本的系统库,用于处理CRT屏幕处理,常在需要 独立于终端的基于字符的应用程序。 其中Unixware的libcruses的版本存在缓冲溢出,本地用户可以利用 连接这些libcurses库的SETUID 程序来提升权限。 测试代码 尚无 解决方案 临时方法: For rtpm: # chmod g-s /usr/sbin/rtpm For atcronsh: # chmod g-s /usr/lib/sysadm/atcronsh 或者升级程序: SCO Open Server 5.0.6: Caldera hotfix Open Server 5 atcronsh.Z ftp://ftp.sco.com/pub/security/openserver/sr848771/atcronsh.Z Caldera hotfix Open Server 5 libcurses.a.Z ftp://ftp.sco.com/pub/security/openserver/sr848771/libcurses.a.Z SCO Open Server 5.0.5: Caldera hotfix Open Server 5 atcronsh.Z ftp://ftp.sco.com/pub/security/openserver/sr848771/atcronsh.Z Caldera hotfix Open Server 5 libcurses.a.Z ftp://ftp.sco.com/pub/security/openserver/sr848771/libcurses.a.Z SCO Open Server 5.0.4: Caldera hotfix Open Server 5 atcronsh.Z ftp://ftp.sco.com/pub/security/openserver/sr848771/atcronsh.Z Caldera hotfix Open Server 5 libcurses.a.Z ftp://ftp.sco.com/pub/security/openserver/sr848771/libcurses.a.Z SCO Open Server 5.0.3: Caldera hotfix Open Server 5 atcronsh.Z ftp://ftp.sco.com/pub/security/openserver/sr848771/atcronsh.Z Caldera hotfix Open Server 5 libcurses.a.Z ftp://ftp.sco.com/pub/security/openserver/sr848771/libcurses.a.Z SCO Open Server 5.0.2: Caldera hotfix Open Server 5 atcronsh.Z ftp://ftp.sco.com/pub/security/openserver/sr848771/atcronsh.Z Caldera hotfix Open Server 5 libcurses.a.Z ftp://ftp.sco.com/pub/security/openserver/sr848771/libcurses.a.Z SCO Open Server 5.0.1: Caldera hotfix Open Server 5 atcronsh.Z ftp://ftp.sco.com/pub/security/openserver/sr848771/atcronsh.Z Caldera hotfix Open Server 5 libcurses.a.Z ftp://ftp.sco.com/pub/security/openserver/sr848771/libcurses.a.Z SCO Open Server 5.0: Caldera hotfix Open Server 5 atcronsh.Z ftp://ftp.sco.com/pub/security/openserver/sr848771/atcronsh.Z Caldera hotfix Open Server 5 libcurses.a.Z ftp://ftp.sco.com/pub/security/openserver/sr848771/libcurses.a.Z SCO Unixware 7.1.1: Caldera hotfix Unixware 7 rtpm.Z ftp://ftp.sco.com/pub/security/unixware/sr848806/rtpm.Z Caldera hotfix Unixware 7 libcurses.a.Z ftp://ftp.sco.com/pub/security/unixware/sr848806/libcurses.a.Z SCO Unixware 7.1: Caldera hotfix Unixware 7 rtpm.Z ftp://ftp.sco.com/pub/security/unixware/sr848806/rtpm.Z Caldera hotfix Unixware 7 libcurses.a.Z ftp://ftp.sco.com/pub/security/unixware/sr848806/libcurses.a.Z SCO Unixware 7.0.1: Caldera hotfix Unixware 7 rtpm.Z ftp://ftp.sco.com/pub/security/unixware/sr848806/rtpm.Z Caldera hotfix Unixware 7 libcurses.a.Z ftp://ftp.sco.com/pub/security/unixware/sr848806/libcurses.a.Z SCO Unixware 7.0: Caldera hotfix Unixware 7 rtpm.Z ftp://ftp.sco.com/pub/security/unixware/sr848806/rtpm.Z Caldera hotfix Unixware 7 libcurses.a.Z ftp://ftp.sco.com/pub/security/unixware/sr848806/libcurses.a.Z 相关信息 |
