John E. Davis MOST 存在缓冲溢出漏洞发布时间:2001-09-25 更新时间:2001-09-25 严重程度:中 威胁程度:权限提升 错误类型:输入验证错误 利用方式:服务器模式 受影响系统 John E. Davis MOST 4.4详细描述 MOST是开放源代码CALL机系统,其存在一个缓冲溢出,由于MOST的TAB扩展中没有很正确的检查两个数组变量的边界,可以造成远程或者本地用户建立文件,当通过MOST查看时,可以在主机上执行任意文件。 测试代码 尚无 解决方案 升级程序: John E. Davis MOST 4.4: John E. Davis MOST 4.5: John E. Davis MOST 4.6: John E. Davis MOST 4.7: John E. Davis MOST 4.9.0: Debian Upgrade 2.2 alpha most_4.9.0-2.1_alpha.deb http://security.debian.org/dists/stable/updates/main/binary-alpha/most_4.9.0-2.1_alpha.deb Debian Upgrade 2.2 arm most_4.9.0-2.1_arm.deb http://security.debian.org/dists/stable/updates/main/binary-arm/most_4.9.0-2.1_arm.deb Debian Upgrade 2.2 i386 most_4.9.0-2.1_i386.deb http://security.debian.org/dists/stable/updates/main/binary-i386/most_4.9.0-2.1_i386.deb Debian Upgrade 2.2 m68k most_4.9.0-2.1_m68k.deb http://security.debian.org/dists/stable/updates/main/binary-m68k/most_4.9.0-2.1_m68k.deb Debian Upgrade 2.2 ppc most_4.9.0-2.1_powerpc.deb http://security.debian.org/dists/stable/updates/main/binary-powerpc/most_4.9.0-2.1_powerpc.deb Debian Upgrade 2.2 sparc most_4.9.0-2.1_sparc.deb http://security.debian.org/dists/stable/updates/main/binary-sparc/most_4.9.0-2.1_sparc.deb John E. Davis MOST 4.9.1: John E. Davis MOST 4.41: 相关信息 |
