xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

Debian 安全公告:slrn存在远程命令可执行漏洞


发布时间:2001-09-29
更新时间:2001-09-29
严重程度:
威胁程度:权限提升
错误类型:设计错误
利用方式:服务器模式

受影响系统
SLRN Development Team slrn 0.9.6.2
   - Debian Linux 2.2
   - Debian Linux 2.2 68k
   - Debian Linux 2.2 alpha
   - Debian Linux 2.2 arm
   - Debian Linux 2.2 powerpc
   - Debian Linux 2.2 sparc
详细描述
slrn是一款免费获得的NNTP阅读器,Byrial Jensen发现slrn存在安全问题,可以导致任意命令可执行,当下载邮件时会尝试解码两进制代码,这样就可能执行任意SHELL命令。

测试代码
尚无

解决方案
升级程序:

Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

  Source archives:
    http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato2.diff.gz
      MD5 checksum: aba6be7efd5c693d9f5466afedcb08e2
    http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2-9potato2.dsc
      MD5 checksum: 51a80c1465a7fcc4d74151c4bd4470d1
    http://security.debian.org/dists/stable/updates/main/source/slrn_0.9.6.2.orig.tar.gz
      MD5 checksum: 7ce442af03aeafb88a636183955c270e

  Alpha architecture:
    http://security.debian.org/dists/stable/updates/main/binary-alpha/slrn_0.9.6.2-9potato2_alpha.deb
      MD5 checksum: 735e5ce15e7f87ac06a8cdecb1451a9f
    http://security.debian.org/dists/stable/updates/main/binary-alpha/slrnpull_0.9.6.2-9potato2_alpha.deb
      MD5 checksum: 8b22f916ee5044ae6eaebbd658cffcad


  ARM architecture:
    http://security.debian.org/dists/stable/updates/main/binary-arm/slrn_0.9.6.2-9potato2_arm.deb
      MD5 checksum: 0cefa901be37e4b92796afb425369a10
    http://security.debian.org/dists/stable/updates/main/binary-arm/slrnpull_0.9.6.2-9potato2_arm.deb
      MD5 checksum: e68e5882a1d4feec1ba7fc9a737085d3

  Intel IA-32 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-i386/slrn_0.9.6.2-9potato2_i386.deb
      MD5 checksum: fc35e0d868dad315728c5274ee03a41c
    http://security.debian.org/dists/stable/updates/main/binary-i386/slrnpull_0.9.6.2-9potato2_i386.deb
      MD5 checksum: c3693811c8f794dc0b5bab3f581df0e8

  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-m68k/slrn_0.9.6.2-9potato2_m68k.deb
      MD5 checksum: 004a260f84dc2e45ea144b1899947327
    http://security.debian.org/dists/stable/updates/main/binary-m68k/slrnpull_0.9.6.2-9potato2_m68k.deb
      MD5 checksum: 2721c2b2470b7781dd79e5c0e216cf3f

  PowerPC architecture:
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrn_0.9.6.2-9potato2_powerpc.deb
      MD5 checksum: 9bc55c33a225662952854136da4865aa
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/slrnpull_0.9.6.2-9potato2_powerpc.deb
      MD5 checksum: d78f8f3460d4abba54a088e5a07179c5

  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/main/binary-sparc/slrn_0.9.6.2-9potato2_sparc.deb
      MD5 checksum: 37c48f0b104b94d5f74c7b9f76a0485d
    http://security.debian.org/dists/stable/updates/main/binary-sparc/slrnpull_0.9.6.2-9potato2_sparc.deb
      MD5 checksum: df2be8b02b16d7a85142365b42a64956

相关信息
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved