|
|
NetWin WebNEWS 存在远程缓冲溢出漏洞
发布时间:2002-02-22
更新时间:2002-02-22
严重程度:高
威胁程度:普通用户访问权限
错误类型:边界检查错误
利用方式:服务器模式
BUGTRAQ ID:4124
受影响系统NetWin WebNEWS 1.1j
NetWin WebNEWS 1.1i
NetWin WebNEWS 1.1h 详细描述
WebNEWS 是设计通过WEB接口来访问新闻组的程序,可以连接任何标准NNTP服务器,
适用于多种系统平台。
其中某些版本存在一个漏洞,通过提交超过1500字符作为组参数的请求,可以导致缓冲溢出,覆盖堆栈内容,最后以WEB用户的权利执行任意代码。
测试代码
尚无
解决方案
下载使用如下升级程序:
NetWin WebNEWS 1.1j:
NetWin Upgrade webnews11k.exe
ftp://ftp.netwinsite.com/pub/webnews/webnews11k.exe
NetWin Upgrade webnews11k_bsdi4.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_bsdi4.tar.Z
NetWin Upgrade webnews11k_freebsd.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_freebsd.tar.Z
NetWin Upgrade webnews11k_freebsd3.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_freebsd3.tar.Z
NetWin Upgrade webnews11k_freebsd4.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_freebsd4.tar.Z
NetWin Upgrade webnews11k_linux.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_linux.tar.Z
NetWin Upgrade webnews11k_linuxlibc6.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_linuxlibc6.tar.Z
NetWin Upgrade webnews11k_osf.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_osf.tar.Z
NetWin Upgrade webnews11k_solaris.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_solaris.tar.Z
NetWin Upgrade webnews11k_solarisx86.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_solarisx86.tar.Z
NetWin WebNEWS 1.1i:
NetWin Upgrade webnews11k.exe
ftp://ftp.netwinsite.com/pub/webnews/webnews11k.exe
NetWin Upgrade webnews11k_bsdi4.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_bsdi4.tar.Z
NetWin Upgrade webnews11k_freebsd.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_freebsd.tar.Z
NetWin Upgrade webnews11k_freebsd3.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_freebsd3.tar.Z
NetWin Upgrade webnews11k_freebsd4.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_freebsd4.tar.Z
NetWin Upgrade webnews11k_linux.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_linux.tar.Z
NetWin Upgrade webnews11k_linuxlibc6.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_linuxlibc6.tar.Z
NetWin Upgrade webnews11k_osf.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_osf.tar.Z
NetWin Upgrade webnews11k_solaris.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_solaris.tar.Z
NetWin Upgrade webnews11k_solarisx86.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_solarisx86.tar.Z
NetWin WebNEWS 1.1h:
NetWin Upgrade webnews11k.exe
ftp://ftp.netwinsite.com/pub/webnews/webnews11k.exe
NetWin Upgrade webnews11k_bsdi4.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_bsdi4.tar.Z
NetWin Upgrade webnews11k_freebsd.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_freebsd.tar.Z
NetWin Upgrade webnews11k_freebsd3.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_freebsd3.tar.Z
NetWin Upgrade webnews11k_freebsd4.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_freebsd4.tar.Z
NetWin Upgrade webnews11k_linux.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_linux.tar.Z
NetWin Upgrade webnews11k_linuxlibc6.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_linuxlibc6.tar.Z
NetWin Upgrade webnews11k_osf.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_osf.tar.Z
NetWin Upgrade webnews11k_solaris.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_solaris.tar.Z
NetWin Upgrade webnews11k_solarisx86.tar.Z
ftp://ftp.netwinsite.com/pub/webnews/webnews11k_solarisx86.tar.Z
相关信息
Mark Litchfield (mark@ngssoftware.com).
参考:http://online.securityfocus.com/advisories/3883
相关主页:http://netwinsite.com/webnews/index.htm
http://netwinsite.com/webnews/updates.htm
|
