|
|
Libsafe格式字符串类型未完全实现漏洞
发布时间:2002-03-23
更新时间:2002-03-23
严重程度:中
威胁程度:其它
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:4326
受影响系统Avaya Labs Libsafe 2.0-9
- Debian Linux 2.2 68k
- Debian Linux 2.2 alpha
- Debian Linux 2.2 arm
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 sparc
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Linux Mandrake 8.0 ppc
- MandrakeSoft Linux Mandrake 8.1
- MandrakeSoft Linux Mandrake 8.1 ia64
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 sparc
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 ia64
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 ia64
- Slackware Linux 7.0
- Slackware Linux 7.1
- Slackware Linux 8.0
Avaya Labs Libsafe 2.0-11
- Debian Linux 2.2 68k
- Debian Linux 2.2 alpha
- Debian Linux 2.2 arm
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 sparc
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Linux Mandrake 8.0 ppc
- MandrakeSoft Linux Mandrake 8.1
- MandrakeSoft Linux Mandrake 8.1 ia64
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 sparc
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 ia64
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 ia64
- S.u.S.E. Linux 6.4alpha
- S.u.S.E. Linux 6.4i386
- S.u.S.E. Linux 6.4ppc
- S.u.S.E. Linux 7.0alpha
- S.u.S.E. Linux 7.0i386
- S.u.S.E. Linux 7.0ppc
- S.u.S.E. Linux 7.0sparc
- S.u.S.E. Linux 7.1alpha
- S.u.S.E. Linux 7.1ppc
- S.u.S.E. Linux 7.1sparc
- S.u.S.E. Linux 7.1x86
- S.u.S.E. Linux 7.2i386
- S.u.S.E. Linux 7.3i386
- S.u.S.E. Linux 7.3ppc
- S.u.S.E. Linux 7.3sparc
- Slackware Linux 7.0
- Slackware Linux 7.1
- Slackware Linux 8.0
Avaya Labs Libsafe 2.0-10
- Debian Linux 2.2 68k
- Debian Linux 2.2 alpha
- Debian Linux 2.2 arm
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 sparc
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Linux Mandrake 8.0 ppc
- MandrakeSoft Linux Mandrake 8.1
- MandrakeSoft Linux Mandrake 8.1 ia64
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 sparc
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 ia64
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 ia64
- Slackware Linux 7.0
- Slackware Linux 7.1
- Slackware Linux 8.0 详细描述
Libsafe是免费开放源代码的,设计用来保护缓冲溢出和格式字符串攻击者的程序。由Avaya labs开发维护。
在某些环境下,libsafe程序检查执行可以绕过,这是由于Libsafe对格式类型没有实现检查而导致问题产生,C库中的格式字符串类型"%`n"和"%ln"在Libsafe中没有实现安全检查,可以导致利用这些格式字符串类型来绕过Libsafe对格式字符串攻击的保护。
测试代码
printf("%'n", &target);
printf("%In", &target);
解决方案
下载补丁程序:
Avaya Labs Libsafe 2.0-9:
Avaya Labs Upgrade libsafe-2.0-12.tgz
http://www.research.avayalabs.com/project/libsafe/src/libsafe-2.0-12.tgz
Avaya Labs Libsafe 2.0-11:
Avaya Labs Upgrade libsafe-2.0-12.tgz
http://www.research.avayalabs.com/project/libsafe/src/libsafe-2.0-12.tgz
Avaya Labs Libsafe 2.0-10:
Avaya Labs Upgrade libsafe-2.0-12.tgz
http://www.research.avayalabs.com/project/libsafe/src/libsafe-2.0-12.tgz
相关信息
Wojciech Purczynski <cliph@isec.pl>
参考:http://online.securityfocus.com/archive/1/263121
相关主页:http://www.research.avayalabs.com/project/libsafe/
|
