|
|
Libsafe参数数字格式字符串检查可绕过漏洞
发布时间:2002-03-23
更新时间:2002-03-23
严重程度:中
威胁程度:其它
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:4327
受影响系统Avaya Labs Libsafe 2.0-9
- Debian Linux 2.2 68k
- Debian Linux 2.2 alpha
- Debian Linux 2.2 arm
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 sparc
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Linux Mandrake 8.0 ppc
- MandrakeSoft Linux Mandrake 8.1
- MandrakeSoft Linux Mandrake 8.1 ia64
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 sparc
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 ia64
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 ia64
- Slackware Linux 7.0
- Slackware Linux 7.1
- Slackware Linux 8.0
Avaya Labs Libsafe 2.0-11
- Debian Linux 2.2 68k
- Debian Linux 2.2 alpha
- Debian Linux 2.2 arm
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 sparc
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Linux Mandrake 8.0 ppc
- MandrakeSoft Linux Mandrake 8.1
- MandrakeSoft Linux Mandrake 8.1 ia64
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 sparc
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 ia64
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 ia64
- S.u.S.E. Linux 6.4alpha
- S.u.S.E. Linux 6.4i386
- S.u.S.E. Linux 6.4ppc
- S.u.S.E. Linux 7.0alpha
- S.u.S.E. Linux 7.0i386
- S.u.S.E. Linux 7.0ppc
- S.u.S.E. Linux 7.0sparc
- S.u.S.E. Linux 7.1alpha
- S.u.S.E. Linux 7.1ppc
- S.u.S.E. Linux 7.1sparc
- S.u.S.E. Linux 7.1x86
- S.u.S.E. Linux 7.2i386
- S.u.S.E. Linux 7.3i386
- S.u.S.E. Linux 7.3ppc
- S.u.S.E. Linux 7.3sparc
- Slackware Linux 7.0
- Slackware Linux 7.1
- Slackware Linux 8.0
Avaya Labs Libsafe 2.0-10
- Debian Linux 2.2 68k
- Debian Linux 2.2 alpha
- Debian Linux 2.2 arm
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 sparc
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Linux Mandrake 8.0 ppc
- MandrakeSoft Linux Mandrake 8.1
- MandrakeSoft Linux Mandrake 8.1 ia64
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 i386
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- RedHat Linux 7.0 alpha
- RedHat Linux 7.0 i386
- RedHat Linux 7.0 sparc
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1 i386
- RedHat Linux 7.1 ia64
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2 i386
- RedHat Linux 7.2 ia64
- Slackware Linux 7.0
- Slackware Linux 7.1
- Slackware Linux 8.0 详细描述
Libsafe是免费开放源代码的,设计用来保护缓冲溢出和格式字符串攻击者的程序。由Avaya labs开发维护。
在某些环境下,由于Libsafe对某些格式字符串类型解析不正确可导致Libsafe的检查保护可绕过。C库中的格式类型"%2$n"没有正确的被Libsafe检查,当此格式类型作为两个参数使用时,第一个参数的格式字符串将被检查,而第二个不检查。
测试代码
printf("%2$n", "unused argument", &target);
解决方案
下载补丁程序:
Avaya Labs Libsafe 2.0-9:
Avaya Labs Upgrade libsafe-2.0-12.tgz
http://www.research.avayalabs.com/project/libsafe/src/libsafe-2.0-12.tgz
Avaya Labs Libsafe 2.0-11:
Avaya Labs Upgrade libsafe-2.0-12.tgz
http://www.research.avayalabs.com/project/libsafe/src/libsafe-2.0-12.tgz
Avaya Labs Libsafe 2.0-10:
Avaya Labs Upgrade libsafe-2.0-12.tgz
http://www.research.avayalabs.com/project/libsafe/src/libsafe-2.0-12.tgz
相关信息
Wojciech Purczynski <cliph@isec.pl>
参考:http://online.securityfocus.com/archive/1/263121
相关主页:http://www.research.avayalabs.com/project/libsafe/
|
