xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

VNC HTTP服务程序存在拒绝服务攻击漏洞


发布时间:2002-03-25
更新时间:2002-03-25
严重程度:
威胁程度:远程拒绝服务
错误类型:意外情况处置错误
利用方式:服务器模式

BUGTRAQ ID:4345

受影响系统
AT&T VNC 3.3.3R2
   - RedHat Linux 6.2
   - RedHat Linux 6.2 alpha
   - RedHat Linux 6.2 i386
   - RedHat Linux 6.2 sparc
   - RedHat Linux 7.0
   - RedHat Linux 7.0 alpha
   - RedHat Linux 7.0 i386
   - RedHat Linux 7.0 i686
   - RedHat Linux 7.0 sparc
   - RedHat Linux 7.1
   - RedHat Linux 7.1 alpha
   - RedHat Linux 7.1 i386
   - RedHat Linux 7.1 i586
   - RedHat Linux 7.1 i686
   - RedHat Linux 7.1 ia64
   - RedHat Linux 7.2
   - RedHat Linux 7.2 alpha
   - RedHat Linux 7.2 i386
   - RedHat Linux 7.2 i586
   - RedHat Linux 7.2 i686
   - RedHat Linux 7.2 ia64
详细描述
VNC是虚拟网络电脑软件程序,由AT&T免费发行,设计允许有足够权限的用户访问远程桌面。

在Red Hat VNC软件包中存在漏洞,VNC服务器包含一个小型HTTP服务实现。由于ZIB库上的错误实现,可导致HTTP服务程序冻结,拒绝为其他合法用户服务。

目前不清楚是否对其他VNC版本有效。

测试代码
尚无

解决方案
下载补丁程序:
AT&T VNC 3.3.3R2:

Red Hat Upgrade vnc-3.3.3r2-18.4.src.rpm
ftp://updates.redhat.com/7.0/en/os/SRPMS/vnc-3.3.3r2-18.4.src.rpm
Source RPM.

Red Hat Upgrade vnc-3.3.3r2-18.4.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/vnc-3.3.3r2-18.4.alpha.rpm

Red Hat Upgrade vnc-doc-3.3.3r2-18.4.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/vnc-doc-3.3.3r2-18.4.alpha.rpm

Red Hat Upgrade vnc-server-3.3.3r2-18.4.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/vnc-server-3.3.3r2-18.4.alpha.rpm

Red Hat Upgrade vnc-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/vnc-3.3.3r2-18.4.i386.rpm

Red Hat Upgrade vnc-doc-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/vnc-doc-3.3.3r2-18.4.i386.rpm

Red Hat Upgrade vnc-server-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/vnc-server-3.3.3r2-18.4.i386.rpm

Red Hat Upgrade vnc-3.3.3r2-18.4.src.rpm
ftp://updates.redhat.com/7.1/en/os/SRPMS/vnc-3.3.3r2-18.4.src.rpm
Source RPM.

Red Hat Upgrade vnc-3.3.3r2-18.4.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/vnc-3.3.3r2-18.4.alpha.rpm

Red Hat Upgrade vnc-doc-3.3.3r2-18.4.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/vnc-doc-3.3.3r2-18.4.alpha.rpm

Red Hat Upgrade vnc-server-3.3.3r2-18.4.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/vnc-server-3.3.3r2-18.4.alpha.rpm

Red Hat Upgrade vnc-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/vnc-3.3.3r2-18.4.i386.rpm

Red Hat Upgrade vnc-doc-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/vnc-doc-3.3.3r2-18.4.i386.rpm

Red Hat Upgrade vnc-server-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/vnc-server-3.3.3r2-18.4.i386.rpm

Red Hat Upgrade vnc-3.3.3r2-18.4.src.rpm
ftp://updates.redhat.com/7.2/en/os/SRPMS/vnc-3.3.3r2-18.4.src.rpm
Source RPM.

Red Hat Upgrade vnc-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/vnc-3.3.3r2-18.4.i386.rpm

Red Hat Upgrade vnc-doc-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/vnc-doc-3.3.3r2-18.4.i386.rpm

Red Hat Upgrade vnc-server-3.3.3r2-18.4.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/vnc-server-3.3.3r2-18.4.i386.rpm

相关信息
参考:http://online.securityfocus.com/advisories/3989
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved