|
|
AOLServer Developer API Ns_PdLog()格式字符串漏洞
发布时间:2002-04-17
更新时间:2003-04-04
严重程度:中
威胁程度:普通用户访问权限
错误类型:输入验证错误
利用方式:服务器模式
BUGTRAQ ID:4535
CVE(CAN) ID:CAN-2002-0586
受影响系统AOL AOLserver 3.0
- Apple MacOS X 10.0
- Apple MacOS X 10.0.1
- Apple MacOS X 10.0.2
- Apple MacOS X 10.0.3
- Apple MacOS X 10.0.4
- Apple MacOS X Server 10.0
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1
- Caldera UnixWare 7
- Debian Linux 2.2
- Digital OSF/1 4.0
- FreeBSD FreeBSD 3.3
- HP HP-UX 10.20
- HP HP-UX 11.0
AOL AOLserver 3.2 Win32
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
AOL AOLserver 3.2 UNIX
- HP HP-UX 11.0
- Linux kernel 2.2.14
- RedHat Linux 6.2
- SGI IRIX 6.4
- Sun Solaris 2.6
- Sun Solaris 7.0
AOL AOLserver 3.3 Win32
AOL AOLserver 3.3.1
AOL AOLserver 3.4 Win32
AOL AOLserver 3.4
AOL AOLserver 3.4.2 Win32
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP2
AOL AOLserver 3.4.2
- Apple Mac OS X 10.0.3
- Caldera OpenLinux 2.4
- Caldera OpenLinux Server 3.1
- Caldera OpenLinux Workstation 3.1
- Caldera OpenUnix 8.0
- Caldera UnixWare 7
- Caldera UnixWare 7.1 .0
- Caldera UnixWare 7.1.1
- Debian Linux 2.2 68k
- Debian Linux 2.2 alpha
- Debian Linux 2.2 arm
- Debian Linux 2.2 IA-32
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 sparc
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.3
- HP HP-UX 10.20
- HP HP-UX 11.0
- HP HP-UX 11.11
- MandrakeSoft Linux Mandrake 7.2
- MandrakeSoft Linux Mandrake 8.0
- MandrakeSoft Linux Mandrake 8.1
- OpenBSD OpenBSD 2.6
- OpenBSD OpenBSD 2.7
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 3.0
- RedHat Linux 7.1 alpha
- RedHat Linux 7.1 i386
- RedHat Linux 7.2 alpha
- RedHat Linux 7.2 i386
- S.u.S.E. Linux 7.0 alpha
- S.u.S.E. Linux 7.0 i386
- S.u.S.E. Linux 7.0 ppc
- S.u.S.E. Linux 7.0 sparc
- S.u.S.E. Linux 7.1 alpha
- S.u.S.E. Linux 7.1 ppc
- S.u.S.E. Linux 7.1 sparc
- S.u.S.E. Linux 7.2 i386
- S.u.S.E. Linux 7.3 i386
- S.u.S.E. Linux 7.3 ppc
- S.u.S.E. Linux 7.3 sparc
- SCO eServer 2.3.1
- SGI IRIX 6.5.10
- SGI IRIX 6.5.10 f
- SGI IRIX 6.5.10 m
- SGI IRIX 6.5.11
- SGI IRIX 6.5.11 f
- SGI IRIX 6.5.11 m
- SGI IRIX 6.5.12
- SGI IRIX 6.5.12 f
- SGI IRIX 6.5.12 m
- SGI IRIX 6.5.13
- SGI IRIX 6.5.13 f
- SGI IRIX 6.5.13 m
- SGI IRIX 6.5.14
- Sun Solaris 2.5.1
- Sun Solaris 2.5.1 _x86
- Sun Solaris 2.6
- Sun Solaris 2.6 _x86
- Sun Solaris 7.0
- Sun Solaris 7.0 _x86
- Sun Solaris 8.0
- Sun Solaris 8.0 _x86
AOL AOLserver 4.0 .beta1 详细描述
AOLServer是免费开放源代码的HTTP服务程序。提供TCL解析和动态内容处理。
AOLServer提供的外部数据库驱动代理守护程序存在一个格式字符串漏洞,Ns_PdLog()函数传递外部数据给syslog()函数时对输入缺少正确过滤,提交包含格式字符串的数据可以破坏堆栈内容,存在执行任意代码的可能。
测试代码
尚无
解决方案
补丁下载:
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1
相关信息
参考:http://www.securityfocus.com/archive/1/267939
http://www.securityfocus.com/archive/1/317499
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/aolserver/aolserver/nspd/log.c.diff?r1=1.4&r2=1.4.6.1
相关主页:http://cvs.sourceforge.net/cgi-bin/viewcvs.
|
