Novell NetWare HTTP Post任意PERL代码执行漏洞发布时间:2002-08-28 更新时间:2002-08-28 严重程度:高 威胁程度:普通用户访问权限 错误类型:输入验证错误 利用方式:服务器模式 BUGTRAQ ID:5520 受影响系统 Novell Netware 5.1 SP4详细描述 部分Novell NetWare版本存在漏洞,当PERL作为WEB服务器的解析器时对部分HTTP请求存在问题,远程攻击者可以利用这个漏洞执行任意PERL代码。 测试代码 没有具体详细攻击细节。 解决方案 补丁下载: Novell Netware 5.1 SP4: Novell Upgrade perl5002.exe http://support.novell.com/servlet/filedownload/ftf/perl5002.exe/ Free registration is required. Novell Netware 5.1: Novell Upgrade perl5002.exe http://support.novell.com/servlet/filedownload/ftf/perl5002.exe/ Free registration is required. Novell Netware 6.0 SP1: Novell Upgrade perl5002.exe http://support.novell.com/servlet/filedownload/ftf/perl5002.exe/ Free registration is required. Novell Netware 6.0: Novell Upgrade perl5002.exe http://support.novell.com/servlet/filedownload/ftf/perl5002.exe/ Free registration is required. 相关信息 Rain Forrest Puppy <rfp@wiretrip.net>. 参考:http://online.securityfocus.com/advisories/4410 http://support.novell.com/security-alerts/ |
