|
|
Netscape Java canConvert()存在缓冲区溢出问题
发布时间:2002-11-26
更新时间:2002-11-26
严重程度:中
威胁程度:远程拒绝服务
错误类型:边界检查错误
利用方式:客户机模式
BUGTRAQ ID:6256
受影响系统Netscape Communicator 4.0
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3
Netscape Communicator 4.5
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3
Netscape Communicator 4.6
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3
Netscape Communicator 4.7
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 4.1
- FreeBSD FreeBSD 4.1.1
- FreeBSD FreeBSD 4.2
- FreeBSD FreeBSD 4.3
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.5
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3
Netscape Communicator 4.51
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3
Netscape Communicator 4.61
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3
Netscape Communicator 4.72
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.0 es
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3
Netscape Communicator 4.73
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.0 es
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3
Netscape Communicator 4.74
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3
Netscape Communicator 4.75
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3
Netscape Communicator 4.76
- Caldera OpenLinux 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3
Netscape Communicator 4.77
- Caldera OpenLinux Desktop 2.3
- Caldera OpenLinux eBuilder 3.0
- Conectiva Linux 3.0
- Conectiva Linux 4.0
- Conectiva Linux 4.1
- Conectiva Linux 4.2
- Conectiva Linux 5.0
- Conectiva Linux 5.1
- MandrakeSoft Linux Mandrake 6.0
- MandrakeSoft Linux Mandrake 6.1
- MandrakeSoft Linux Mandrake 7.0
- MandrakeSoft Linux Mandrake 7.1
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
- RedHat Linux 5.2 alpha
- RedHat Linux 5.2 i386
- RedHat Linux 5.2 sparc
- RedHat Linux 6.0
- RedHat Linux 6.0 alpha
- RedHat Linux 6.0 sparc
- RedHat Linux 6.1 alpha
- RedHat Linux 6.1 i386
- RedHat Linux 6.1 sparc
- RedHat Linux 6.2 alpha
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 sparc
- S.u.S.E. Linux 7.0
- SCO eDesktop 2.4
- SCO eServer 2.3
Netscape Communicator 4.78
- Microsoft Windows 2000 Workstation
- Microsoft Windows 2000 Workstation SP1
- Microsoft Windows 2000 Workstation SP2
- Microsoft Windows 2000 Workstation SP3
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows 98SE
- Microsoft Windows ME
- Microsoft Windows NT 4.0
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP6a
Netscape Communicator 4.79 详细描述
Netscape 4的JAVA实现sun.awt.windows.WDefaultFontCharset.canConvert()方法上存在一个没有完整检查的缓冲区拷贝操作。成功利用这个漏洞可以当用户查看包含恶意APPLET的网页时发生缓冲区溢出,存在执行任意代码可能。
漏洞只存在于Microsoft Windows平台上的NETSCAPE 4。
测试代码
new WDefaultFontCharset(long_string).canConvert('x');
解决方案
尚无
相关信息
Jouko Pynnonen <jouko@solutions.fi>.
参考:http://online.securityfocus.com/archive/1/301220
相关主页:http://home.netscape.com/computing/download/index.html
|
