|
|
LibMCrypt 缓冲区溢出漏洞
发布时间:2003-01-03
更新时间:2003-01-14
严重程度:中
威胁程度:权限提升
错误类型:边界检查错误
利用方式:服务器模式
BUGTRAQ ID:6510
CVE(CAN) ID:CAN-2003-0032
受影响系统Mcrypt libmcrypt 2.5 .0
+ Debian Linux 3.0
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 sparc
Mcrypt libmcrypt 2.5.1 -r4
+ Gentoo Linux 1.2
+ Gentoo Linux 1.4 _rc1
Mcrypt libmcrypt 2.5.2
Mcrypt libmcrypt 2.5.3 详细描述
libmcrypt是一个免费的开放资源程序,用来替代UNIX基本的crypt(). 但是在其中的导入和输入检查方面存在缓冲区溢出漏洞,通过传递过长的参数或者恶意的输入给多个函数,都可以造成libmcrypt崩溃。
测试代码
尚无
解决方案
更新到最新版本。
Mcrypt libmcrypt 2.5 .0:
Debian Upgrade libmcrypt4_2.5.0-1woody1_sparc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_sparc.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_sparc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_sparc.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_s390.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_s390.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_s390.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_s390.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_powerpc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_powerpc.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_powerpc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_powerpc.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_mipsel.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_mipsel.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_mipsel.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_mipsel.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_mips.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_mips.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_mips.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_mips.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_m68k.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_m68k.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_m68k.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_m68k.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_hppa.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_hppa.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_hppa.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_hppa.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_ia64.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_ia64.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_ia64.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_ia64.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_i386.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_i386.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_i386.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_i386.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_arm.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_arm.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_arm.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_arm.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_alpha.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_alpha.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_alpha.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_alpha.deb
Mcrypt libmcrypt 2.5.1 -r4:
Mcrypt libmcrypt 2.5.2:
Mcrypt Upgrade libmcrypt 2.5.5
http://mcrypt.hellug.gr/lib/index.html
Mcrypt libmcrypt 2.5.3:
Mcrypt Upgrade libmcrypt 2.5.5
http://mcrypt.hellug.gr/lib/index.html
相关信息
相关连接:
200301-4: libmcrypt(Gentoo)
http://online.securityfocus.com/advisories/4841
|
