|
|
LibMCrypt 内存资源泄露漏洞
发布时间:2003-01-03
更新时间:2003-01-14
严重程度:中
威胁程度:本地拒绝服务
错误类型:设计错误
利用方式:服务器模式
BUGTRAQ ID:6512
CVE(CAN) ID:CAN-2003-0032
受影响系统Mcrypt libmcrypt 2.5 .0
+ Debian Linux 3.0
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 sparc
Mcrypt libmcrypt 2.5.1 -r4
+ Gentoo Linux 1.2
+ Gentoo Linux 1.4 _rc1
Mcrypt libmcrypt 2.5.2
Mcrypt libmcrypt 2.5.3 详细描述
libmcrypt是一个免费的开放资源程序,用来替代UNIX基本的crypt(). 当被调用的时候libmcrypt存在内存泄露,没有被系统回收。因此使用libmcrypt的服务可能会因为多个实例同时存在而造成资源消耗。
libmcrypt通过libtool加载算法,当每一次动态加载算法,都会有一小部分内存泄露。在一个多实例环境(如WEB)就可能造成内存消耗。
测试代码
尚无
解决方案
更新到最新版本。
Mcrypt libmcrypt 2.5 .0:
Debian Upgrade libmcrypt4_2.5.0-1woody1_sparc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_sparc.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_sparc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_sparc.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_s390.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_s390.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_s390.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_s390.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_powerpc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_powerpc.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_powerpc.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_powerpc.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_mipsel.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_mipsel.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_mipsel.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_mipsel.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_mips.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_mips.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_mips.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_mips.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_m68k.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_m68k.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_m68k.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_m68k.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_hppa.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_hppa.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_hppa.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_hppa.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_ia64.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_ia64.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_ia64.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_ia64.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_i386.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_i386.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_i386.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_i386.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_arm.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_arm.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_arm.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_arm.deb
Debian Upgrade libmcrypt4_2.5.0-1woody1_alpha.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt4_2.5.0-1woody1_alpha.deb
Debian Upgrade libmcrypt-dev_2.5.0-1woody1_alpha.deb
http://security.debian.org/pool/updates/main/libm/libmcrypt/libmcrypt-dev_2.5.0-1woody1_alpha.deb
Mcrypt libmcrypt 2.5.1 -r4:
Mcrypt libmcrypt 2.5.2:
Mcrypt Upgrade libmcrypt 2.5.5
http://mcrypt.hellug.gr/lib/index.html
Mcrypt libmcrypt 2.5.3:
Mcrypt Upgrade libmcrypt 2.5.5
http://mcrypt.hellug.gr/lib/index.html
相关信息
相关连接:
200301-4: libmcrypt(Gentoo)
http://online.securityfocus.com/advisories/4841
DSA 228-1: libmcrypt(Debian)
http://online.securityfocus.com/advisories/4868
Multiple libmcrypt vulnerabilities
http://online.securityfocus.com/advisorie
|
