Hypermail消息附件缓冲区溢出漏洞发布时间:2003-01-27 更新时间:2003-02-11 严重程度:中 威胁程度:普通用户访问权限 错误类型:边界检查错误 利用方式:服务器模式 BUGTRAQ ID:6689 CVE(CAN) ID:CAN-2003-0057 受影响系统 HyperMail HyperMail 2.0 b25详细描述 在HyperMail处理过长的附件文件名中存在缓冲区溢出漏洞。只有在HyperMail配置为输出详细信息的时候才存在该漏洞,攻击者可以通过发送一个带有过长附件名的邮件来利用该漏洞,并能在HyperMail进程执行代码。 测试代码 尚无 解决方案 请安装相关补丁 HyperMail HyperMail 2.0 b25: Debian Upgrade hypermail_2.0b25-1.1_sparc.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_sparc.deb Debian Upgrade hypermail_2.0b25-1.1_powerpc.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_powerpc.deb Debian Upgrade hypermail_2.0b25-1.1_m68k.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_m68k.deb Debian Upgrade hypermail_2.0b25-1.1_i386.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_i386.deb Debian Upgrade hypermail_2.0b25-1.1_arm.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_arm.deb Debian Upgrade hypermail_2.0b25-1.1_alpha.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_alpha.deb HyperMail HyperMail 2.1 .0: Hypermail Upgrade hypermail-2.1.6.tar.gz http://prdownloads.sourceforge.net/hypermail/hypermail-2.1.6.tar.gz HyperMail HyperMail 2.1.1: Hypermail Upgrade hypermail-2.1.6.tar.gz http://prdownloads.sourceforge.net/hypermail/hypermail-2.1.6.tar.gz HyperMail HyperMail 2.1.2: Hypermail Upgrade hypermail-2.1.6.tar.gz http://prdownloads.sourceforge.net/hypermail/hypermail-2.1.6.tar.gz HyperMail HyperMail 2.1.3: Hypermail Upgrade hypermail-2.1.6.tar.gz http://prdownloads.sourceforge.net/hypermail/hypermail-2.1.6.tar.gz Debian Upgrade hypermail_2.1.3-2.0_sparc.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_sparc.deb Debian Upgrade hypermail_2.1.3-2.0_s390.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_s390.deb Debian Upgrade hypermail_2.1.3-2.0_powerpc.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_powerpc.deb Debian Upgrade hypermail_2.1.3-2.0_mipsel.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_mipsel.deb Debian Upgrade hypermail_2.1.3-2.0_mips.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_mips.deb Debian Upgrade hypermail_2.1.3-2.0_m68k.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_m68k.deb Debian Upgrade hypermail_2.1.3-2.0_hppa.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_hppa.deb Debian Upgrade hypermail_2.1.3-2.0_ia64.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_ia64.deb Debian Upgrade hypermail_2.1.3-2.0_i386.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_i386.deb Debian Upgrade hypermail_2.1.3-2.0_arm.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_arm.deb Debian Upgrade hypermail_2.1.3-2.0_alpha.deb http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_alpha.deb HyperMail HyperMail 2.1.4: Hypermail Upgrade hypermail-2.1.6.tar.gz http://prdownloads.sourceforge.net/hypermail/hypermail-2.1.6.tar.gz HyperMail HyperMail 2.1.5: Hypermail Upgrade hypermail-2.1.6.tar.gz http://prdownloads.sourceforge.net/hypermail/hypermail-2.1.6.tar.gz 相关信息 相关连接: DSA 248-1: hypermail(Debian) http://www.securityfocus.com/advisories/4954 Web page: HyperMail Homepage(HyperMail) http://www.hypermail.org/ |
