首页焦点原创安全文摘安全工具安全漏洞焦点项目焦点论坛关于我们

English Version

最近严重漏洞

Microsoft RPC接口远程任意代码可执行漏洞

Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞

Microsoft Windows CreateFile API命名管道权限提升漏洞

Hypermail CGI Mail 反向DNS查询缓冲区溢出漏洞

发布时间：2003-01-27
更新时间：2003-02-11
严重程度：中
威胁程度：普通用户访问权限
错误类型：边界检查错误
利用方式：服务器模式

BUGTRAQ ID：6690
CVE(CAN) ID：CAN-2003-0057

受影响系统

HyperMail HyperMail 2.0 b25
   + Debian Linux 2.2
   + Debian Linux 2.2 68k
   + Debian Linux 2.2 alpha
   + Debian Linux 2.2 arm
   + Debian Linux 2.2 IA-32
   + Debian Linux 2.2 powerpc
   + Debian Linux 2.2 sparc
HyperMail HyperMail 2.1 .0
   - Apache Software Foundation Apache 1.3.20
   - Apache Software Foundation Apache 1.3.22
HyperMail HyperMail 2.1.1
   - Apache Software Foundation Apache 1.3.20
   - Apache Software Foundation Apache 1.3.22
HyperMail HyperMail 2.1.2
   - Apache Software Foundation Apache 1.3.20
   - Apache Software Foundation Apache 1.3.22
HyperMail HyperMail 2.1.3
   - Apache Software Foundation Apache 1.3.20
   - Apache Software Foundation Apache 1.3.22
   + Debian Linux 3.0
   + Debian Linux 3.0 alpha
   + Debian Linux 3.0 arm
   + Debian Linux 3.0 hppa
   + Debian Linux 3.0 ia-32
   + Debian Linux 3.0 ia-64
   + Debian Linux 3.0 m68k
   + Debian Linux 3.0 mips
   + Debian Linux 3.0 mipsel
   + Debian Linux 3.0 ppc
   + Debian Linux 3.0 s/390
   + Debian Linux 3.0 sparc
HyperMail HyperMail 2.1.4
HyperMail HyperMail 2.1.5

详细描述
在HyperMail的反向DNS查询接收响应包的时候，没有进行足够的边界检查，导致存在缓冲区溢出漏洞。恶意的DNS服务器操作员可以利用该漏洞在目标主机上执行代码，攻击者也有可能不控制DNS服务器而通过伪造的恶意响应来利用该漏洞。

测试代码
尚无

解决方案
请安装相应的补丁：

HyperMail HyperMail 2.0 b25:

Debian Upgrade hypermail_2.0b25-1.1_sparc.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_sparc.deb

Debian Upgrade hypermail_2.0b25-1.1_powerpc.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_powerpc.deb

Debian Upgrade hypermail_2.0b25-1.1_m68k.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_m68k.deb

Debian Upgrade hypermail_2.0b25-1.1_i386.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_i386.deb

Debian Upgrade hypermail_2.0b25-1.1_arm.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_arm.deb

Debian Upgrade hypermail_2.0b25-1.1_alpha.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_alpha.deb

HyperMail HyperMail 2.1 .0:

Hypermail Upgrade hypermail-2.1.6.tar.gz
http://prdownloads.sourceforge.net/hypermail/hypermail-2.1.6.tar.gz

HyperMail HyperMail 2.1.1:

Hypermail Upgrade hypermail-2.1.6.tar.gz
http://prdownloads.sourceforge.net/hypermail/hypermail-2.1.6.tar.gz

HyperMail HyperMail 2.1.2:

Hypermail Upgrade hypermail-2.1.6.tar.gz
http://prdownloads.sourceforge.net/hypermail/hypermail-2.1.6.tar.gz

HyperMail HyperMail 2.1.3:

Hypermail Upgrade hypermail-2.1.6.tar.gz
http://prdownloads.sourceforge.net/hypermail/hypermail-2.1.6.tar.gz

Debian Upgrade hypermail_2.1.3-2.0_sparc.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_sparc.deb

Debian Upgrade hypermail_2.1.3-2.0_s390.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_s390.deb

Debian Upgrade hypermail_2.1.3-2.0_powerpc.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_powerpc.deb

Debian Upgrade hypermail_2.1.3-2.0_mipsel.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_mipsel.deb

Debian Upgrade hypermail_2.1.3-2.0_mips.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_mips.deb

Debian Upgrade hypermail_2.1.3-2.0_m68k.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_m68k.deb

Debian Upgrade hypermail_2.1.3-2.0_hppa.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_hppa.deb

Debian Upgrade hypermail_2.1.3-2.0_ia64.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_ia64.deb

Debian Upgrade hypermail_2.1.3-2.0_i386.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_i386.deb

Debian Upgrade hypermail_2.1.3-2.0_arm.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_arm.deb

Debian Upgrade hypermail_2.1.3-2.0_alpha.deb
http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_alpha.deb

HyperMail HyperMail 2.1.4:

Hypermail Upgrade hypermail-2.1.6.tar.gz
http://prdownloads.sourceforge.net/hypermail/hypermail-2.1.6.tar.gz

HyperMail HyperMail 2.1.5:

Hypermail Upgrade hypermail-2.1.6.tar.gz
http://prdownloads.sourceforge.net/hypermail/hypermail-2.1.6.tar.gz

相关信息
相关连接：

DSA 248-1: hypermail(Debian)
http://www.securityfocus.com/advisories/4954

Web page: HyperMail Homepage(HyperMail)
http://www.hypermail.org/