Ethereal NTLMSSP解析器堆破坏漏洞发布时间:2003-03-07 更新时间:2003-03-10 严重程度:中 威胁程度:远程拒绝服务 错误类型:边界检查错误 利用方式:服务器模式 BUGTRAQ ID:7050 受影响系统 Ethereal Group Ethereal 0.8.18详细描述 Ethereal是网络协议分析程序, NTLMSSP解析器是评估使用NTLM协议的包的机制。 其中在处理畸形NTLMSSP包的时候存在不明漏洞,可导致破破坏。存在执行任意命令可能。 测试代码 尚无 解决方案 补丁下载: Ethereal Group Ethereal 0.8.18: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9 .0: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.1: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.2: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.3: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.4: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.5: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.6: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.7: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.8: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz Ethereal Group Ethereal 0.9.9: Ethereal Group Upgrade ethereal-0.9.10.tar.gz http://www.ethereal.com/distribution/ethereal-0.9.10.tar.gz 相关信息 Ethereal Group 参考:http://www.securityfocus.com/advisories/5076 相关主页:http://www.ethereal.com/appnotes/enpa-sa-00008.html |
