xfocus logo xfocus title
首页 焦点原创 安全文摘 安全工具 安全漏洞 焦点项目 焦点论坛 关于我们
English Version
 最近严重漏洞 
Microsoft RPC接口远程任意代码可执行漏洞
Cisco IOS接口不正确处理IPV4包远程拒绝服务漏洞
Microsoft Windows CreateFile API命名管道权限提升漏洞

多个供应商C库realpath() Off-By-One缓冲区溢出漏洞


发布时间:2003-08-01
更新时间:2003-08-07
严重程度:
威胁程度:远程管理员权限
错误类型:边界检查错误
利用方式:服务器模式

BUGTRAQ ID:8315
CVE(CAN) ID:CAN-2003-0466

受影响系统
FreeBSD FreeBSD 4.0 .x
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.1.1 -STABLE
FreeBSD FreeBSD 4.1.1 -RELEASE
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.2 -STABLEpre122300
FreeBSD FreeBSD 4.2 -STABLEpre050201
FreeBSD FreeBSD 4.2 -STABLE
FreeBSD FreeBSD 4.2 -RELEASE
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.3 -STABLE
FreeBSD FreeBSD 4.3 -RELENG
FreeBSD FreeBSD 4.3 -RELEASE
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.4 -STABLE
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
FreeBSD FreeBSD 4.5 -STABLE
FreeBSD FreeBSD 4.5 -RELEASE
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.6 -STABLE
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.6.2
FreeBSD FreeBSD 4.7 -STABLE
FreeBSD FreeBSD 4.7 -RELEASE
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 5.0 alpha
FreeBSD FreeBSD 5.0
NetBSD NetBSD 1.5
NetBSD NetBSD 1.5.1
NetBSD NetBSD 1.5.2
NetBSD NetBSD 1.5.3
NetBSD NetBSD 1.6
NetBSD NetBSD 1.6.1
OpenBSD OpenBSD 2.0
OpenBSD OpenBSD 2.1
OpenBSD OpenBSD 2.2
OpenBSD OpenBSD 2.3
OpenBSD OpenBSD 2.4
OpenBSD OpenBSD 2.5
OpenBSD OpenBSD 2.6
OpenBSD OpenBSD 2.7
OpenBSD OpenBSD 2.8
OpenBSD OpenBSD 2.9
OpenBSD OpenBSD 3.0
OpenBSD OpenBSD 3.1
OpenBSD OpenBSD 3.2
OpenBSD OpenBSD 3.3
RedHat wu-ftpd-2.6.1-16.i386.rpm
   + RedHat Linux 7.1 i386
RedHat wu-ftpd-2.6.1-16.ppc.rpm
   + RedHat Linux 7.1 iseries
   + RedHat Linux 7.1 pseries
RedHat wu-ftpd-2.6.1-18.i386.rpm
   + RedHat Linux 7.2 i386
RedHat wu-ftpd-2.6.1-18.ia64.rpm
   + RedHat Linux 7.2 ia64
RedHat wu-ftpd-2.6.2-5.i386.rpm
   + RedHat Linux 7.3 i386
RedHat wu-ftpd-2.6.2-8.i386.rpm
   + RedHat Linux 8.0 i386
Washington University wu-ftpd 2.5 .0
   + Caldera OpenLinux 2.4
   + Caldera OpenLinux Desktop 2.3
   + RedHat Linux 6.0
   + RedHat Linux 6.0 alpha
   + RedHat Linux 6.0 sparc
   + SCO eDesktop 2.4
   + SCO eServer 2.3
   + SCO eServer 2.3.1
Washington University wu-ftpd 2.6 .0
   + Cobalt Qube 1.0
   + Conectiva Linux 4.0
   + Conectiva Linux 4.0 es
   + Conectiva Linux 4.1
   + Conectiva Linux 4.2
   + Conectiva Linux 5.0
   + Conectiva Linux 5.1
   + Debian Linux 2.2
   + Debian Linux 2.2 68k
   + Debian Linux 2.2 alpha
   + Debian Linux 2.2 arm
   + Debian Linux 2.2 powerpc
   + Debian Linux 2.2 sparc
   - FreeBSD FreeBSD 4.3
   - FreeBSD FreeBSD 4.3 -RELEASE
   - FreeBSD FreeBSD 4.3 -STABLE
   - FreeBSD FreeBSD 4.4
   + HP HP-UX 11.0
   + HP HP-UX 11.11
   + RedHat Linux 5.2 alpha
   + RedHat Linux 5.2 i386
   + RedHat Linux 5.2 sparc
   + RedHat Linux 6.0
   + RedHat Linux 6.0 alpha
   + RedHat Linux 6.0 sparc
   + RedHat Linux 6.1 alpha
   + RedHat Linux 6.1 i386
   + RedHat Linux 6.1 sparc
   + RedHat Linux 6.2 alpha
   + RedHat Linux 6.2 i386
   + RedHat Linux 6.2 sparc
   + S.u.S.E. Linux 6.1
   + S.u.S.E. Linux 6.1 alpha
   + S.u.S.E. Linux 6.2
   + S.u.S.E. Linux 6.3
   + S.u.S.E. Linux 6.3 alpha
   + S.u.S.E. Linux 6.3 ppc
   + S.u.S.E. Linux 6.4
   + S.u.S.E. Linux 6.4 alpha
   + S.u.S.E. Linux 6.4 ppc
   + S.u.S.E. Linux 7.0 alpha
   + S.u.S.E. Linux 7.0 i386
   + S.u.S.E. Linux 7.0 ppc
   + S.u.S.E. Linux 7.0 sparc
   + S.u.S.E. Linux 7.1 alpha
   + S.u.S.E. Linux 7.1 ppc
   + S.u.S.E. Linux 7.1 sparc
   + S.u.S.E. Linux 7.1 x86
   + S.u.S.E. Linux 7.2 i386
   + S.u.S.E. Linux 7.3 i386
   + S.u.S.E. Linux 7.3 ppc
   + S.u.S.E. Linux 7.3 sparc
   + TurboLinux Turbo Linux 4.0
   + Wirex Immunix OS 6.2
Washington University wu-ftpd 2.6.1
   + Caldera OpenLinux 2.3
   + Caldera OpenLinux Server 3.1
   + Cobalt Qube 1.0
   + Conectiva Linux 6.0
   + Conectiva Linux 7.0
   + Conectiva Linux 8.0
   - FreeBSD FreeBSD 4.3
   - FreeBSD FreeBSD 4.3 -RELEASE
   - FreeBSD FreeBSD 4.3 -STABLE
   - FreeBSD FreeBSD 4.4
   - FreeBSD FreeBSD 5.0
   - FreeBSD FreeBSD 5.0 alpha
   + MandrakeSoft Corporate Server 1.0.1
   + MandrakeSoft Linux Mandrake 6.0
   + MandrakeSoft Linux Mandrake 6.1
   + MandrakeSoft Linux Mandrake 7.0
   + MandrakeSoft Linux Mandrake 7.1
   + MandrakeSoft Linux Mandrake 7.2
   + MandrakeSoft Linux Mandrake 8.0
   + MandrakeSoft Linux Mandrake 8.0 ppc
   + MandrakeSoft Linux Mandrake 8.1
   + RedHat Linux 7.0 alpha
   + RedHat Linux 7.0 i386
   + RedHat Linux 7.0 sparc
   + RedHat Linux 7.1 alpha
   + RedHat Linux 7.1 i386
   + RedHat Linux 7.1 i586
   + RedHat Linux 7.1 i686
   + RedHat Linux 7.1 ia64
   + RedHat Linux 7.1 noarch
   + RedHat Linux 7.2 alpha
   + RedHat Linux 7.2 athlon
   + RedHat Linux 7.2 i386
   + RedHat Linux 7.2 i586
   + RedHat Linux 7.2 i686
   + RedHat Linux 7.2 ia64
   + RedHat Linux 7.2 noarch
   - S.u.S.E. Linux 7.0
   - S.u.S.E. Linux 7.0 alpha
   - S.u.S.E. Linux 7.0 ppc
   - S.u.S.E. Linux 7.0 sparc
   - S.u.S.E. Linux 7.1
   - S.u.S.E. Linux 7.1 alpha
   - S.u.S.E. Linux 7.1 ppc
   - S.u.S.E. Linux 7.1 sparc
   - S.u.S.E. Linux 7.1 x86
   - S.u.S.E. Linux 7.2
   - S.u.S.E. Linux 7.3
   + SCO eDesktop 2.4
   + SCO eServer 2.3.1
   + SCO Open Server 5.0
   + SCO Open Server 5.0.1
   + SCO Open Server 5.0.2
   + SCO Open Server 5.0.3
   + SCO Open Server 5.0.4
   + SCO Open Server 5.0.5
   + SCO Open Server 5.0.6
   + SCO Open Server 5.0.6 a
   - Slackware Linux 7.0
   - Slackware Linux 7.1
   - Slackware Linux 8.0
   + TurboLinux TL Workstation 6.1
   + TurboLinux Turbo Linux 6.0
   + TurboLinux Turbo Linux 6.0.1
   + TurboLinux Turbo Linux 6.0.2
   + TurboLinux Turbo Linux 6.0.3
   + TurboLinux Turbo Linux 6.0.4
   + TurboLinux Turbo Linux 6.0.5
   + Wirex Immunix OS 7+
   + Wirex Immunix OS 7.0
   + Wirex Immunix OS 7.0 -Beta
Washington University wu-ftpd 2.6.2
   + Conectiva Linux 9.0
   + Debian Linux 3.0
   + Debian Linux 3.0 alpha
   + Debian Linux 3.0 arm
   + Debian Linux 3.0 hppa
   + Debian Linux 3.0 ia-32
   + Debian Linux 3.0 ia-64
   + Debian Linux 3.0 m68k
   + Debian Linux 3.0 mips
   + Debian Linux 3.0 mipsel
   + Debian Linux 3.0 ppc
   + Debian Linux 3.0 s/390
   + Debian Linux 3.0 sparc
   + MandrakeSoft Linux Mandrake 8.2
   + MandrakeSoft Linux Mandrake 8.2 ppc
详细描述
realpath(3)函数用于从给定的路径名中获得正规的,绝对路径名是否包含``/'',``/./'' 或``/../''字符。

realpath(3)函数在计算解析名路径长度时存在单字节错误,结果如果解析的路径名为1024字节,并包含两个目录分割符,传递给realpath(3)函数时就会被NUL字节覆盖。造成溢出。

FREEBSD的中lukemftpd(8)和sftp-server(8)就存在此漏洞。

目前FREEBSD包含的软件中使用realpath(3)函数的应用程序如下:

BitchX-1.0c19_1
Mowitz-0.2.1_1
XFree86-clients-4.3.0_1
abcache-0.14
aim-1.5.234
analog-5.24,1
anjuta-1.0.1_1
aolserver-3.4.2
argus-2.0.5
arm-rtems-gdb-5.2_1
avr-gdb-5.2.1
ccache-2.1.1
cdparanoia-3.9.8_4
cfengine-1.6.3_4
cfengine2-2.0.3
cmake-1.4.7
comserv-1.4.3
criticalmass-0.97
dedit-0.6.2.3_1
drweb_postfix-4.29.10a
drweb-4.29.2
drweb_sendmail-4.29.10a
edonkey-gui-gtk-0.5.0
enca-0.10.7
epic4-1.0.1_2
evolution-1.2.2_1
exim-3.36_1
exim-4.12_5
exim-ldap-4.12_5
exim-ldap2-4.12_5
exim-mysql-4.12_5
exim-postgresql-4.12_5
fam-2.6.9_2
fastdep-0.15
feh-1.2.4_1
ferite-0.99.6
fileutils-4.1_1
finfo-0.1
firebird-1.0.2
firebird-1.0.r2
frontpage-5.0.2.2623_1
galeon-1.2.8
galeon2-1.3.2_1
gdb-5.3_20030311
gdb-5.2.1_1
gdm2-2.4.1.3
gecc-20021119
gentoo-0.11.34
gkrellmvolume-2.1.7
gltron-0.61
global-4.5.1
gnat-3.15p
gnomelibs-1.4.2_1
gprolog-1.2.16
gracula-3.0
gringotts-1.2.3
gtranslator-0.43_1
gvd-1.2.5
hercules-2.16.5
hte-0.7.0
hugs98-200211
i386-rtems-gdb-5.2_1
i960-rtems-gdb-5.2_1
installwatch-0.5.6
ivtools-1.0.6
ja-epic4-1.0.1_2
ja-gnomelibs-1.4.2_1
ja-msdosfs-20001027
ja-samba-2.2.7a.j1.1_1
kdebase-3.1_1
kdelibs-3.1
kermit-8.0.206
ko-BitchX-1.0c16_3
ko-msdosfs-20001027
leocad-0.73
libfpx-1.2.0.4_1
libgnomeui-2.2.0.1
libpdel-0.3.4
librep-0.16.1_1
linux-beonex-0.8.1
linux-divxplayer-0.2.0
linux-edonkey-gui-gtk-0.2.0.a.2002.02.22
linux-gnomelibs-1.2.8_2
linux-mozilla-1.2
linux-netscape-communicator-4.8
linux-netscape-navigator-4.8
linux-phoenix-0.3
linux_base-6.1_4
linux_base-7.1_2
lsh-1.5.1
lukemftpd-1.1_1
m68k-rtems-gdb-5.2_1
mips-rtems-gdb-5.2_1
mod_php4-4.3.1
moscow_ml-2.00_1
mozilla-1.0.2_1
mozilla-1.2.1_1,2
mozilla-1.2.1_2
mozilla-1.3b,1
mozilla-1.3b
mozilla-embedded-1.0.2_1
mozilla-embedded-1.2.1_1,2
mozilla-embedded-1.3b,1
msyslog-1.08f_1
netraider-0.0.2
openag-1.1.1_1
openssh-portable-3.5p1_1
openssh-3.5
p5-PPerl-0.23
paragui-1.0.2_2
powerpc-rtems-gdb-5.2_1
psim-freebsd-5.2.1
ptypes-1.7.4
pure-ftpd-1.0.14
qiv-1.8
readlink-20010616
reed-5.4
rox-1.3.6_1
rox-session-0.1.18_1
rpl-1.4.0
rpm-3.0.6_6
samba-2.2.8
samba-3.0a20
scrollkeeper-0.3.11_8,1
sh-rtems-gdb-5.2_1
sharity-light-1.2_1
siag-3.4.10
skipstone-0.8.3
sparc-rtems-gdb-5.2_1
squeak-2.7
squeak-3.2
swarm-2.1.1
tcl-8.2.3_2
tcl-8.3.5
tcl-8.4.1,1
tcl-thread-8.1.b1
teTeX-2.0.2_1
wine-2003.02.19
wml-2.0.8
worker-2.7.0
xbubble-0.2
xerces-c2-2.1.0_1
xerces_c-1.7.0
xnview-1.50
xscreensaver-gnome-4.08
xscreensaver-4.08
xworld-2.0
yencode-0.46_1
zh-cle_base-0.9p1
zh-tcl-8.3.0
zh-tw-BitchX-1.0c19_3
zh-ve-1.0
zh-xemacs-20.4_1

测试代码
尚无

解决方案
补丁下载:

NetBSD NetBSD 1.5:

NetBSD Patch SA2003-011-realpath.patch
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.patch

NetBSD NetBSD 1.5.1:

NetBSD Patch SA2003-011-realpath.patch
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.patch

NetBSD NetBSD 1.5.2:

NetBSD Patch SA2003-011-realpath.patch
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.patch

NetBSD NetBSD 1.5.3:

NetBSD Patch SA2003-011-realpath.patch
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.patch

NetBSD NetBSD 1.6:

NetBSD Patch SA2003-011-realpath.patch
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.patch

NetBSD NetBSD 1.6.1:

NetBSD Patch SA2003-011-realpath.patch
ftp://ftp.netbsd.org/pub/NetBSD/security/patches/SA2003-011-realpath.patch

OpenBSD OpenBSD 3.2:

OpenBSD Patch 015_realpath.patch
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.2/common/015_realpath.patch

OpenBSD OpenBSD 3.3:

OpenBSD Patch 001_realpath.patch
ftp://ftp.OpenBSD.org/pub/OpenBSD/patches/3.3/common/001_realpath.patch

RedHat wu-ftpd-2.6.1-16.i386.rpm :

RedHat Upgrade wu-ftpd-2.6.2-11.71.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/wu-ftpd-2.6.2-11.71.1.i386.rpm

RedHat wu-ftpd-2.6.1-18.i386.rpm :

RedHat Upgrade wu-ftpd-2.6.2-11.72.1.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/wu-ftpd-2.6.2-11.72.1.i386.rpm

RedHat wu-ftpd-2.6.2-5.i386.rpm :

RedHat Upgrade wu-ftpd-2.6.2-11.73.1.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/wu-ftpd-2.6.2-11.73.1.i386.rpm

RedHat wu-ftpd-2.6.2-8.i386.rpm :

RedHat Upgrade wu-ftpd-2.6.2-12.i386.rpm
ftp://updates.redhat.com/8.0/en/os/i386/wu-ftpd-2.6.2-12.i386.rpm

RedHat wu-ftpd-2.6.1-18.ia64.rpm :

RedHat Upgrade wu-ftpd-2.6.2-11.72.1.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/wu-ftpd-2.6.2-11.72.1.ia64.rpm

RedHat wu-ftpd-2.6.1-16.ppc.rpm :

RedHat Upgrade wu-ftpd-2.6.2-11.71.1.ppc.rpm
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/wu-ftpd-2.6.2-11.71.1.ppc.rpm

RedHat Upgrade wu-ftpd-2.6.2-11.71.1.ppc.rpm
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/wu-ftpd-2.6.2-11.71.1.ppc.rpm

Washington University wu-ftpd 2.6 .0:

SuSE Upgrade wuftpd-2.6.0-403.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/n2/wuftpd-2.6.0-403.i386.rpm
SuSE-7.3 Intel

SuSE Upgrade wuftpd-2.6.0-403.src.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/wuftpd-2.6.0-403.src.rpm
SuSE-7.3 Intel

SuSE Upgrade wuftpd-2.6.0-403.i386.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/n2/wuftpd-2.6.0-403.i386.rpm
SuSE-7.2 Intel

SuSE Upgrade wuftpd-2.6.0-403.src.rpm
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/wuftpd-2.6.0-403.src.rpm
SuSE-7.2 Intel

SuSE Upgrade wuftpd-2.6.0-260.sparc.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/n2/wuftpd-2.6.0-260.sparc.rpm
SuSE-7.3 Sparc

SuSE Upgrade wuftpd-2.6.0-260.src.rpm
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/wuftpd-2.6.0-260.src.rpm
SuSE-7.3 Sparc

SuSE Upgrade wuftpd-2.6.0-328.ppc.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/n2/wuftpd-2.6.0-328.ppc.rpm
SuSE-7.3 PPC

SuSE Upgrade wuftpd-2.6.0-328.src.rpm
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/wuftpd-2.6.0-328.src.rpm
SuSE-7.3 PPC

Washington University wu-ftpd 2.6.1:

Immunix Patch wu-ftpd-2.6.1-6_imnx_8.i386.rpm
http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/wu-ftpd-2.6.1-6_imnx_8.i386.rpm

Washington University wu-ftpd 2.6.2:

Mandrake Upgrade wu-ftpd-2.6.2-1.1mdk.i586.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2 Directory: 8.2/RPMS/

Mandrake Upgrade wu-ftpd-2.6.2-1.1mdk.src.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2 Directory: 8.2/SRPMS/

Mandrake Upgrade wu-ftpd-2.6.2-1.1mdk.ppc.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2/PPC Directory: ppc/8.2/RPMS/

Mandrake Upgrade wu-ftpd-2.6.2-1.1mdk.src.rpm
http://www.mandrakesecure.net/en/ftp.php
Mandrake Linux 8.2/PPC Directory: ppc/8.2/SRPMS/

相关信息
参考:http://www.securityfocus.com/advisories/5661
http://www.securityfocus.com/advisories/5656
http://www.securityfocus.com/advisories/5666
http://www.securityfocus.com/advisories/5683
http://www.securityfocus.com/advisories/5654
http://www.securityfocus.com/advisories/5652
http://www.securityfocus.com/advisories/5653
http://www.securityfocus.com/archive/1/331295
http://www.securityfocus.com/archive/1/331723
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc
Copyright © 1998-2003 XFOCUS Team. All Rights Reserved