|
|
Man Utility MANPL环境变量缓冲区溢出漏洞
发布时间:2003-09-12
更新时间:2003-09-12
严重程度:高
威胁程度:权限提升
错误类型:边界检查错误
利用方式:服务器模式
BUGTRAQ ID:8602
受影响系统Andries Brouwer man 1.5 m1
Andries Brouwer man 1.5 m
Andries Brouwer man 1.5 l
Andries Brouwer man 1.5 k
+ Conectiva Linux 6.0
+ Conectiva Linux 7.0
+ Conectiva Linux 8.0
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Linux Mandrake 9.0
+ MandrakeSoft Linux Mandrake 9.1
+ MandrakeSoft Linux Mandrake 9.1 ppc
+ RedHat Linux 8.0
+ RedHat Linux 8.0 i386
+ RedHat Linux 8.0 i686
Andries Brouwer man 1.5 j
+ MandrakeSoft Linux Mandrake 8.2
+ MandrakeSoft Linux Mandrake 8.2 ppc
+ MandrakeSoft Multi Network Firewall 8.2
+ RedHat Linux 7.1
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i586
+ RedHat Linux 7.1 i686
+ RedHat Linux 7.2
+ RedHat Linux 7.2 athlon
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 i586
+ RedHat Linux 7.2 i686
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.3
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3 i686
+ Sun Linux 5.0.5
Andries Brouwer man 1.5 i2
Andries Brouwer man 1.5 i
Andries Brouwer man 1.5 h1
+ RedHat Linux 5.2
+ RedHat Linux 6.2
+ RedHat Linux 7.0 详细描述
man工具不正确处理环境变量数据,由于在处理MANPL环境变量时缺少边界检查,可导致本地攻击者以MAN权限执行任意代码。
解决方案
下载使用man 1.5m2:
ftp://ftp.win.tue.nl/pub/linux-local/utils/man
相关信息
参考:http://www.securityfocus.com/archive/1/337136
|
