|
 | 作者: hackern [hackern]
 论坛用户 |
登录 |
| FreeBSD eject命令缓冲区溢出漏洞 受影响的系统: FreeBSD FreeBSD 5.0 alpha FreeBSD FreeBSD 5.0 FreeBSD FreeBSD 4.0 FreeBSD FreeBSD 3.0 描述: eject 是命令行工具,用来弹出 CD 盘。eject 程序有几个缓冲区溢出漏洞, 利用这几个漏洞可使本地用户获取 root 权限。 建议: 厂商补丁: 1.eject 程序新版本下载地址: ftp://ftp.FreeBSD. org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/eject-1.4.tgz ftp://ftp.FreeBSD. org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/eject-1.4.tgz ftp://ftp.FreeBSD. org/pub/FreeBSD/ports/alpha/packages-4-stable/sysutils/eject-1.4.tgz ftp://ftp.FreeBSD. org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/eject-1.4.tgz ftp://ftp.FreeBSD. org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/eject-1.4.tgz 注意: 查看发布日期,因为新版的版本号没有变。 2.新版port下载地址: http://www.freebsd.org/ports/ 3.升级port时要使用 portcheckout 工具,如果/usr/ports/devel/目录下没 有 portcheckout,到下面的地址下载: ftp://ftp.FreeBSD. org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0. tgz ftp://ftp.FreeBSD. org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0. tgz ftp://ftp.FreeBSD. org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0. tgz ftp://ftp.FreeBSD. org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0. tgz ftp://ftp.FreeBSD. org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0. tgz |
| 地主 发表时间: 10/05 09:55 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: UNIX系统 标题: 转:FreeBSD eject命令缓冲区溢出漏洞