您当前的位置 >> 首页     

利用 Fetchmail 缓冲区溢出漏洞取得系统特权

/ns/ld/unix/data/20010623110225.htm

涉及程序:
Fetchmail

描述:
利用 Fetchmail 缓冲区溢出漏洞取得系统特权

详细:
Fetchmail 是一个 UNIX 工具,能用来从邮件服务器上下载邮件。但是发现它在处理 EMAIL 头信息时,如果 "To:" 域过大,Fetchmail 将会发生存在缓冲区溢出漏洞。而 Fetchmail 是以 root 权限运行,攻击者成功利用此漏洞将能取得系统特权。

受影响系统:
Eric Raymond Fetchmail 5.8.6
Eric Raymond Fetchmail 5.8.5
Eric Raymond Fetchmail 5.8.4
Eric Raymond Fetchmail 5.8.3
Eric Raymond Fetchmail 5.8.2
Eric Raymond Fetchmail 5.8.1
Eric Raymond Fetchmail 5.8
Eric Raymond Fetchmail 5.7.2
Eric Raymond Fetchmail 5.7.1
- Debian Linux 2.3
Eric Raymond Fetchmail 5.7
Eric Raymond Fetchmail 5.6.8
Eric Raymond Fetchmail 5.6.7
Eric Raymond Fetchmail 5.6.6
Eric Raymond Fetchmail 5.6.5
Eric Raymond Fetchmail 5.6.4
Eric Raymond Fetchmail 5.6.3
Eric Raymond Fetchmail 5.6.2
Eric Raymond Fetchmail 5.6.1
Eric Raymond Fetchmail 5.6
Eric Raymond Fetchmail 5.5.6
Eric Raymond Fetchmail 5.5.5
Eric Raymond Fetchmail 5.5.4
Eric Raymond Fetchmail 5.5.3
Eric Raymond Fetchmail 5.5.2
Eric Raymond Fetchmail 5.5.1
Eric Raymond Fetchmail 5.5
- Immunix Immunix OS 7.0beta
- Immunix Immunix OS 7.0
Eric Raymond Fetchmail 5.4.5
Eric Raymond Fetchmail 5.4.4
Eric Raymond Fetchmail 5.4.3
Eric Raymond Fetchmail 5.4.2
Eric Raymond Fetchmail 5.4.1
Eric Raymond Fetchmail 5.4
Eric Raymond Fetchmail 5.3.8
Eric Raymond Fetchmail 5.3.7
Eric Raymond Fetchmail 5.3.6
Eric Raymond Fetchmail 5.3.5
Eric Raymond Fetchmail 5.3.4
Eric Raymond Fetchmail 5.3.3
- Debian Linux 2.2
Eric Raymond Fetchmail 5.3.2
Eric Raymond Fetchmail 5.3.1
- Immunix Immunix OS 6.2
Eric Raymond Fetchmail 5.3

解决方案:
Immunix 和 Debian 发布了下面的补丁:

Eric Raymond Fetchmail 5.7.1:

Debian patch 2.2 fetchmail-5.7.1-2.diff
http://www.securityfocus.com/data/vulnerabilities/patches/fetchmail-5.7.1-2.diff

Eric Raymond Fetchmail 5.5:

Immunix RPM 7.0/7.0-beta fetchmail-5.5.0-4_imnx.i386.rpm
原地下载:http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/fetchmail-5.5.0-4_imnx.i386.rpm
CNNS 下载: http://www.cnns.net/frankie/mirror/download/fetchmail-5.5.0-4_imnx.i386.rpm

Immunix RPM 7.0/7.0-beta fetchmailconf-5.5.0-4_imnx.i386.rpm
原地下载:http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/fetchmailconf-5.5.0-4_imnx.i386.rpm
CNNS 下载: http://www.cnns.net/frankie/mirror/download/fetchmailconf-5.5.0-4_imnx.i386.rpm

Eric Raymond Fetchmail 5.3.3:

Debian upgrade 2.2 alpha fetchmail_5.3.3-1.2_alpha.deb
原地下载:http://security.debian.org/dists/stable/updates/main/binary-alpha/fetchmail_5.3.3-1.2_alpha.deb
CNNS 下载: http://www.cnns.net/frankie/mirror/download/fetchmail_5.3.3-1.2_alpha.deb

Debian upgrade 2.2 arm fetchmail_5.3.3-1.2_arm.deb
原地下载:http://security.debian.org/dists/stable/updates/main/binary-arm/fetchmail_5.3.3-1.2_arm.deb
CNNS 下载: http://www.cnns.net/frankie/mirror/download/fetchmail_5.3.3-1.2_arm.deb

Debian upgrade 2.2 i386 fetchmail_5.3.3-1.2_i386.deb
原地下载:http://security.debian.org/dists/stable/updates/main/binary-i386/fetchmail_5.3.3-1.2_i386.deb
CNNS 下载: http://www.cnns.net/frankie/mirror/download/fetchmail_5.3.3-1.2_i386.deb

Debian upgrade 2.2 m68k fetchmail_5.3.3-1.2_m68k.deb
原地下载:http://security.debian.org/dists/stable/updates/main/binary-m68k/fetchmail_5.3.3-1.2_m68k.deb
CNNS 下载: http://www.cnns.net/frankie/mirror/download/fetchmail_5.3.3-1.2_m68k.deb

Debian upgrade 2.2 ppc fetchmail_5.3.3-1.2_powerpc.deb
原地下载:http://security.debian.org/dists/stable/updates/main/binary-powerpc/fetchmail_5.3.3-1.2_powerpc.deb
CNNS 下载: http://www.cnns.net/frankie/mirror/download/fetchmail_5.3.3-1.2_powerpc.deb

Debian upgrade 2.2 sparc fetchmail_5.3.3-1.2_sparc.deb
原地下载:http://security.debian.org/dists/stable/updates/main/binary-sparc/fetchmail_5.3.3-1.2_sparc.deb
CNNS 下载: http://www.cnns.net/frankie/mirror/download/fetchmail_5.3.3-1.2_sparc.deb

Eric Raymond Fetchmail 5.3.1:

Immunix RPM 6.2 fetchmail-5.3.1-2_StackGuard.i386.rpm
原地下载:http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/fetchmail-5.3.1-2_StackGuard.i386.rpm
CNNS 下载: http://www.cnns.net/frankie/mirror/download/fetchmail-5.3.1-2_StackGuard.i386.rpm

Immunix RPM 6.2 fetchmailconf-5.3.1-2_StackGuard.i386.rpm
原地下载:http://download.immunix.org/ImmunixOS/6.2/updates/RPMS/fetchmailconf-5.3.1-2_StackGuard.i386.rpm
CNNS 下载: http://www.cnns.net/frankie/mirror/download/fetchmailconf-5.3.1-2_StackGuard.i386.rpm

关于我们 | 加入我们 | 网站结构 | 交换连接 | 联系我们

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Network Security Group.
All Rights Reserved.
W3C XHTML 1.0 Strict & CSS 1.2 Valid.