首页>大家谈>技术>CDE LibDTHelp DTHelpUserSearch...
回复
« 返回列表
0000
0000
作家
作家
  • 铜币143枚
  • 威望34点
  • 贡献值1点
写私信
阅读:462回复:0

CDE LibDTHelp DTHelpUserSearchPath本地缓冲区溢出漏洞

楼主#
更多 发布于:2005-08-16 23:06
CDE LibDTHelp DTHelpUserSearchPath本地缓冲区溢出漏洞

发布时间:2003-11-04
更新时间:2003-11-04
严重程度:高
威胁程度:本地管理员权限
错误类型:边界检查错误
利用方式:服务器模式

BUGTRAQ ID:8973
CVE(CAN) ID:CAN-2003-0834

受影响系统

    Compaq Tru64 4.0 g PK4 (BL22)
    Compaq Tru64 4.0 g PK3 (BL17)
    Compaq Tru64 4.0 g
    Compaq Tru64 4.0 f PK8 (BL22)
    Compaq Tru64 4.0 f PK7 (BL18)
    Compaq Tru64 4.0 f PK6 (BL17)
    Compaq Tru64 4.0 f
    Compaq Tru64 5.0 f
    Compaq Tru64 5.0 a PK3 (BL17)
    Compaq Tru64 5.0 a
    Compaq Tru64 5.0 PK4 (BL18)
    Compaq Tru64 5.0 PK4 (BL17)
    Compaq Tru64 5.0
    Compaq Tru64 5.1 PK6 (BL20)
    Compaq Tru64 5.1 PK5 (BL19)
    Compaq Tru64 5.1 PK4 (BL18)
    Compaq Tru64 5.1 PK3 (BL17)
    Compaq Tru64 5.1
    HP HP-UX 11.0
    HP HP-UX 11.11
    HP HP-UX 11.22
    HP HP-UX 11.23
    SCO Open UNIX 8.0
    SCO Unixware 7.1.1
    SCO Unixware 7.1.3
    Sun Solaris 7.0 _x86
    Sun Solaris 7.0
    Sun Solaris 8.0 _x86
    Sun Solaris 8.0
    Sun Solaris 9.0 _x86
    Sun Solaris 9.0

详细描述
CDE libDtHelp是CDE显示帮助内容的程序,在处理DTHelpUserSearchPath变量时存在问题,可导致权限提升。

解决方案
补丁下载:

Compaq Tru64 5.1 PK6 (BL20):

HP Patch T64KIT0020835-V51B20-ES-20031124
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020835-V51B20-ES-20031124
Patch requires PK6 (BL20)

Compaq Tru64 5.1 PK5 (BL19):

HP Patch T64KIT0020835-V51B20-ES-20031124
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020835-V51B20-ES-20031124
Patch requires PK6 (BL20)

Compaq Tru64 5.1 PK4 (BL18):

HP Patch T64KIT0020835-V51B20-ES-20031124
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020835-V51B20-ES-20031124
Patch requires PK6 (BL20)

Compaq Tru64 5.1 PK3 (BL17):

HP Patch T64KIT0020835-V51B20-ES-20031124
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020835-V51B20-ES-20031124
Patch requires PK6 (BL20)

Compaq Tru64 5.1:

HP Patch T64KIT0020835-V51B20-ES-20031124
http://www.itrc.hp.com/service/patch/patchDetail.do?patchid=T64KIT0020835-V51B20-ES-20031124
Patch requires PK6 (BL20)

HP HP-UX 11.0:

HP Patch PHSS_30010
ftp://ftp.itrc.hp.com/hp-ux_patches/s700_800/11.X/PHSS_30010

HP HP-UX 11.11:

HP Patch PHSS_30011
ftp://ftp.itrc.hp.com/hp-ux_patches/s700_800/11.X/PHSS_30011

HP HP-UX 11.22:

HP Patch PHSS_30012
http://itrc.hp.com

HP HP-UX 11.23:

HP Patch PHSS_30013
http://itrc.hp.com

SCO Unixware 7.1.1:

SCO Patch erg712445.pkg.Z
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.31

SCO Unixware 7.1.3:

SCO Patch erg712445.pkg.Z
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.31

SCO Open UNIX 8.0:

SCO Patch erg712445.pkg.Z
ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.31

Sun Solaris 7.0 _x86:

Sun Patch T107179-03
http://sunsolve.sun.com

Sun Solaris 7.0:

Sun Patch T107178-03
http://sunsolve.sun.com

Sun Solaris 8.0 _x86:

Sun Patch T108950-08
http://sunsolve.sun.com

Sun Solaris 8.0:

Sun Patch T108949-08
http://sunsolve.sun.com

Sun Solaris 9.0 _x86:

Sun Patch T116309-01
http://sunsolve.sun.com

Sun Solaris 9.0:

Sun Patch T116308-01
http://sunsolve.sun.com

相关信息
参考:http://www.securityfocus.com/advisories/6022
http://www.securityfocus.com/advisories/6070
http://www.securityfocus.com/advisories/6133
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57414
喜欢0
.--. |o_o | |:_/ | // \ \ (| | ) /'\_ _/`\ \___)=(___/
回复
游客

Powered by phpwind v9.0 ©2003-2103 phpwind.com

返回顶部