CNNVD-ID编号 | CNNVD-200907-004 |
CVE编号 | CVE-2009-0689 |
发布时间 | 2009-06-26 |
更新时间 | 2009-07-01 |
漏洞类型 | 缓冲区溢出 |
漏洞来源 | Maksymilian Arciemowicz max@jestsuper.pl |
危险等级 | 中危 |
威胁类型 | 远程 |
厂 商 | mozilla |
OpenBSD、NetBSD、FreeBSD都是流行的BSD操作系统,是Unix的衍生系统。 OpenBSD、NetBSD、FreeBSD的dtoa实现中存在数组溢出漏洞。在src/lib/libc/gdtoa/gdtoaimp.h中: - ---gdtoaimp.h--- ... #define Kmax 15 ... - ---gdtoaimp.h--- 最大的Kmax长度为15,如果提供了更大的值(如17),程序就会溢出freelist数组,bss为0x1。 以NetBSD为例: - ---gdtoaimp.h--- ... #define Kmax (sizeof(size_t) << 3) ... - ---gdtoaimp.h--- 程序在misc.c中崩溃: - --- src/lib/libc/gdtoa/misc.c --- if ( (rv = freelist[k]) !=0) { freelist[k] = rv->next; } else { x = 1 << k; #ifdef Omit_Private_Memory rv = (Bigint *)MALLOC(sizeof(Bigint) + (x-1)*sizeof(ULong)); #else len = (sizeof(Bigint) + (x-1)*sizeof(ULong) + sizeof(double) - 1) /sizeof(double); if ((double *)(pmem_next - private_mem + len) <= (double *)PRIVATE_mem) { rv = (Bigint*)(void *)pmem_next; pmem_next += len; } else rv = (Bigint*)MALLOC(len*sizeof(double)); #endif if (rv == NULL) return NULL; rv->k = k; rv->maxwds = x; } - --- src/lib/libc/gdtoa/misc.c --- 这里 rv->k = k; 或 freelist[k] = rv->next;
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Ubuntu Ubuntu Linux 9.10 sparc
Ubuntu kdelibs-data_3.5.10.dfsg.1-2ubuntu7.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5 .10.dfsg.1-2ubuntu7.2_all.deb
Ubuntu kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_sparc.deb
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1- 2ubuntu7.2_sparc.deb
Ubuntu kdelibs_3.5.10.dfsg.1-2ubuntu7.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.d fsg.1-2ubuntu7.2_all.deb
Ubuntu Ubuntu Linux 8.04 LTS powerpc
Ubuntu kdelibs-data_3.5.10-0ubuntu1~hardy1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5 .10-0ubuntu1~hardy1.5_all.deb
Ubuntu kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_powerpc.deb
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu 1~hardy1.5_powerpc.deb
Ubuntu kdelibs_3.5.10-0ubuntu1~hardy1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10-0 ubuntu1~hardy1.5_all.deb
Ubuntu Ubuntu Linux 8.10 powerpc
Ubuntu kdelibs-data_3.5.10-0ubuntu6.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5 .10-0ubuntu6.4_all.deb
Ubuntu kdelibs-dbg_3.5.10-0ubuntu6.4_powerpc.deb
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu 6.4_powerpc.deb
Ubuntu Ubuntu Linux 8.04 LTS sparc
Ubuntu kdelibs-data_3.5.10-0ubuntu1~hardy1.5_all.deb
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5 .10-0ubuntu1~hardy1.5_all.deb
Ubuntu kdelibs-dbg_3.5.10-0ubuntu1~hardy1.5_sparc.deb
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10-0ubuntu 1~hardy1.5_sparc.deb
Ubuntu Ubuntu Linux 8.10 i386
Ubuntu kdelibs-data_3.5.10-0ubuntu6.4_all.deb
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5 .10-0ubuntu6.4_all.deb
Ubuntu kdelibs-dbg_3.5.10-0ubuntu6.4_i386.deb
Ubuntu Ubuntu Linux 9.10 powerpc
Ubuntu kdelibs-data_3.5.10.dfsg.1-2ubuntu7.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs-data_3.5 .10.dfsg.1-2ubuntu7.2_all.deb
Ubuntu kdelibs-dbg_3.5.10.dfsg.1-2ubuntu7.2_powerpc.deb
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs-dbg_3.5.10.dfsg.1- 2ubuntu7.2_powerpc.deb
Ubuntu kdelibs_3.5.10.dfsg.1-2ubuntu7.2_all.deb
http://security.ubuntu.com/ubuntu/pool/main/k/kdelibs/kdelibs_3.5.10.d fsg.1-2ubuntu7.2_all.deb
Ubuntu kdelibs4-dev_3.5.10.dfsg.1-2ubuntu7.2_powerpc.deb
http://ports.ubuntu.com/pool/main/k/kdelibs/kdelibs4-dev_3.5.10.dfsg.1 -2ubuntu7.2_powerpc.deb
MandrakeSoft Linux Mandrake 2008.0 x86_64
Mandriva arts-1.5.10-0.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva free-kde-config-2008.0-29.4mdv2008.0.noarch.rpm
http://www.mandriva.com/en/download/
Mandriva fribidi-0.19.1-0.1mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva htdig-3.2.0-1.12mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva htdig-devel-3.2.0-1.12mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva htdig-web-3.2.0-1.12mdv2008.0.x86_64.rpm
http://www.mandriva.com/en/download/
Mandriva kde-i18n-af-3.5.10-0.1mdv2008.0.noarch.rpm
http://www.mandriva.com/en/download/
Mandriva kde-i18n-ar-3.5.10-0.1mdv2008.0.noarch.rpm
http://www.mandriva.com/en/download/
Mandriva kde-i18n-az-3.5.10-0.1mdv2008.0.noarch.rpm
http://www.mandriva.com/en/download/
Mandriva kde-i18n-be-3.5.10-0.1mdv2008.0.noarch.rpm
http://www.mandriva.com/en/download/
Mandriva kde-i18n-bg-3.5.10-0.1mdv2008.0.noarch.rpm
http://www.mandriva.com/en/download/
Mandriva kde-i18n-bn-3.5.10-0.1mdv2008.0.noarch.rpm
http://www.mandriva.com/en/download/
Mandriva kde-i18n-br-3.5.10-0.1mdv2008.0.noarch.rpm
http://www.mandriva.com/en/download/
Mandriva kde-i18n-bs-3.5.10-0.1mdv2008.0.noarch.rpm
http://www.mandriva.com/en/download/
Mandriva kde-i18n-ca-3.5.10-0.1mdv2008.0.noarch.rpm
http://www.mandriva.com/en/download/
Mandriva kde-i18n-cs-3.5.10-0.1mdv2008.0.noarch.rpm
http://www.mandriva.com/en/download/
Ubuntu Ubuntu Linux 8.04 LTS amd64
Ubuntu kdelibs-data_3.5.10-0ubuntu1~har
来源: BID
名称: 35510
来源: www.openbsd.org
链接:http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gdtoa/misc.c
来源: SECTRACK
名称: 1022478
来源: cvsweb.netbsd.org
链接:http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gdtoa/gdtoaimp.h