CNNVD-ID编号 | CNNVD-200704-247 |
CVE编号 | CVE-2007-2027 |
发布时间 | 2007-04-13 |
更新时间 | 2007-08-02 |
漏洞类型 | 格式化字符串 |
漏洞来源 | Arnaud Giersch is credited with discovery of this vulnerability. |
危险等级 | 中危 |
威胁类型 | 本地 |
厂 商 | elinks |
Elinks的intl/gettext/loadmsgcat.c中的add_filename_to_string函数存在未信任搜索路径漏洞。本地用户可以通过造成Elinks使用\"../po\"\"目录中的不可信的gettext通讯录,执行格式化字符串攻击。
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
ELinks ELinks 0.10.6
Ubuntu elinks-lite_0.10.6-1ubuntu3.1_amd64.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.10.6-1ubuntu3.1_amd64.deb
Ubuntu elinks-lite_0.10.6-1ubuntu3.1_i386.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.10.6-1ubuntu3.1_i386.deb
Ubuntu elinks-lite_0.10.6-1ubuntu3.1_powerpc.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.10.6-1ubuntu3.1_powerpc.deb
Ubuntu elinks-lite_0.10.6-1ubuntu3.1_sparc.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.10.6-1ubuntu3.1_sparc.deb
Ubuntu elinks-lite_0.11.1-1ubuntu2.1_amd64.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1ubuntu2.1_amd64.deb
Ubuntu elinks-lite_0.11.1-1ubuntu2.1_i386.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1ubuntu2.1_i386.deb
Ubuntu elinks_0.10.6-1ubuntu3.1_amd64.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ub
untu3.1_amd64.deb
Ubuntu elinks_0.10.6-1ubuntu3.1_i386.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ub
untu3.1_i386.deb
Ubuntu elinks_0.10.6-1ubuntu3.1_powerpc.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ub
untu3.1_powerpc.deb
Ubuntu elinks_0.10.6-1ubuntu3.1_sparc.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.10.6-1ub
untu3.1_sparc.deb
Ubuntu elinks_0.11.1-1ubuntu2.1_amd64.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ub
untu2.1_amd64.deb
ELinks ELinks 0.11.1
Ubuntu elinks-lite_0.11.1-1.2ubuntu2.1_amd64.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1.2ubuntu2.1_amd64.deb
Ubuntu elinks-lite_0.11.1-1.2ubuntu2.1_i386.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1.2ubuntu2.1_i386.deb
Ubuntu elinks-lite_0.11.1-1.2ubuntu2.1_powerpc.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1.2ubuntu2.1_powerpc.deb
Ubuntu elinks-lite_0.11.1-1.2ubuntu2.1_sparc.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1.2ubuntu2.1_sparc.deb
Ubuntu elinks-lite_0.11.1-1ubuntu2.1_amd64.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1ubuntu2.1_amd64.deb
Ubuntu elinks-lite_0.11.1-1ubuntu2.1_i386.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1ubuntu2.1_i386.deb
Ubuntu elinks-lite_0.11.1-1ubuntu2.1_powerpc.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1ubuntu2.1_powerpc.deb
Ubuntu elinks-lite_0.11.1-1ubuntu2.1_sparc.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/universe/e/elinks/elinks-lite_0
.11.1-1ubuntu2.1_sparc.deb
Ubuntu elinks_0.11.1-1.2ubuntu2.1_amd64.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2
ubuntu2.1_amd64.deb
Ubuntu elinks_0.11.1-1.2ubuntu2.1_i386.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2
ubuntu2.1_i386.deb
Ubuntu elinks_0.11.1-1.2ubuntu2.1_powerpc.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2
ubuntu2.1_powerpc.deb
Ubuntu elinks_0.11.1-1.2ubuntu2.1_sparc.debUbuntu 7.04:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1.2
ubuntu2.1_sparc.deb
Ubuntu elinks_0.11.1-1ubuntu2.1_amd64.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ub
untu2.1_amd64.deb
Ubuntu elinks_0.11.1-1ubuntu2.1_i386.debUbuntu 6.06 LTS:
http://security.ubuntu.com/ubuntu/pool/main/e/elinks/elinks_0.11.1-1ub
untu2.1_i386.deb
Ubuntu elinks_0.11.1-1ubuntu2.1_powerpc.debUbuntu 6.06 LTS:
http://s
来源: VUPEN
名称: ADV-2007-1686
来源: bugzilla.redhat.com
链接:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=235411
来源: UBUNTU
名称: USN-457-1
来源: BID
名称: 23844
来源: GENTOO
名称: GLSA-200706-03
来源: SECUNIA
名称: 25550
来源: SECUNIA
名称: 25255
来源: SECUNIA
名称: 25198
来源: SECUNIA
名称: 25169
来源: OSVDB
名称: 35668