Brian Wotring Osiris Logging.C格式化字符串拒绝服务攻击漏洞

CNNVD-ID编号	CNNVD-200607-511
CVE编号	CVE-2006-3120
发布时间	2006-07-31
更新时间	2006-08-01
漏洞类型	格式化字符串
漏洞来源	Ulf Warhammer and Max Vozeler are credited with the discovery of this vulnerability.
危险等级	高危
威胁类型	远程
厂商	brian_wotring

漏洞介绍

Brian Wotring Osiris 4.2.1之前版本存在格式化字符串漏洞。远程攻击者可以借助与日志功能有关的未明攻击向量，引起拒绝服务(应用程序崩溃)。

漏洞补丁

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：

Shmoo Osiris 4.0.6

Debian osiris_4.0.6-1sarge1_alpha.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sa rge1_alpha.deb

Debian osiris_4.0.6-1sarge1_amd64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sa rge1_amd64.deb

Debian osiris_4.0.6-1sarge1_arm.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sa rge1_arm.deb

Debian osiris_4.0.6-1sarge1_hppa.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sa rge1_hppa.deb

Debian osiris_4.0.6-1sarge1_i386.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sa rge1_i386.deb

Debian osiris_4.0.6-1sarge1_ia64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sa rge1_ia64.deb

Debian osiris_4.0.6-1sarge1_m68k.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sa rge1_m68k.deb

Debian osiris_4.0.6-1sarge1_mips.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sa rge1_mips.deb

Debian osiris_4.0.6-1sarge1_mipsel.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sa rge1_mipsel.deb

Debian osiris_4.0.6-1sarge1_powerpc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sa rge1_powerpc.deb

Debian osiris_4.0.6-1sarge1_s390.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sa rge1_s390.deb

Debian osiris_4.0.6-1sarge1_sparc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osiris_4.0.6-1sa rge1_sparc.deb

Debian osirisd_4.0.6-1sarge1_alpha.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1s arge1_alpha.deb

Debian osirisd_4.0.6-1sarge1_amd64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1s arge1_amd64.deb

Debian osirisd_4.0.6-1sarge1_arm.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1s arge1_arm.deb

Debian osirisd_4.0.6-1sarge1_hppa.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1s arge1_hppa.deb

Debian osirisd_4.0.6-1sarge1_i386.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1s arge1_i386.deb

Debian osirisd_4.0.6-1sarge1_ia64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1s arge1_ia64.deb

Debian osirisd_4.0.6-1sarge1_m68k.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1s arge1_m68k.deb

Debian osirisd_4.0.6-1sarge1_mips.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1s arge1_mips.deb

Debian osirisd_4.0.6-1sarge1_mipsel.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1s arge1_mipsel.deb

Debian osirisd_4.0.6-1sarge1_powerpc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1s arge1_powerpc.deb

Debian osirisd_4.0.6-1sarge1_sparc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osirisd_4.0.6-1s arge1_sparc.deb

Debian osirismd_4.0.6-1sarge1_alpha.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1 sarge1_alpha.deb

Debian osirismd_4.0.6-1sarge1_amd64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/o/osiris/osirismd_4.0.6-1 s

参考网址

来源: DEBIAN

名称: DSA-1129

链接：http://www.debian.org/security/2006/dsa-1129
来源: MISC

链接：http://osiris.shmoo.com/download.html
来源: osiris.shmoo.com

链接：http://osiris.shmoo.com/ChangeLog
来源: BID

名称: 19213

链接：http://www.securityfocus.com/bid/19213
来源: OSVDB

名称: 27645

链接：http://www.osvdb.org/27645
来源: VUPEN

名称: ADV-2006-3072

链接：http://www.frsirt.com/english/advisories/2006/3072
来源: SECUNIA

名称: 21265

链接：http://secunia.com/advisories/21265

受影响实体

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-511

行业资讯-文章归档问答-问答归档