| CNNVD-ID编号 | CNNVD-200605-346 |
| CVE编号 | CVE-2006-2480 |
| 发布时间 | 2006-05-19 |
| 更新时间 | 2006-08-28 |
| 漏洞类型 | 格式化字符串 |
| 漏洞来源 | Discovery is credited to KaDaL-X. |
| 危险等级 | 中危 |
| 威胁类型 | 远程 |
| 厂 商 | dia |
Dia 0.94存在格式化字符串漏洞。用户协助的攻击者可以通过触发错误或警告来引起拒绝服务(崩溃),比如借助 .bmp文件名中的格式化字符串限定符。注意: 原来的利用方式是通过命令行自变量体现的,但还存在由Dia自动处理的其他输入机制,例如特制的.dia文件。
DIA DIA 0.94 Mandriva dia-0.94-6.4.20060mdk.i586.rpm Mandriva Linux 2006.0: http://www.mandriva.com/en/download Mandriva dia-0.94-6.4.20060mdk.src.rpm Mandriva Linux 2006.0: http://www.mandriva.com/en/download Mandriva dia-0.94-6.4.20060mdk.x86_64.rpm Mandriva Linux 2006.0: http://www.mandriva.com/en/download RedHat dia-0.94-16.fc4.i386.rpm Fedora Core 4 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ RedHat dia-0.94-16.fc4.ppc.rpm Fedora Core 4 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ RedHat dia-0.94-16.fc4.src.rpm Fedora Core 4 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ RedHat dia-0.94-16.fc4.x86_64.rpm Fedora Core 4 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ RedHat dia-debuginfo-0.94-16.fc4.i386.rpm Fedora Core 4 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ RedHat dia-debuginfo-0.94-16.fc4.ppc.rpm Fedora Core 4 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ RedHat dia-debuginfo-0.94-16.fc4.x86_64.rpm Fedora Core 4 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/4/ Ubuntu dia-common_0.94.0-11ubuntu1.2_all.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-11 ubuntu1.2_all.deb Ubuntu dia-common_0.94.0-5ubuntu1.3_all.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-common_0.94.0-5u buntu1.3_all.deb Ubuntu dia-gnome_0.94.0-11ubuntu1.2_amd64.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11u buntu1.2_amd64.deb Ubuntu dia-gnome_0.94.0-11ubuntu1.2_i386.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11u buntu1.2_i386.deb Ubuntu dia-gnome_0.94.0-11ubuntu1.2_powerpc.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-11u buntu1.2_powerpc.deb Ubuntu dia-gnome_0.94.0-5ubuntu1.3_amd64.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ub untu1.3_amd64.deb Ubuntu dia-gnome_0.94.0-5ubuntu1.3_i386.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ub untu1.3_i386.deb Ubuntu dia-gnome_0.94.0-5ubuntu1.3_powerpc.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-gnome_0.94.0-5ub untu1.3_powerpc.deb Ubuntu dia-libs_0.94.0-11ubuntu1.2_amd64.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ub untu1.2_amd64.deb Ubuntu dia-libs_0.94.0-11ubuntu1.2_i386.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ub untu1.2_i386.deb Ubuntu dia-libs_0.94.0-11ubuntu1.2_powerpc.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-11ub untu1.2_powerpc.deb Ubuntu dia-libs_0.94.0-5ubuntu1.3_amd64.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubu ntu1.3_amd64.deb Ubuntu dia-libs_0.94.0-5ubuntu1.3_i386.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubu ntu1.3_i386.deb Ubuntu dia-libs_0.94.0-5ubuntu1.3_powerpc.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/main/d/dia/dia-libs_0.94.0-5ubu ntu1.3_powerpc.deb Ubuntu dia_0.94.0-11ubuntu1.2_amd64.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubu ntu1.2_amd64.deb Ubuntu dia_0.94.0-11ubuntu1.2_i386.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubu ntu1.2_i386.deb Ubuntu dia_0.94.0-11ubuntu1.2_powerpc.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-11ubu ntu1.2_powerpc.deb Ubuntu dia_0.94.0-5ubuntu1.3_amd64.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubun tu1.3_amd64.deb Ubuntu dia_0.94.0-5ubuntu1.3_i386.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubun tu1.3_i386.deb Ubuntu dia_0.94.0-5ubuntu1.3_powerpc.deb Ubuntu 5.04: http://security.ubuntu.com/ubuntu/pool/universe/d/dia/dia_0.94.0-5ubun tu1.3_powerpc.deb DIA DIA 0.92.2 Mandriva dia-0.92.2-2.3.C30mdk.i586.rpm Corporate 3.0: http://www.mandriva.com/en/download Mandriva dia-0.92.2-2.3.C30mdk.src.rpm Corporate 3.0: http://www.mandriva.com/en/download Mandriva dia-0.92.2-2.3.C30mdk.x86_64.rpm Corporate 3.0: http://www.mandriva.com/en/download
来源: VUPEN
名称: ADV-2006-1908
来源: SECUNIA
名称: 20254
来源: UBUNTU
名称: USN-286-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-286-1
来源: BID
名称: 18078
来源: VULN-DEV
名称: 20060506 DIA file name handling format string
链接:http://www.securityfocus.com/archive/82/433313/30/0/threaded
来源: REDHAT
名称: RHSA-2006:0541
来源: OSVDB
名称: 25699
来源: SUSE
名称: SUSE-SR:2006:012
链接:http://www.novell.com/linux/security/advisories/2006-06-02.html
来源: GENTOO
名称: GLSA-200606-03
链接:http://www.gentoo.org/security/en/glsa/glsa-200606-03.xml
来源: SECTRACK
名称: 1016203
来源: SECUNIA
名称: 20513
来源: SECUNIA
名称: 20457
来源: SECUNIA
名称: 20422
来源: SECUNIA
名称: 20339
来源: SECUNIA
名称: 20199
来源: MISC
来源: MANDRIVA
名称: MDKSA-2006:093
链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:093
来源: bugzilla.gnome.org