CamlImages JPEG处理远程缓冲区溢出漏洞

发表评论 (0) 查看评论

漏洞起因
边界条件错误
 
影响系统
CamlImages 2.2
 
不受影响系统
 
危害
远程攻击者可以利用漏洞以应用程序权限执行任意指令。
 
攻击所需条件
攻击者必须构建恶意图像文件,诱使用户打开。
 
漏洞信息
CamlImages是一款开放源代码的图像处理库。
CamlImages存在多个整数溢出,可导致可利用的堆溢出,可以应用程序权限执行任意指令。
处理TIFF和JPEG图像文件都存在此漏洞。
 
测试方法
 
厂商解决方案
Debian linux可参考如下升级程序:
Debian Linux 4.0 amd64
Debian libcamlimages-ocaml_2.20-8+etch1_amd64.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_amd64.deb
Debian libcamlimages-ocaml_2.20-8+etch2_amd64.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_amd64.deb
Debian libcamlimages-ocaml_2.20-8+etch3_amd64.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_amd64.deb
Debian Linux 4.0 ia-32
Debian libcamlimages-ocaml_2.20-8+etch1_i386.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_i386.deb
Debian libcamlimages-ocaml_2.20-8+etch2_i386.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_i386.deb
Debian libcamlimages-ocaml_2.20-8+etch3_i386.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_i386.deb
Debian Linux 4.0 arm
Debian libcamlimages-ocaml_2.20-8+etch1_arm.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_arm.deb
Debian libcamlimages-ocaml_2.20-8+etch2_arm.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_arm.deb
Debian libcamlimages-ocaml_2.20-8+etch3_arm.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_arm.deb
Debian Linux 4.0 hppa
Debian libcamlimages-ocaml_2.20-8+etch1_hppa.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_hppa.deb
Debian libcamlimages-ocaml_2.20-8+etch2_hppa.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_hppa.deb
Debian libcamlimages-ocaml_2.20-8+etch3_hppa.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_hppa.deb
Debian Linux 4.0 sparc
Debian libcamlimages-ocaml_2.20-8+etch1_sparc.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_sparc.deb
Debian libcamlimages-ocaml_2.20-8+etch2_sparc.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_sparc.deb
Debian libcamlimages-ocaml_2.20-8+etch3_sparc.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_sparc.deb
Debian Linux 4.0 powerpc
Debian libcamlimages-ocaml_2.20-8+etch1_powerpc.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_powerpc.deb
Debian libcamlimages-ocaml_2.20-8+etch2_powerpc.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_powerpc.deb
Debian libcamlimages-ocaml_2.20-8+etch3_powerpc.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_powerpc.deb
Debian Linux 4.0 alpha
Debian libcamlimages-ocaml_2.20-8+etch1_alpha.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_alpha.deb
Debian libcamlimages-ocaml_2.20-8+etch2_alpha.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_alpha.deb
Debian libcamlimages-ocaml_2.20-8+etch3_alpha.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_alpha.deb
Debian Linux 4.0 mipsel
Debian libcamlimages-ocaml_2.20-8+etch1_mipsel.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_mipsel.deb
Debian libcamlimages-ocaml_2.20-8+etch2_mipsel.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_mipsel.deb
Debian libcamlimages-ocaml_2.20-8+etch3_mipsel.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_mipsel.deb
Debian Linux 4.0 ia-64
Debian libcamlimages-ocaml_2.20-8+etch1_ia64.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_ia64.deb
Debian libcamlimages-ocaml_2.20-8+etch2_ia64.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_ia64.deb
Debian libcamlimages-ocaml_2.20-8+etch3_ia64.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_ia64.deb
Debian Linux 4.0 mips
Debian libcamlimages-ocaml_2.20-8+etch1_mips.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_mips.deb
Debian libcamlimages-ocaml_2.20-8+etch2_mips.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_mips.deb
Debian libcamlimages-ocaml_2.20-8+etch3_mips.deb
http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_mips.deb
 
漏洞提供者
Debian advisory.
  
 
漏洞消息链接
http://www.debian.org/security/2009/dsa-1912

发表评论?

0 条评论。

发表评论