IRCD-Hybrid和ircd-ratbox ‘LINKS’命令远程整数下溢漏洞

漏洞起因
边界条件错误
危险等级

 
影响系统
ircd-ratbox ircd-ratbox 2.2.8
ircd-ratbox ircd-ratbox 2.2.6
ircd-ratbox ircd-ratbox 2.2.5
ircd-ratbox ircd-ratbox 2.0 rc7
ircd-ratbox ircd-ratbox 2.0 rc6
IRCD-Hybrid ircd-hybrid 7.2.2
IRCD-Hybrid ircd-hybrid 7.1 devel
IRCD-Hybrid ircd-hybrid 7.0.1
 
不受影响系统
 
危害
远程攻击者可以利用漏洞使服务程序崩溃。
 
攻击所需条件
攻击者必须访问ircd-ratbox和IRCD-Hybrid。
 
漏洞信息
ircd-ratbox和IRCD-Hybrid是功能强大的IRCD服务程序。
通过特殊构建的LINKS命令可触发一个整数下溢,远程攻击者可以利用漏洞使服务程序崩溃或执行任意代码。
目前没有详细漏洞细节提供。
 
测试方法
 
厂商解决方案
Debian Linux用户可参考如下升级程序:
Debian Linux 5.0 hppa
Debian hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_ 7.2.2.dfsg.2-4+lenny1_all.deb
Debian ircd-hybrid_7.2.2.dfsg.2-4+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid _7.2.2.dfsg.2-4+lenny1_hppa.deb
Debian ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox -dbg_2.2.8.dfsg-2+lenny1_hppa.deb
Debian ircd-ratbox_2.2.8.dfsg-2+lenny1_hppa.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox _2.2.8.dfsg-2+lenny1_hppa.deb
Debian Linux 5.0 ia-64
Debian hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_ 7.2.2.dfsg.2-4+lenny1_all.deb
Debian ircd-hybrid_7.2.2.dfsg.2-4+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid _7.2.2.dfsg.2-4+lenny1_ia64.deb
Debian ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox -dbg_2.2.8.dfsg-2+lenny1_ia64.deb
Debian ircd-ratbox_2.2.8.dfsg-2+lenny1_ia64.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox _2.2.8.dfsg-2+lenny1_ia64.deb
Debian Linux 5.0 m68k
Debian hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_ 7.2.2.dfsg.2-4+lenny1_all.deb
Debian Linux 5.0 arm
Debian hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_ 7.2.2.dfsg.2-4+lenny1_all.deb
Debian ircd-hybrid_7.2.2.dfsg.2-4+lenny1_arm.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid _7.2.2.dfsg.2-4+lenny1_arm.deb
Debian Linux 5.0 armel
Debian hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_ 7.2.2.dfsg.2-4+lenny1_all.deb
Debian ircd-hybrid_7.2.2.dfsg.2-4+lenny1_armel.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid _7.2.2.dfsg.2-4+lenny1_armel.deb
Debian ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_armel.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox -dbg_2.2.8.dfsg-2+lenny1_armel.deb
Debian ircd-ratbox_2.2.8.dfsg-2+lenny1_armel.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox _2.2.8.dfsg-2+lenny1_armel.deb
Debian Linux 5.0
Debian hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_ 7.2.2.dfsg.2-4+lenny1_all.deb
Debian Linux 5.0 alpha
Debian hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_ 7.2.2.dfsg.2-4+lenny1_all.deb
Debian ircd-hybrid_7.2.2.dfsg.2-4+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid _7.2.2.dfsg.2-4+lenny1_alpha.deb
Debian ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox -dbg_2.2.8.dfsg-2+lenny1_alpha.deb
Debian ircd-ratbox_2.2.8.dfsg-2+lenny1_alpha.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox _2.2.8.dfsg-2+lenny1_alpha.deb
Debian Linux 5.0 amd64
Debian hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_ 7.2.2.dfsg.2-4+lenny1_all.deb
Debian ircd-hybrid_7.2.2.dfsg.2-4+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid _7.2.2.dfsg.2-4+lenny1_amd64.deb
Debian ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox -dbg_2.2.8.dfsg-2+lenny1_amd64.deb
Debian ircd-ratbox_2.2.8.dfsg-2+lenny1_amd64.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox _2.2.8.dfsg-2+lenny1_amd64.deb
Debian Linux 5.0 ia-32
Debian hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_ 7.2.2.dfsg.2-4+lenny1_all.deb
Debian ircd-hybrid_7.2.2.dfsg.2-4+lenny1_i386.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid _7.2.2.dfsg.2-4+lenny1_i386.deb
Debian ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_i386.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox -dbg_2.2.8.dfsg-2+lenny1_i386.deb
Debian ircd-ratbox_2.2.8.dfsg-2+lenny1_i386.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox _2.2.8.dfsg-2+lenny1_i386.deb
Debian Linux 5.0 mips
Debian hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_ 7.2.2.dfsg.2-4+lenny1_all.deb
Debian ircd-hybrid_7.2.2.dfsg.2-4+lenny1_mips.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid _7.2.2.dfsg.2-4+lenny1_mips.deb
Debian ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_mips.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox -dbg_2.2.8.dfsg-2+lenny1_mips.deb
Debian ircd-ratbox_2.2.8.dfsg-2+lenny1_mips.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox _2.2.8.dfsg-2+lenny1_mips.deb
Debian Linux 5.0 s/390
Debian hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_ 7.2.2.dfsg.2-4+lenny1_all.deb
Debian ircd-hybrid_7.2.2.dfsg.2-4+lenny1_s390.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid _7.2.2.dfsg.2-4+lenny1_s390.deb
Debian ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_s390.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox -dbg_2.2.8.dfsg-2+lenny1_s390.deb
Debian ircd-ratbox_2.2.8.dfsg-2+lenny1_s390.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox _2.2.8.dfsg-2+lenny1_s390.deb
Debian Linux 5.0 mipsel
Debian hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_ 7.2.2.dfsg.2-4+lenny1_all.deb
Debian ircd-hybrid_7.2.2.dfsg.2-4+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid _7.2.2.dfsg.2-4+lenny1_mipsel.deb
Debian ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox -dbg_2.2.8.dfsg-2+lenny1_mipsel.deb
Debian ircd-ratbox_2.2.8.dfsg-2+lenny1_mipsel.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox _2.2.8.dfsg-2+lenny1_mipsel.deb
Debian Linux 5.0 powerpc
Debian hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_ 7.2.2.dfsg.2-4+lenny1_all.deb
Debian ircd-hybrid_7.2.2.dfsg.2-4+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid _7.2.2.dfsg.2-4+lenny1_powerpc.deb
Debian ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox -dbg_2.2.8.dfsg-2+lenny1_powerpc.deb
Debian ircd-ratbox_2.2.8.dfsg-2+lenny1_powerpc.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox _2.2.8.dfsg-2+lenny1_powerpc.deb
Debian Linux 5.0 sparc
Debian hybrid-dev_7.2.2.dfsg.2-4+lenny1_all.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/hybrid-dev_ 7.2.2.dfsg.2-4+lenny1_all.deb
Debian ircd-hybrid_7.2.2.dfsg.2-4+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/i/ircd-hybrid/ircd-hybrid _7.2.2.dfsg.2-4+lenny1_sparc.deb
Debian ircd-ratbox-dbg_2.2.8.dfsg-2+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox -dbg_2.2.8.dfsg-2+lenny1_sparc.deb
Debian ircd-ratbox_2.2.8.dfsg-2+lenny1_sparc.deb
http://security.debian.org/pool/updates/main/i/ircd-ratbox/ircd-ratbox _2.2.8.dfsg-2+lenny1_sparc.deb
 
漏洞提供者
David Leadbeater

发表评论?

0 条评论。

发表评论