受影响系统:
HP HP-UX 11.31
HP HP-UX 11.23
HP HP-UX 11.11
IBM AIX 6.1
SGI IRIX 6.5
描述:
rpc.pcnfsd是一个在网络上提供认证和打印服务的RPC守护进程,被运行在大量Unix类操作系统上。
多个厂商的Unix系统中所使用的rpc.pcnfsd服务在处理RPC请求时存在整数溢出漏洞。远程攻击者可以通过发送特制的rpc请求导致调用_msgout()函数,而该函数未经格式串检查便调用syslog()函数记录错误。以下是pcnfsd_print.c文件中有漏洞的代码段:
psrstat pr_start2(system, pr, user, fname, opts, id)
…
…
if (rename(pathname, new_pathname))
{
/*
**—————————————————————
** Should never happen.
**—————————————————————
*/
(void)sprintf(tempstr, "rpc.pcnfsd: spool file rename (%s->%s) failed.\n",
pathname, new_pathname);
msg_out(tempstr); <—- Vuln Function with our input
form pcnfsd_xdr.c
static
_msgout(msg) \
char *msg;
{
#ifdef RPC_SVC_FG
if (_rpcpmstart)
syslog(LOG_ERR, msg); <—- Problem here!
else
(void) fprintf(stderr, "%s\n", msg);
#else
syslog(LOG_ERR, msg); <—- Problem here!
#endif
return(0);
}
<*来源:Rodrigo Rubira Branco (rodrigo@risesecurity.org)
链接:http://secunia.com/advisories/39911/
http://marc.info/?l=bugtraq&m=127448192202799&w=2
http://www.checkpoint.com/defense/advisories/public/2010/cpai-13-May.html
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=5088
http://www.auscert.org.au/render.html?it=12819&template=1
*>
建议:
厂商补丁:
HP
—
HP已经为此发布了一个安全公告(HPSBUX02523)以及相应补丁:
HPSBUX02523:SSRT100036 rev.1 – HP-UX Running ONCPlus, Remote Denial of Service (DoS), Increase in Privilege
链接:http://www.auscert.org.au/render.html?it=12819&template=1
IBM
—
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://aix.software.ibm.com/aix/efixes/security/pcnfsd_fix.tar
0 条评论。