漏洞起因
边界条件错误
影响系统
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux EUS 5.3.z server
RedHat Enterprise Linux ES 4.8.z
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux Desktop Workstation 5 client
RedHat Enterprise Linux AS 4.8.z
RedHat Enterprise Linux AS 4
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux 5 server
RedHat Desktop 4.0
RedHat Desktop 3.0
Gentoo Linux
Debian Linux 5.0 sparc
Debian Linux 5.0 s/390
Debian Linux 5.0 powerpc
Debian Linux 5.0 mipsel
Debian Linux 5.0 mips
Debian Linux 5.0 m68k
Debian Linux 5.0 ia-64
Debian Linux 5.0 ia-32
Debian Linux 5.0 hppa
Debian Linux 5.0 armel
Debian Linux 5.0 arm
Debian Linux 5.0 amd64
Debian Linux 5.0 alpha
Debian Linux 5.0
Cscope Cscope 15.5
+ SCO Open Server 5.0.7
+ SCO Open Server 5.0.6
Cscope Cscope 15.4
Cscope Cscope 15.3
Cscope Cscope 15.1
Cscope Cscope 15.7
+ SCO Open Server 5.0.7
+ SCO Open Server 5.0.6
Apple Mac OS X Server 10.5.6
Apple Mac OS X Server 10.5.5
Apple Mac OS X Server 10.5.4
Apple Mac OS X Server 10.5.3
Apple Mac OS X Server 10.5.2
Apple Mac OS X Server 10.5.1
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.11
Apple Mac OS X Server 10.4.10
Apple Mac OS X Server 10.4.9
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.5
Apple Mac OS X 10.5.6
Apple Mac OS X 10.5.5
Apple Mac OS X 10.5.4
Apple Mac OS X 10.5.3
Apple Mac OS X 10.5.2
Apple Mac OS X 10.5.1
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.11
Apple Mac OS X 10.4.10
Apple Mac OS X 10.4.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.5
不受影响系统
Cscope Cscope 15.7a
+ SCO Open Server 5.0.7
+ SCO Open Server 5.0.6
Apple Mac OS X Server 10.5.7
Apple Mac OS X 10.5.7
危害
远程攻击者可以利用漏洞以应用程序权限执行任意指令。
攻击所需条件
攻击者必须构建恶意源代码文件,诱使用户解析。
漏洞信息
Cscope是一款开发人员用于查看源码的工具。
Apple Security Team报告cscope由于不安全使用sprintf,构建恶意源文件,诱使用户打开解析,可导致以应用程序权限执行任意指令。
测试方法
厂商解决方案
升级程序:
Apple Mac OS X Server 10.5
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Cscope Cscope 15.7
Cscope cscope-15.7a.tar.bz2
http://sourceforge.net/project/downloading.php?group_id=4664&filename= cscope-15.7a.tar.bz2
Apple Mac OS X 10.5
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X 10.4.11
Apple SecUpd2009-002PPC.dmg
(PowerPC)
http://support.apple.com/downloads/DL818/SecUpd2009-002PPC.dmg
Apple Mac OS X Server 10.4.11
Apple SecUpd2009-002Intel.dmg
(Intel)
http://support.apple.com/downloads/DL817/SecUpd2009-002Intel.dmg
Apple SecUpdSrvr2009-002PPC.dmg
(PowerPC)
http://support.apple.com/downloads/DL819/SecUpdSrvr2009-002PPC.dmg
Apple SecUpdSrvr2009-002Univ.dmg
(Universal)
http://support.apple.com/downloads/DL816/SecUpdSrvr2009-002Univ.dmg
Apple Mac OS X 10.5.1
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.1
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.2
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.2
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.3
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.3
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.4
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X Server 10.5.4
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X Server 10.5.5
Apple MacOSXServerUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL829/MacOSXServerUpdCombo10.5.7.dm g
Apple Mac OS X 10.5.5
Apple MacOSXUpdCombo10.5.7.dmg
http://support.apple.com/downloads/DL827/MacOSXUpdCombo10.5.7.dmg
Apple Mac OS X 10.5.6
Apple MacOSXUpd10.5.7.dmg
http://support.apple.com/downloads/DL826/MacOSXUpd10.5.7.dmg
Apple Mac OS X Server 10.5.6
Apple MacOSXServerUpd10.5.7.dmg
http://support.apple.com/downloads/DL828/MacOSXServerUpd10.5.7.dmg
Cscope Cscope 15.1
Cscope cscope-15.7a.tar.bz2
http://sourceforge.net/project/downloading.php?group_id=4664&filename= cscope-15.7a.tar.bz2
Cscope Cscope 15.3
Cscope cscope-15.7a.tar.bz2
http://sourceforge.net/project/downloading.php?group_id=4664&filename= cscope-15.7a.tar.bz2
Cscope Cscope 15.4
Cscope cscope-15.7a.tar.bz2
http://sourceforge.net/project/downloading.php?group_id=4664&filename= cscope-15.7a.tar.bz2
Cscope Cscope 15.5
Cscope cscope-15.7a.tar.bz2
http://sourceforge.net/project/downloading.php?group_id=4664&filename= cscope-15.7a.tar.bz2
漏洞提供者
Apple Security Team
0 条评论。