發信人: tw-cert () 看板: security 日期: Mon Mar 18 19:30:47 2002 標題: TW-CA-2002-056-[MDKSA-2002:021: MDKSA-2002:021: mod_frontpa TW-CA-2002-056-[MDKSA-2002:021: MDKSA-2002:021: mod_frontpage] ------------------------------------------------------------------------------- TWCERT發布日期:2002-03-15 原漏洞發布日期:2002-03-08 分類:DoS, Gain Privilig 來源參考:MDKSA-2002:021 ------ 說明 ------------------------------------------------------------------- 修正過的 mod_frontpage 1.6.1 以前的版本存在一個安全問題。由於 fpexec.c 沒有進行 邊界確認(boundary checks),遠端攻擊者可能利用 suid root binary 造成緩衝區滿溢, 以 superuser 權限在 server 上執行任意指令。 建議 mod_frontpage 的使用者進行更新。 Mandrake Linux 已完全修訂此更新,不但更容易設定和使用,且支援新的 FrontPage 2002 extensions。 ------ 影響平台 --------------------------------------------------------------- Mandrake Linux 8.0, 8.1 ------ 修正方式 --------------------------------------------------------------- 更新套件: Mandrake Linux 8.0: 0b2760b21addbe6396be4abe6be97305 8.0/RPMS/mod_frontpage-1.6.1-3.1mdk.i586.rpm 2fb9a89afd1385ab60c894f6985284e7 8.0/SRPMS/mod_frontpage-1.6.1-3.1mdk.src.rpm Mandrake Linux 8.0/ppc: 009635a52c08313eede64f30fff223f2 ppc/8.0/RPMS/mod_frontpage-1.6.1-3.1mdk.ppc.rpm 2fb9a89afd1385ab60c894f6985284e7 ppc/8.0/SRPMS/mod_frontpage-1.6.1-3.1mdk.src.rpm Mandrake Linux 8.1: 8c2baeebb796353035f8816ed6cdfbed 8.1/RPMS/mod_frontpage-1.6.1-3.1mdk.i586.rpm 2fb9a89afd1385ab60c894f6985284e7 8.1/SRPMS/mod_frontpage-1.6.1-3.1mdk.src.rpm Mandrake Linux 8.1/ia64: 9d175e164af2e6a39c2d4576e543752e ia64/8.1/RPMS/mod_frontpage-1.6.1-3.1mdk.ia64.rpm 2fb9a89afd1385ab60c894f6985284e7 ia64/8.1/SRPMS/mod_frontpage-1.6.1-3.1mdk.src.rpm _______________________________________________________________________________ Bug IDs fixed (相關資訊請參閱 https://qa.mandrakesoft.com): _______________________________________________________________________________ 使用 MandrakeUpdate 可自動更新。若是使用 MandrakeUpdate, 會自動執行md5 checksum 和 GPG 簽章。 若要手動更新,可下載更新套件利用指令 "rpm -Fvh *.rpm" 進行更新。 可從下列位置直接取得更新: http://www.mandrakesecure.net/en/ftp.php 在更新以前,請先確認下載套件的完整性。可執行以下指令: rpm --checksig 可從下列位置取得 Mandrake Linux Security Team 的 GPG public key: https://www.mandrakesecure.net/RPM-GPG-KEYS 您可參考其他 Mandrake Linux 安全文件: http://www.linux-mandrake.com/en/security/ 如有任何弱點資訊,可聯絡 security@linux-mandrake.com 其他相關資訊請參考原文。 ------ 影響結果 --------------------------------------------------------------- 攻擊者可能利用 suid root binary 造成緩衝區滿溢,以 superuser 權限在 server 上執 行任意指令。 ------ 連絡 TW-CERT ----------------------------------------------------------- Tel: 886-7-5250211 Fax: 886-7-5250212 886-2-23563303 886-2-23924082 Email: twcert@cert.org.tw URL: http://www.cert.org.tw/ PGP key: http://www.cert.org.tw/eng/pgp.htm =============================================================================== 附件:[MDKSA-2002:021: mod_frontpage] - ------ Overview ------------------------------------------------------------- - ------ Description ---------------------------------------------------------- A problem was found in versions of improved mod_frontpage prior to 1.6.1 regarding a lack of boundary checks in fpexec.c. This means that the suid root binary is exploitable for buffer overflows. This could be exploited by remote attackers to execute arbitrary code on the server with superuser privileges. Although there are no known exploits available, if you use mod_frontpage you are strongly encouraged to upgrade. This update for Mandrake Linux has been completely reworked and is easier to configure and use, as well as supporting the new FrontPage 2002 extensions. - ------ Platform ------------------------------------------------------------- 8.0, 8.1 - ------ Solution ------------------------------------------------------------- Updated Packages: Mandrake Linux 8.0: 0b2760b21addbe6396be4abe6be97305 8.0/RPMS/mod_frontpage-1.6.1-3.1mdk.i586.rpm 2fb9a89afd1385ab60c894f6985284e7 8.0/SRPMS/mod_frontpage-1.6.1-3.1mdk.src.rpm Mandrake Linux 8.0/ppc: 009635a52c08313eede64f30fff223f2 ppc/8.0/RPMS/mod_frontpage-1.6.1-3.1mdk.ppc.rpm 2fb9a89afd1385ab60c894f6985284e7 ppc/8.0/SRPMS/mod_frontpage-1.6.1-3.1mdk.src.rpm Mandrake Linux 8.1: 8c2baeebb796353035f8816ed6cdfbed 8.1/RPMS/mod_frontpage-1.6.1-3.1mdk.i586.rpm 2fb9a89afd1385ab60c894f6985284e7 8.1/SRPMS/mod_frontpage-1.6.1-3.1mdk.src.rpm Mandrake Linux 8.1/ia64: 9d175e164af2e6a39c2d4576e543752e ia64/8.1/RPMS/mod_frontpage-1.6.1-3.1mdk.ia64.rpm 2fb9a89afd1385ab60c894f6985284e7 ia64/8.1/SRPMS/mod_frontpage-1.6.1-3.1mdk.src.rpm ________________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ________________________________________________________________________ To upgrade automatically, use MandrakeUpdate. The verification of md5 checksums and GPG signatures is performed automatically for you. If you want to upgrade manually, download the updated package from one of our FTP server mirrors and upgrade with "rpm -Fvh *.rpm". A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command: rpm --checksig All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team from: https://www.mandrakesecure.net/RPM-GPG-KEYS Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security@linux-mandrake.com - ------ Impact --------------------------------------------------------------- suid root binary is exploitable for buffer overflows. This could be exploited by remote attackers to execute arbitrary code on the server with superuser privileges. -- * Origin: 中山大學-美麗之島BBS * From: 140.117.101.140 [已通過認證] .