重点关注
漏洞公告
恶意代码
新的hypermail包修正任意代码执行缺陷 (Linux,补丁)
涉及程序: hypermail 描述: 新的hypermail包修正任意代码执行缺陷 详细: hypermail是一款增强型转换Email为HTML格式页面的工具。在hypermail中存在两个缺陷:攻击者在附件上精心构造一个超长的文件名,在对文件名进行解析时,引发缓冲溢出,导致攻击者以本地权限在系统上执行任意代码。 CGI MAIL程序会对用户IP进行反向解析,并且将解析到的主机名复制到一个固定大小的缓冲区中。攻击者通过精心构造的DNS回复能导致缓冲溢出。 对于当前稳定的发行(woody),这个缺陷在版本2.1.3-2.0中被修正。 对于以前稳定的发行(potato),这个缺陷在版本2.0b25-1.1中被修正。 对于不稳定的发行(sid),这个缺陷在版本2.1.6-1中被修正。 攻击方法: 暂无有效攻击代码 解决方案: 建议用户升级hypermail包。 升级说明: wget url:取得升级文件; dpkg -i file.deb:安装参考文件; 如果使用apt-get包管理器: apt-get update:更新内部数据库; apt-get upgrade:安装正确的包; 通过进行适当的配置能使用自动更新。 Debian GNU/Linux 2.2 alias potato - --------------------------------- Source archives: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1.dsc Size/MD5 checksum: 577 96bc728b8bdc3f3b31b2f6e7fb96e1c8 http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1.diff.gz Size/MD5 checksum: 9685 0450f68f3ab45eadc7fab7e97076c845 http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25.orig.tar.gz Size/MD5 checksum: 297049 7a5875311ae71fc6fa5dee18e9d826ee Alpha architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_alpha.deb Size/MD5 checksum: 416502 97032e2a8ad790a2b760a49ac39871f2 ARM architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_arm.deb Size/MD5 checksum: 150356 d3bf5bcce7068ccec8c5e246f6cc9491 Intel IA-32 architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_i386.deb Size/MD5 checksum: 145048 987bb3659b98eb4dc7e020afd58c24ac Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_m68k.deb Size/MD5 checksum: 141910 cbe0d66a017f5ab47b6318c7a40a02b6 PowerPC architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_powerpc.deb Size/MD5 checksum: 156548 5cda5263360e4f39d8b82e47843039e3 Sun Sparc architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.0b25-1.1_sparc.deb Size/MD5 checksum: 175610 3dec97942bb30b61eff8c748577bc473 Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0.dsc Size/MD5 checksum: 606 e335b50b6f796c6e4808084840560bee http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0.diff.gz Size/MD5 checksum: 13146 106aba184df6afb95733bfe24da073fc http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3.orig.tar.gz Size/MD5 checksum: 723942 f1bea3df4b34e58e2f6318f2ed3f9770 Alpha architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_alpha.deb Size/MD5 checksum: 212258 8bad85e95bfa8f47e967a29a7b0a9f85 ARM architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_arm.deb Size/MD5 checksum: 187986 0583077e67b953f71de182ff42547bbe Intel IA-32 architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_i386.deb Size/MD5 checksum: 179114 aeb01e13233b078e4ad7266d5b5d5860 Intel IA-64 architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_ia64.deb Size/MD5 checksum: 243654 a11258231578df4f2cbd906792990fca HP Precision architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_hppa.deb Size/MD5 checksum: 203300 b7a96e5819c87be6c970c815c141b5ee Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_m68k.deb Size/MD5 checksum: 171634 ac39ecc46835d711321b42041d5e967d Big endian MIPS architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_mips.deb Size/MD5 checksum: 200810 2f389f8858d479e523a41e45308c201c Little endian MIPS architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_mipsel.deb Size/MD5 checksum: 199906 6d4db8dd21081d4b27c6ce1331476cb0 PowerPC architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_powerpc.deb Size/MD5 checksum: 193648 cb233bbc6cb8064f59c1dc6ef56539dd IBM S/390 architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_s390.deb Size/MD5 checksum: 188614 68b89720900812d551c760b61af04daf Sun Sparc architecture: http://security.debian.org/pool/updates/main/h/hypermail/hypermail_2.1.3-2.0_sparc.deb Size/MD5 checksum: 194596 103964dcf3a82f8d1df4d5afe9edecc9 附加信息: CAN-2003-0057
