漏洞信息详情

Wu-Ftpd S/Key Remote Buffer Overrun漏洞

  • CNNVD编号:CNNVD-200403-064
  • 危害等级: 超危
  • CVE编号: CVE-2004-0185
  • 漏洞类型: 缓冲区溢出
  • 发布时间: 2004-03-15
  • 威胁类型: 远程
  • 更新时间: 2005-05-13
  • 厂        商: washington_university
  • 漏洞来源: This issue was rec...

漏洞简介

wu-ftp daemon (wu-ftpd) 2.6.2版本的ftpd.c中skey_challenge函数存在缓冲区溢出漏洞。远程攻击者借助一个有超长名称的s/key (SKEY)请求导致服务拒绝并且可能执行任意代码。

漏洞公告

Hewlett-Packard has released an advisory (HPSBTU01012) and an early release patch to address this issue. Customers are advised to apply this patch if they are affected by this vulnerability. Further information regarding obtaining and applying an appropriate patch can be found in the referenced advisory. Debian has released an advisory DSA 457-1 to address this issue. Please see the referenced advisory for more information. RedHat has released an advisory RHSA-2004:096-09 to address this issue in Red Hat Enterprise Linux. Please see the advisory in web references for more information. The vendor has released a patch to address this issue in Wu-FTPD 2.6.2. The official patch can be obtained from the following location: ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch Washington University wu-ftpd 2.6.2

Compaq Tru64 5.1 a PK6(BL24) Compaq Tru64 5.1 b PK3(BL24)

参考网址

来源: www.securiteam.com 链接:http://www.securiteam.com/unixfocus/6X00Q1P8KC.html 来源: REDHAT 名称: RHSA-2004:096 链接:http://www.redhat.com/support/errata/RHSA-2004-096.html 来源: DEBIAN 名称: DSA-457 链接:http://www.debian.org/security/2004/dsa-457 来源: ftp.wu-ftpd.org 链接:ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch 来源: XF 名称: wuftpd-skey-bo(13518) 链接:http://xforce.iss.net/xforce/xfdb/13518 来源: unixpunx.org 链接:http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt 来源: BID 名称: 8893 链接:http://www.securityfocus.com/bid/8893

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多