漏洞信息详情

Emacs Movemail POP3远程格式化字符串漏洞

  • CNNVD编号:CNNVD-200502-007
  • 危害等级: 高危
  • CVE编号: CVE-2005-0100
  • 漏洞类型: 格式化字符串
  • 发布时间: 2005-02-07
  • 威胁类型: 远程
  • 更新时间: 2005-10-20
  • 厂        商: gnu
  • 漏洞来源: Discovery is credi...

漏洞简介

Emacs即Editor MACroS(巨集编辑器),是一种纯文字编辑器。 (1)Emacs 20.x、21.3和可能的其他版本以及(2)XEmacs 21.4和更早版本中的movemail实用程序中的格式化字符串漏洞,可让远程恶意POP3服务器通过制作的数据包执行任意代码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: GNU Emacs 20.0 Debian emacs20-el_20.7-13.3_all.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/e/emacs20/emacs20-el_20.7 -13.3_all.deb Debian emacs20_20.7-13.3_alpha.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13 .3_alpha.deb Debian emacs20_20.7-13.3_arm.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13 .3_arm.deb Debian emacs20_20.7-13.3_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13 .3_hppa.deb Debian emacs20_20.7-13.3_i386.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13 .3_i386.deb Debian emacs20_20.7-13.3_ia64.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13 .3_ia64.deb Debian emacs20_20.7-13.3_m68k.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13 .3_m68k.deb Debian emacs20_20.7-13.3_mips.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13 .3_mips.deb Debian emacs20_20.7-13.3_mipsel.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13 .3_mipsel.deb Debian emacs20_20.7-13.3_powerpc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13 .3_powerpc.deb Debian emacs20_20.7-13.3_s390.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13 .3_s390.deb Debian emacs20_20.7-13.3_sparc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/main/e/emacs20/emacs20_20.7-13 .3_sparc.deb GNU Emacs 21.3 Mandrake emacs-21.3-15.1.101mdk.i586.rpm Mandrake Linux 10.1 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-21.3-15.1.101mdk.x86_64.rpm Mandrake Linux 10.1/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-21.3-9.1.100mdk.amd64.rpm Mandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-21.3-9.1.100mdk.i586.rpm Mandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-21.3-9.1.C30mdk.i586.rpm Mandrake Corporate Server 3.0 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-21.3-9.1.C30mdk.x86_64.rpm Mandrake Corporate Server 3.0/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-doc-21.3-15.1.101mdk.i586.rpm Mandrake Linux 10.1 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-doc-21.3-15.1.101mdk.x86_64.rpm Mandrake Linux 10.1/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-el-21.3-15.1.101mdk.i586.rpm Mandrake Linux 10.1 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-el-21.3-15.1.101mdk.x86_64.rpm Mandrake Linux 10.1/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-el-21.3-9.1.100mdk.amd64.rpm Mandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-el-21.3-9.1.100mdk.i586.rpm Mandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-el-21.3-9.1.C30mdk.i586.rpm Mandrake Corporate Server 3.0 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-el-21.3-9.1.C30mdk.x86_64.rpm Mandrake Corporate Server 3.0/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-leim-21.3-15.1.101mdk.i586.rpm Mandrake Linux 10.1 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-leim-21.3-15.1.101mdk.x86_64.rpm Mandrake Linux 10.1/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-leim-21.3-9.1.100mdk.amd64.rpm Mandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-leim-21.3-9.1.100mdk.i586.rpm Mandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-leim-21.3-9.1.C30mdk.i586.rpm Mandrake Corporate Server 3.0 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-leim-21.3-9.1.C30mdk.x86_64.rpm Mandrake Corporate Server 3.0/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-nox-21.3-15.1.101mdk.i586.rpm Mandrake Linux 10.1 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-nox-21.3-15.1.101mdk.x86_64.rpm Mandrake Linux 10.1/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-nox-21.3-9.1.100mdk.amd64.rpm Mandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-nox-21.3-9.1.100mdk.i586.rpm Mandrake Linux 10.0 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-nox-21.3-9.1.C30mdk.i586.rpm Mandrake Corporate Server 3.0 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-nox-21.3-9.1.C30mdk.x86_64.rpm Mandrake Corporate Server 3.0/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-X11-21.3-15.1.101mdk.i586.rpm Mandrake Linux 10.1 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-X11-21.3-15.1.101mdk.x86_64.rpm Mandrake Linux 10.1/x86_64 http://www.mandrakesecure.net/en/ftp.php Mandrake emacs-X11-21.3-9.1.100mdk.amd64.rpm Mandrake Linux 10.0/AMD64 http://www.mandrakesecure.net/en/ftp.php

参考网址

来源: XF 名称: xemacs-movemail-format-string(19246) 链接:http://xforce.iss.net/xforce/xfdb/19246 来源: REDHAT 名称: RHSA-2005:133 链接:http://www.redhat.com/support/errata/RHSA-2005-133.html 来源: REDHAT 名称: RHSA-2005:112 链接:http://www.redhat.com/support/errata/RHSA-2005-112.html 来源: REDHAT 名称: RHSA-2005:110 链接:http://www.redhat.com/support/errata/RHSA-2005-110.html 来源: DEBIAN 名称: DSA-685 链接:http://www.debian.org/security/2005/dsa-685 来源: DEBIAN 名称: DSA-671 链接:http://www.debian.org/security/2005/dsa-671 来源: DEBIAN 名称: DSA-670 链接:http://www.debian.org/security/2005/dsa-670 来源: BUGTRAQ 名称: 20050207 [USN-76-1] Emacs vulnerability 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110780416112719&w=2 来源: BID 名称: 12462 链接:http://www.securityfocus.com/bid/12462 来源: FEDORA 名称: FLSA-2006:152898 链接:http://www.securityfocus.com/archive/1/archive/1/433928/30/5010/threaded 来源: MANDRAKE 名称: MDKSA-2005:038 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2005:038

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多