漏洞信息详情

CAPI4Hylafax 远程任意命令执行漏洞

漏洞简介

capi4hylafax 01.02.03中的c2faxrecv,可让远程攻击者通过TSI字符串中的空(\0)和shell元字符执行任意命令,如通过来自匿名号码的传真所示。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

CAPI4Hylafax CAPIHylafax 1.2.3

Debian capi4hylafax_01.02.03-10sarge2_alpha.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_alpha.deb

Debian capi4hylafax_01.02.03-10sarge2_amd64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_amd64.deb

Debian capi4hylafax_01.02.03-10sarge2_arm.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_arm.deb

Debian capi4hylafax_01.02.03-10sarge2_i386.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_i386.deb

Debian capi4hylafax_01.02.03-10sarge2_ia64.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_ia64.deb

Debian capi4hylafax_01.02.03-10sarge2_m68k.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_m68k.deb

Debian capi4hylafax_01.02.03-10sarge2_powerpc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_powerpc.deb

Debian capi4hylafax_01.02.03-10sarge2_sparc.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/c/capi4hylafax/capi4hylafax_01.02.03-10sarge2_sparc.deb

Hylafax Hylafax 4.2.5

SuSE capi4hylafax-4.2.5-14.5.i586.rpm

openSUSE 10.1

ftp://ftp.suse.com/pub/suse/i386/update/10.1/rpm/i586/capi4hylafax-4.2.5-14.5.i586.rpm

SuSE capi4hylafax-4.2.5-14.5.x86_64.rpm

openSUSE 10.1

ftp://ftp.suse.com/pub/suse/x86_64/update/10.1/rpm/x86_64/capi4hylafax-4.2.5-14.5.x86_64.rpm

Hylafax Hylafax 4.3

SuSE capi4hylafax-4.3.0-25.2.i586.rpm

openSUSE 10.2

ftp://ftp.suse.com/pub/suse/i386/update/10.2/rpm/i586/capi4hylafax-4.3.0-25.2.i586.rpm

SuSE capi4hylafax-4.3.0-25.2.x86_64.rpm

openSUSE 10.2

ftp://ftp.suse.com/pub/suse/x86_64/update/10.2/rpm/x86_64/capi4hylafax-4.3.0-25.2.x86_64.rpm

参考网址

来源: SECUNIA

名称: 21726

链接:http://secunia.com/advisories/21726

来源: SECUNIA

名称: 21722

链接:http://secunia.com/advisories/21722

来源: MISC

链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=382474

来源: DEBIAN

名称: DSA-1165

链接:http://www.debian.org/security/2006/dsa-1165

来源: BID

名称: 19801

链接:http://www.securityfocus.com/bid/19801

来源: SUSE

名称: SUSE-SR:2007:004

链接:http://www.novell.com/linux/security/advisories/2007_4_sr.html

来源: VUPEN

名称: ADV-2006-3430

链接:http://www.frsirt.com/english/advisories/2006/3430

来源: GENTOO

名称: GLSA-200610-05

链接:http://security.gentoo.org/glsa/glsa-200610-05.xml

来源: SECUNIA

名称: 22450

链接:http://secunia.com/advisories/22450

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多