drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in wget
Name: |
Pufferüberlauf in wget
|
|
ID: |
CSSA-2003-025.0 |
|
Distribution: |
Caldera |
|
Plattformen: |
Caldera Server 3.1.1, Caldera Workstation 3.1.1 |
|
Datum: |
So, 5. Oktober 2003, 13:00 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1565 |
|
Applikationen: |
Wget |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
______________________________________________________________________________
SCO Security Advisory
Subject: OpenLinux: wget: Buffer overflow Advisory number: CSSA-2003-025.0 Issue date: 2003 October 03 Cross reference: sr883607 fz528216 erg712410 CAN-2003-1565 ______________________________________________________________________________
1. Problem Description
wget is a freely available network utility to retrieve files using HTTP and FTP.
Stefano Zacchirol found a buffer overflow vulnerability in the code that handles URLs in wget. An attacker can create a long (more than 256 characters), specially crafted URL that when parsed by wget can cause the execution of arbitrary code or program misbehavior. The packages included in this update fix the problem by unconditionally terminating long URLs in all cases.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-1565 to this issue.
2. Vulnerable Supported Versions
System Package ---------------------------------------------------------------------- OpenLinux 3.1.1 Server prior to wget-1.8.2-1.i386.rpm OpenLinux 3.1.1 Workstation prior to wget-1.8.2-1.i386.rpm
3. Solution
The proper solution is to install the latest packages. Many customers find it easier to use the Caldera System Updater, called cupdate (or kcupdate under the KDE environment), to update these packages rather than downloading and installing them by hand.
4. OpenLinux 3.1.1 Server
4.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server//RPMS
4.2 Packages
c60a6e417ac41287973735f2c82d461c wget-1.8.2-1.i386.rpm
4.3 Installation
rpm -Fvh wget-1.8.2-1.i386.rpm
4.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server//SRPMS
4.5 Source Packages
8ef3938fd5d49cc029b43c6b21cef9e0 wget-1.8.2-1.src.rpm
5. OpenLinux 3.1.1 Workstation
5.1 Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation//RPMS
5.2 Packages
1c0c42afd39e6d6183b9abf4cc07d039 wget-1.8.2-1.i386.rpm
5.3 Installation
rpm -Fvh wget-1.8.2-1.i386.rpm
5.4 Source Package Location
ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation//SRPMS
5.5 Source Packages
932ee4ea3cc81a649735fcf691352be2 wget-1.8.2-1.src.rpm
6. References
Specific references for this advisory: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-1565 http://marc.theaimsgroup.com/?l=bugtraq&m=105474357016184&w=2
SCO security resources: http://www.sco.com/support/security/index.html
This security fix closes SCO incidents sr883607 fz528216 erg712410.
7. Disclaimer
SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products.
8. Acknowledgements
SCO would like to thank Stefano Zacchirol.
______________________________________________________________________________
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org
iEYEARECAAYFAj998ZcACgkQbluZssSXDTGU0ACg0y9nrB9igVfqXEhvVQ+81FnU RToAn0aQdzBn9VFiwRyAa1b7ZGU+R+iT =hgWo -----END PGP SIGNATURE-----
|
|
|
|