Linux ypbind 本地格式化串漏洞
受影响系统:
Swen Thuemmler ypbind 3.3
+ RedHat Linux 7.0
+ RedHat Linux 6.x
+ Debian Linux 2.2
+ Debian Linux 2.1
不受影响系统:
Swen Thuemmler ypbind 3.8-0.1
Swen Thuemmler ypbind 3.5-2.1
描述:
ypbind是NIS软件包中的程序,其LINUX实现中日志功能存在本地格式化串漏洞,恶意
的本地用户有可能利用该漏洞获取root权限。用户提供的数据作为格式化串的一部分
被传递给*printf函数,如果该串中使用某些特定的格式限定符,将导致堆栈上的部
分内存被覆盖从而影响程序流程。据说存在远程攻击ypbind的可能,但尚未确认。
<* 来源:Debian advisory *>
建议:
临时解决办法:
NSFOCUS建议您在没有补丁程序前暂时停止使用有问题的ypbind。
厂商补丁:
RedHat 和 Debian 均提供了补丁
Swen Thuemmler ypbind 3.3:
[ Debian Linux ]
Debian upgrade 2.1(intel): nis_3.5-2.1
http://security.debian.org/dists/slink/updates/binary-i386/nis_3.5-2.1_i386.deb
Debian upgrade 2.1 (m68k): nis_3.5-2.1
http://security.debian.org/dists/slink/updates/binary-m68k/nis_3.5-2.1_m68k.deb
Debian upgrade 2.2 (alpha): nis_3.8-0.1
http://security.debian.org/dists/stable/updates/main/binary-alpha/nis_3.8-0.1_alpha.deb
Debian upgrade 2.2 (arm): nis_3.8-0.1
http://security.debian.org/dists/stable/updates/main/binary-arm/nis_3.8-0.1_arm.deb
Debian upgrade 2.2 (intel): nis_3.8-0.1
http://security.debian.org/dists/stable/updates/main/binary-i386/nis_3.8-0.1_i386.deb
Debian upgrade 2.2 (ppc): nis_3.8-0.1
http://security.debian.org/dists/stable/updates/main/binary-powerpc/nis_3.8-0.1_powerpc.deb
Debian upgrade 2.2 (sparc): nis_3.8-0.1
http://security.debian.org/dists/stable/updates/main/binary-sparc/nis_3.8-0.1_sparc.deb
[ Redhat Linux ]
RedHat RPM 5.x (alpha): ypbind-3.3-10
ftp://updates.redhat.com/5.2/alpha/ypbind-3.3-10.alpha.rpm
RedHat RPM 5.x (sparc): ypbind-3.3-10
ftp://updates.redhat.com/5.2/sparc/ypbind-3.3-10.sparc.rpm
RedHat RPM 5.x (intel): ypbind-3.3-10
ftp://updates.redhat.com/5.2/i386/ypbind-3.3-10.i386.rpm
RedHat RPM 6.x (alpha): ypbind-1.7-0.6.x
ftp://updates.redhat.com/6.2/alpha/ypbind-1.7-0.6.x.alpha.rpm
RedHat RPM 6.x (sparc): ypbind-1.7-0.6.x
ftp://updates.redhat.com/6.2/sparc/ypbind-1.7-0.6.x.sparc.rpm
RedHat RPM 6.x (intel): ypbind-1.7-0.6.x
ftp://updates.redhat.com/6.2/i386/ypbind-1.7-0.6.x.i386.rpm
via:http://soft.chinabyte.com/os/479/11207979.shtml
