Multiple Vendor Telnet Client LINEMODE Sub-Options Remote

Home Home

引用 | 编辑 jenhaoliu
2005-04-26 16:47

楼主

漏洞名称： Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Buffer Overflow Vulnerability
漏洞编号： ICST-CA-2005-056
漏洞说明：数家软体商撰写的Telnet软体存在远端缓冲区溢位的漏洞。该漏洞还自于Telnet程式没有正确检查使用者输入的字串长度，就将资料复制到静态的缓冲区中。

骇客可以利用该漏洞取得使用者的权限，并让不明程式利用使用者的权限执行。

影响平台： ALT Linux ALT Linux Compact 2.3
ALT Linux ALT Linux Junior 2.3
Apple Mac OS X 10.0 3
Apple Mac OS X 10.0
Apple Mac OS X 10.0.1
Apple Mac OS X 10.0.2
Apple Mac OS X 10.0.3
Apple Mac OS X 10.0.4
Apple Mac OS X 10.1
Apple Mac OS X 10.1
Apple Mac OS X 10.1.1
Apple Mac OS X 10.1.2
Apple Mac OS X 10.1.3
Apple Mac OS X 10.1.4
Apple Mac OS X 10.1.5
Apple Mac OS X 10.2
Apple Mac OS X 10.2.1
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2.3
Apple Mac OS X 10.2.4
Apple Mac OS X 10.2.5
Apple Mac OS X 10.2.6
Apple Mac OS X 10.2.7
Apple Mac OS X 10.2.8
Apple Mac OS X 10.3
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.8
Apple Mac OS X Server 10.0
Apple Mac OS X Server 10.1
Apple Mac OS X Server 10.1.1
Apple Mac OS X Server 10.1.2
Apple Mac OS X Server 10.1.3
Apple Mac OS X Server 10.1.4
Apple Mac OS X Server 10.1.5
Apple Mac OS X Server 10.2
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.7
Apple Mac OS X Server 10.2.8
Apple Mac OS X Server 10.3
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.8
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
FreeBSD FreeBSD 4.10-PRERELEASE
FreeBSD FreeBSD 2.0
FreeBSD FreeBSD 4.0 .x
FreeBSD FreeBSD 4.0 -RELENG
FreeBSD FreeBSD 4.0 alpha
FreeBSD FreeBSD 4.0
FreeBSD FreeBSD 4.1
FreeBSD FreeBSD 4.1.1 -STABLE
FreeBSD FreeBSD 4.1.1 -RELEASE
FreeBSD FreeBSD 4.1.1
FreeBSD FreeBSD 4.2 -STABLEpre122300
FreeBSD FreeBSD 4.2 -STABLEpre050201
FreeBSD FreeBSD 4.2 -STABLE
FreeBSD FreeBSD 4.2 -RELEASE
FreeBSD FreeBSD 4.2
FreeBSD FreeBSD 4.3 -STABLE
FreeBSD FreeBSD 4.3 -RELENG
FreeBSD FreeBSD 4.3 -RELEASE-p38
FreeBSD FreeBSD 4.3 -RELEASE
FreeBSD FreeBSD 4.3
FreeBSD FreeBSD 4.4 -STABLE
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELENG
FreeBSD FreeBSD 4.4 -RELEASE-p42
FreeBSD FreeBSD 4.4
FreeBSD FreeBSD 4.5 -STABLEpre2002-03-07
FreeBSD FreeBSD 4.5 -STABLE
FreeBSD FreeBSD 4.5 -RELENG
FreeBSD FreeBSD 4.5 -RELEASE-p32
FreeBSD FreeBSD 4.5 -RELEASE
FreeBSD FreeBSD 4.5
FreeBSD FreeBSD 4.6 -STABLE
FreeBSD FreeBSD 4.6 -RELENG
FreeBSD FreeBSD 4.6 -RELEASE-p20
FreeBSD FreeBSD 4.6 -RELEASE
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 4.6.2
FreeBSD FreeBSD 4.7 -STABLE
FreeBSD FreeBSD 4.7 -RELENG
FreeBSD FreeBSD 4.7 -RELEASE-p17
FreeBSD FreeBSD 4.7 -RELEASE
FreeBSD FreeBSD 4.7
FreeBSD FreeBSD 4.8 -RELENG
FreeBSD FreeBSD 4.8 -RELEASE-p7
FreeBSD FreeBSD 4.8 -PRERELEASE
FreeBSD FreeBSD 4.8
FreeBSD FreeBSD 4.9 -RELENG
FreeBSD FreeBSD 4.9 -PRERELEASE
FreeBSD FreeBSD 4.9
FreeBSD FreeBSD 4.10 -RELENG
FreeBSD FreeBSD 4.10 -RELEASE
FreeBSD FreeBSD 4.10
FreeBSD FreeBSD 4.11 -STABLE
FreeBSD FreeBSD 5.0 -RELENG
FreeBSD FreeBSD 5.0
FreeBSD FreeBSD 5.1 -RELENG
FreeBSD FreeBSD 5.1 -RELEASE-p5
FreeBSD FreeBSD 5.1 -RELEASE
FreeBSD FreeBSD 5.1
FreeBSD FreeBSD 5.2 -RELENG
FreeBSD FreeBSD 5.2 -RELEASE
FreeBSD FreeBSD 5.2
FreeBSD FreeBSD 5.2.1 -RELEASE
FreeBSD FreeBSD 5.3 -STABLE
FreeBSD FreeBSD 5.3 -RELEASE
FreeBSD FreeBSD 5.3
FreeBSD FreeBSD 5.4 -PRERELEASE
Gentoo Linux
OpenBSD OpenBSD 3.5
OpenBSD OpenBSD 3.6
Openwall Openwall GNU/*/Linux (Owl)-current
Openwall Openwall GNU/*/Linux 1.0
Openwall Openwall GNU/*/Linux 1.1
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
S.u.S.E. Linux 7.0 sparc
S.u.S.E. Linux 7.0 ppc
S.u.S.E. Linux 7.0 i386
S.u.S.E. Linux 7.0 alpha
S.u.S.E. Linux 7.0
S.u.S.E. Linux 7.1 x86
S.u.S.E. Linux 7.1 sparc
S.u.S.E. Linux 7.1 ppc
S.u.S.E. Linux 7.1 alpha
S.u.S.E. Linux 7.1
S.u.S.E. Linux 7.2 i386
S.u.S.E. Linux 7.2
S.u.S.E. Linux 7.3 sparc
S.u.S.E. Linux 7.3 ppc
S.u.S.E. Linux 7.3 i386
S.u.S.E. Linux 7.3
S.u.S.E. Linux 8.0 i386
S.u.S.E. Linux 8.0
S.u.S.E. Linux 8.1
S.u.S.E. Linux 8.2
S.u.S.E. Linux 9.0 x86_64
S.u.S.E. Linux 9.0
S.u.S.E. Linux 9.1 x86_64
S.u.S.E. Linux 9.1
S.u.S.E. Linux 9.2 x86_64
S.u.S.E. Linux 9.2
SCO Unixware 7.1.1
SCO Unixware 7.1.3
SCO Unixware 7.1.4
SGI ProPack 3.0
Sun Solaris 10_x86
Sun Solaris 7.0 _x86
Sun Solaris 7.0
Sun Solaris 8.0 _x86
Sun Solaris 8.0
Sun Solaris 9.0 _x86
Sun Solaris 9.0
Sun Solaris 10.0

影响状况：远端缓冲区溢位攻击，使用者权限窃取。

解决方案：目前尚无任何解决方案释出，详细情形请参阅参考网站。

参考资料： Multiple Vendor Telnet Client LINEMODE Sub-Options Remote Buffer Overflow Vulnerability