'Compress::Raw::Zlib' Perl模块远程代码执行漏洞

2009-06-15T00:00:00
ID SSV:11621
Type seebug
Reporter Root
Modified 2009-06-15T00:00:00

Description

Bugraq ID: 35307 CVE ID:CVE-2009-1391 CNCVE ID:CNCVE-20091391

Compress::Raw::Zlib是一款Zlib压缩库提供perl低级接口的模块。 Compress::Raw::Zlib inflate()存在缓冲区溢出,远程攻击者可以利用漏洞使应用程序崩溃或以应用程序权限执行任意指令。 Zlib.xs中的"inflate()"函数存在单字节错误,当处理特殊构建的压缩数据时存在堆缓冲区溢出,可导致perl进程关起或崩溃。

Compress::Raw::Zlib 2.015 Compress::Raw::Zlib 2.014 升级程序: Compress::Raw::Zlib Compress::Raw::Zlib 2.015 Compress::Raw::Zlib Compress-Raw-Zlib-2.017.tar.gz <a href="http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/Compress-Raw-Zlib-2.0" target="_blank" rel=external nofollow>http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/Compress-Raw-Zlib-2.0</a> 17.tar.gz Compress::Raw::Zlib Compress::Raw::Zlib 2.014 Compress::Raw::Zlib Compress-Raw-Zlib-2.017.tar.gz <a href="http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/Compress-Raw-Zlib-2.0" target="_blank" rel=external nofollow>http://search.cpan.org/CPAN/authors/id/P/PM/PMQS/Compress-Raw-Zlib-2.0</a> 17.tar.gz

                                        
                                            
                                                可参考如下测试方法:
https://bugzilla.redhat.com/attachment.cgi?id=346729