Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:3717
HistoryJul 28, 2008 - 12:00 a.m.

Cygwin setup.exe安装及升级过程数据验证漏洞

2008-07-2800:00:00
Root
www.seebug.org
12

0.008 Low

EPSS

Percentile

79.8%

JSON

BUGTRAQ ID: 30375
CVE(CAN) ID: CVE-2008-3323

Cygwin是许多自由软件的集合,用于在各种版本的Microsoft Windows上运行UNIX类系统。

Cygwin的Tarball软件包是通过setup.exe安装和升级的,该程序通过明文HTTP或FTP从镜像下载软件包列表和软件包,软件包列表中包含有用于验证完整性的MD5校验和。如果恶意的服务器响应了负责升级软件包的HTTP请求并返回修改的MD5字符串的话,setup.exe就会下载并安装恶意软件包。

Cygwin setup.exe 2.573.2.2
Cygwin

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://cygwin.com/setup/snapshots/setup-2.573.2.3.exe” target=“_blank”>http://cygwin.com/setup/snapshots/setup-2.573.2.3.exe</a>

Related

cve 1
seebug 1
prion 1
securityvulns 1
cve
cve
CVE-2008-3323
2008-07-28 17:41:00
seebug
seebug
Cygwin包处理存在安全漏洞
2008-08-11 00:00:00
prion
prion
Design/Logic Flaw
2008-07-28 17:41:00
securityvulns
securityvulns
SECOBJADV-2008-02: Cygwin Installation and Update Process can be Subverted Vulnerability
2008-07-26 00:00:00

0.008 Low

EPSS

Percentile

79.8%

JSON
Related for SSV:3717
cve1seebug1prion1securityvulns1