Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:4679
HistoryFeb 02, 2009 - 12:00 a.m.

Fujitsu Systemcast Wizard Lite PXE请求远程溢出漏洞

2009-02-0200:00:00
Root
www.seebug.org
115
JSON

BUGTRAQ ID: 33342

Systemcast Wizard Lite是用于创建富士通PRIMEQUEST服务器系统的支持软件。

Systemcast Wizard Lite的PXEService服务监听PXE协议请求。入站报文被拷贝到了0x400字节的固定缓冲区,但传送给recvfrom()的参数长度为0x5DC,因此如果远程攻击者发送了超过0x400字节的特制upd报文的话,就可以触发溢出,导致执行任意指令。

Fujitsu Systemcast Wizard Lite <= 2.0
Fujitsu

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

<a href=“http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html” target=“_blank”>http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html</a>

JSON