Telnetd密钥处理缓冲区溢出漏洞【原理扫描】

其他 2019-06-03 14:41:25 阅读次数: 0
详细描述  
telnet后台程序telnetd实现服务器端的TELNET虚拟终端协议。
telnetd的实现上存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞控制服务器。
TELNET协议具有数据流的加密机制,当通过TELNET协议提供加密密钥时,其长度在被复制到固定大小缓冲区之前没有得到验证,漏洞相关代码位于函数"encrypt_keyid()" (crypto/heimdal/appl/telnet/libtelnet/encrypt.c and contrib/telnet/libtelnet/encrypt.c)
解决办法
厂商补丁:
FreeBSD
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.freebsd.org/security/index.html
REDHAT 
 Name: RHSA-2011:1854
Hyperlink:http://rhn.redhat.com/errata/RHSA-2011-1854.html
External Source: REDHAT
Name: RHSA-2011:1853
Hyperlink:http://rhn.redhat.com/errata/RHSA-2011-1853.html
External Source: REDHAT
Name: RHSA-2011:1852
Hyperlink:http://rhn.redhat.com/errata/RHSA-2011-1852.html
External Source: REDHAT
Name: RHSA-2011:1851
Hyperlink:http://rhn.redhat.com/errata/RHSA-2011-1851.html
DEBIAN
External Source: DEBIAN
Name: DSA-2375
Hyperlink:http://www.debian.org/security/2011/dsa-2375
External Source: DEBIAN
Name: DSA-2373
Hyperlink:http://www.debian.org/security/2011/dsa-2373
External Source: DEBIAN
Name: DSA-2372
Hyperlink:http://www.debian.org/security/2011/dsa-2372
SUSE:
External Source: SUSE
Name: SUSE-SU-2012:0056
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00015.html
External Source: SUSE
Name: openSUSE-SU-2012:0051
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00014.html
External Source: SUSE
Name: SUSE-SU-2012:0050
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00011.html
External Source: SUSE
Name: SUSE-SU-2012:0042
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00010.html
External Source: SUSE
Name: SUSE-SU-2012:0024
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00007.html
External Source: SUSE
Name: openSUSE-SU-2012:0019
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00005.html
External Source: SUSE
Name: SUSE-SU-2012:0018
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00004.html
External Source: SUSE
Name: SUSE-SU-2012:0010
Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2012-01/msg00002.html
FEDORA:
External Source: FEDORA
Name: FEDORA-2011-17493
Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071640.html
External Source: FEDORA
Name: FEDORA-2011-17492
Hyperlink:http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071627.html

猜你喜欢

转载自www.cnblogs.com/mrhonest/p/10967371.html
今日推荐
NetBSD 禁止提交由 AI 生成的代码
Apache Doris 2.0.10 版本正式发布!
开源日报 | 大模型开战;大模型独角兽被曝卖身;周鸿祎建议谷歌开源所有产品;最大开源AI社区提供1000万美元共享GPU
开源日报 | Chrome内置Gemini的意义不在于Gemini;中国AI追随之路的五大误区;ECharts创始人“下海”养鱼;谷歌I/O开发者大会什么都有,只是没有惊喜
微软回应中国区AI团队“打包赴美”传闻
基于大语言模型的开源知识库问答系统 MaxKB GitHub Star 数量突破 5,000 个!
周排行
女程序员是这样被恶搞的
B/S 和 C/S 的优缺点
vector一直申请会怎样?
座头鲸识别比赛(Humpback Whale Identification)总结
Linux高性能服务器编程——I/O复用 select
Mysql连接数据库(当包使用)
通过URI获取的文件路径为null的解决方法
1022-Primes on Interval(素数筛选+二分查找) ZCMU
Python出现: TypeError: expected string or buffer
bzoj2434: [Noi2011]阿狸的打字机 ac自动机+树状数组
每日归档
更多
2024-05-18(4)
2024-05-17(34)
2024-05-16(6)
2024-05-15(24)
2024-05-14(0)
2024-05-13(18)
2024-05-12(0)
2024-05-11(38)
2024-05-10(38)
2024-05-09(35)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022