Fcron Convert-FCronTab本地缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109694 漏洞类型 边界条件错误
发布时间 2006-02-01 更新时间 2006-09-05
CVE编号 CVE-2006-0539 CNNVD-ID CNNVD-200602-050
漏洞平台 Multiple CVSS评分 4.6
|漏洞来源
https://www.exploit-db.com/exploits/27159
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-050
|漏洞详情
fcron3.0.0中的convert-fcrontab程序存在缓存区溢出漏洞,本地用户可以通过长命令行参数获取权限。这会导致Linuxglibc报告堆内存损坏,可能是由于strdup2函数中的strcpy"覆盖了某些数据"。
|漏洞EXP
source: http://www.securityfocus.com/bid/16467/info

Fcron is susceptible to a local buffer-overflow vulnerability. This issue is due to the application's failure to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

This issue allows local attackers to execute arbitrary machine code with superuser privileges, since the affected utility is installed setuid-superuser by default in some installations. This allows attackers to completely compromise affected computers.

Fcron version 3.0 is affected by this issue; previous versions may also be affected.

Update: This issue is now retired. Further analysis reveals that this issue cannot be exploited for code execution; therefore, this is not a vulnerability.

convert-fcrontab `perl -e 'print "pi3"x600'`
|参考资料

来源:BID
名称:16467
链接:http://www.securityfocus.com/bid/16467
来源:BUGTRAQ
名称:20060201Fcrontab-memorycorruptiononheap.
链接:http://www.securityfocus.com/archive/1/archive/1/423697/100/0/threaded
来源:VUPEN
名称:ADV-2006-0435
链接:http://www.frsirt.com/english/advisories/2006/0435
来源:SECUNIA
名称:18719
链接:http://secunia.com/advisories/18719
来源:bugs.trustix.org
链接:https://bugs.trustix.org/show_bug.cgi?id=1754
来源:XF
名称:fcron-syslog-bo(24444)
链接:http://xforce.iss.net/xforce/xfdb/24444
来源:TRUSTIX
名称:2006-0036
链接:http://www.trustix.org/errata/2006/0036
来源:fcron.free.fr
链接:http://fcron.free.fr/news.php#a20060206a.xml
来源:fcron.free.fr
链接:http://fcron.free.fr/doc/en/changes.html
来源:FULLDISC
名称:20060201Fcrontab-memorycorruptiononheap.
链接:http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0999.html