Mozilla Firefox 特制的FTP响应拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110847 漏洞类型 输入验证
发布时间 2006-08-18 更新时间 2007-11-15
CVE编号 CVE-2006-4310 CNNVD-ID CNNVD-200608-385
漏洞平台 Novell CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/28427
https://www.securityfocus.com/bid/19678
https://cxsecurity.com/issue/WLB-2006080153
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-385
|漏洞详情
MozillaFirefox1.5.0.6版本中,远程攻击者在试图以一个用户名和密码通过FTPURI连接时,可借助一个特制的FTP响应触发拒绝服务攻击(崩溃)。
|漏洞EXP
source: http://www.securityfocus.com/bid/19688/info

Novell Identity Manager is prone to an arbitrary command-execution vulnerability. 

A local attacker can exploit this issue to execute arbitrary commands with superuser privileges. Exploiting this issue allows attackers to completely compromise affected computers.

CMD="usermod -c $gecos"
|受影响的产品
Mozilla Firefox 1.5 beta 2 Mozilla Firefox 1.5 beta 1 Mozilla Firefox 1.5 Mozilla Firefox 1.0.8 Mozilla Firefox 1.0.7 Mozilla Firefox 1.0.6 Mozilla Firefox
|参考资料

来源:BID
名称:19678
链接:http://www.securityfocus.com/bid/19678
来源:BUGTRAQ
名称:20060822(exploit)firefox1.5.0.6linuxDoS
链接:http://www.securityfocus.com/archive/1/archive/1/444064/100/0/threaded
来源:DEBIAN
名称:DSA-1227
链接:http://www.debian.org/security/2006/dsa-1227
来源:DEBIAN
名称:DSA-1225
链接:http://www.debian.org/security/2006/dsa-1225
来源:DEBIAN
名称:DSA-1224
链接:http://www.debian.org/security/2006/dsa-1224
来源:SREASON
名称:1444
链接:http://securityreason.com/securityalert/1444
来源:SECUNIA
名称:23235
链接:http://secunia.com/advisories/23235
来源:SECUNIA
名称:23202
链接:http://secunia.com/advisories/23202
来源:SECUNIA
名称:23197
链接:http://secunia.com/advisories/23197