Aria AbstractCommand::onAbort函数格式化字符串漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1181395 漏洞类型 格式化字符串
发布时间 2009-10-16 更新时间 2010-01-14
CVE编号 CVE-2009-3617 CNNVD-ID CNNVD-200910-297
漏洞平台 N/A CVSS评分 7.6
|漏洞来源
https://www.securityfocus.com/bid/37801
https://cxsecurity.com/issue/WLB-2009100138
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200910-297
|漏洞详情
当登录被启用时,aria21.6.2之前版本的src/AbstractCommand.cc中的AbstractCommand::onAbort函数存在格式化字符串漏洞。远程攻击者可以借助一个下载URI中的格式化字符串分类符,执行任意代码或引起拒绝服务攻击(应用程序崩溃)。
|漏洞EXP
aria2 upstream has released latest 1.6.2 release, fixing one DoS issue. From 1.6.2 Release Note:

This release fixes segmentation fault error if URI to download contains printf format string and logging is enabled

* Fixed the bug that causes segmentation fault if req->getCurrentUrl() contains printf format string such as %d. The statement that causes this bug is useless and removed.


References:
-----------
http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586
https://bugzilla.redhat.com/show_bug.cgi?id=529342

Upstream patch:
---------------
http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572

Affected versions:
------------------
aria2-1.5.x && aria2-1.6.x (aria2-1.3.x is not vulnerable)

Could you allocate a CVE identifier?

Thanks && Regards, Jan.
|受影响的产品
Tatsuhiro Tsujikawa aria2 1.6.1 Gentoo Linux
|参考资料

来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=529342
来源:MLIST
名称:[oss-security]20091016CVERequest-aria2-1.6.2
链接:http://marc.info/?l=oss-security&m=125568632528906&w=2
来源:aria2.svn.sourceforge.net
链接:http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/src/AbstractCommand.cc?r1=1539&r2=1572
来源:fedorahosted.org
链接:https://fedorahosted.org/rel-eng/ticket/2495
来源:VUPEN
名称:ADV-2009-2960
链接:http://www.vupen.com/english/advisories/2009/2960
来源:SECUNIA
名称:31732
链接:http://secunia.com/advisories/31732
来源:OSVDB
名称:59087
链接:http://osvdb.org/59087
来源:MLIST
名称:[oss-security]20091016Re:CVERequest-aria2-1.6.2
链接:http://marc.info/?l=oss-security&m=125572053420493&w=2
来源:aria2.svn.sourceforge.net
链接:http://aria2.svn.sourceforge.net/viewvc/aria2/trunk/NEWS?revision=1586