Progress Software OpenEdge 缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1190016 漏洞类型 缓冲区溢出
发布时间 2007-06-29 更新时间 2007-06-29
CVE编号 CVE-2007-3491 CNNVD-ID CNNVD-200706-530
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/83534
https://cxsecurity.com/issue/WLB-2007070006
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200706-530
|漏洞详情
ProgressSoftwareOpenEdge中存在缓冲区溢出漏洞。远程攻击者可以借助一个畸形的TCP/IP信息,造成未知影响。
|漏洞EXP
There is a potential for a buffer overflow in the database executable _mprosrv while reading a TCP/IP message that is incorrectly formatted.  To avoid this problem, additional checking has been added to the _mprosrv executable that will prevent incorrectly formatted messages from causing buffer overflows.

Bug# OE00148128 has been addressed in Progress 9.1E0422 and OpenEdge 10.1B01.  The 9.1E0422 version of this fix requires that 9.1E04 be installed prior to this fix being applied to the Progress installation.  These versions of Progress are available for download from the OpenEdge Download Center.
|参考资料

来源:BUGTRAQ
名称:20070627Openedge_mprosrvbufferoverflow
链接:http://www.securityfocus.com/archive/1/archive/1/472349/100/0/threaded
来源:OSVDB
名称:37747
链接:http://osvdb.org/37747
来源:XF
名称:openedge-mprosrv-bo(35104)
链接:http://xforce.iss.net/xforce/xfdb/35104
来源:www.psdn.com
链接:http://www.psdn.com/library/servlet/KbServlet/download/2629-102-4821/README_101B_01.pdf
来源:SREASON
名称:2851
链接:http://securityreason.com/securityalert/2851
来源:SECUNIA
名称:25865
链接:http://secunia.com/advisories/25865