Flex创建代码缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195581 漏洞类型 缓冲区溢出
发布时间 2006-03-01 更新时间 2007-01-02
CVE编号 CVE-2006-0459 CNNVD-ID CNNVD-200603-493
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/16896
https://cxsecurity.com/issue/WLB-2006030062
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200603-493
|漏洞详情
Flex是一种用来生成代码扫描器的工具。flex在处理文件的某个选项时存在问题,本地攻击者可能利用此漏洞导致权限提升。在源文件"gen.c"的第930行:*YY_G(yy_state_ptr)++=yy_current_state;如果用户输入包含有特定字符的话,代码就会以循环结束。也就是说,循环所覆盖的内存量完全取决于用户输入。yy_state_ptr指向的缓冲区大小是固定的(16K字节或4096个指针的空间)。如果用户输入的令牌中包含的字符多于4096个的话,就会溢出缓冲区。
|漏洞EXP
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200603-07
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: Normal
     Title: flex: Potential insecure code generation
      Date: March 10, 2006
      Bugs: #122940
        ID: 200603-07

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

flex might generate code with a buffer overflow, making applications
using such scanners vulnerable to the execution of arbitrary code.

Background
==========

flex is a programming tool used to generate scanners (programs which
recognize lexical patterns in text).

Affected packages
=================

-------------------------------------------------------------------
     Package         /   Vulnerable   /                     Unaffected
    -------------------------------------------------------------------
  1  sys-devel/flex      < 2.5.33-r1                      >= 2.5.33-r1

Description
===========

Chris Moore discovered a buffer overflow in a special class of
lexicographical scanners generated by flex. Only scanners generated by
grammars which use either REJECT, or rules with a "variable trailing
context" might be at risk.

Impact
======

An attacker could feed malicious input to an application making use of
an affected scanner and trigger the buffer overflow, potentially
resulting in the execution of arbitrary code.

Workaround
==========

Avoid using vulnerable grammar in your flex scanners.

Resolution
==========

All flex users should upgrade to the latest version:

# emerge --sync
    # emerge --ask --oneshot --verbose ">=sys-devel/flex-2.5.33-r1"

References
==========

[ 1 ] CVE-2006-0459
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0459

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200603-07.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security (at) gentoo (dot) org [email concealed] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEEelEvcL1obalX08RAqxSAJ95jjjEVPb1IXG2w7ACvyf8vXEc7QCdFlXt
iSyRx55mgq5AtfHl/uRno14=
=JodP
-----END PGP SIGNATURE-----
|受影响的产品
Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu
|参考资料

来源:XF
名称:flex-bypass-security(24995)
链接:http://xforce.iss.net/xforce/xfdb/24995
来源:DEBIAN
名称:DSA-1020
链接:http://www.us.debian.org/security/2006/dsa-1020
来源:BID
名称:16896
链接:http://www.securityfocus.com/bid/16896
来源:OSVDB
名称:23440
链接:http://www.osvdb.org/23440
来源:VUPEN
名称:ADV-2006-0770
链接:http://www.frsirt.com/english/advisories/2006/0770
来源:SECUNIA
名称:19424
链接:http://secunia.com/advisories/19424
来源:SECUNIA
名称:19071
链接:http://secunia.com/advisories/19071
来源:UBUNTU
名称:USN-260-1
链接:http://www.ubuntulinux.org/support/documentation/usn/usn-260-1
来源:GENTOO
名称:GLSA-200603-07
链接:http://www.gentoo.org/security/en/glsa/glsa-200603-07.xml
来源:MLIST
名称:[flex-announce]20060222flex2.5.33released
链接:http://sourceforge.net/mailarchive/forum.php?thread_name=20060223020346.GA11231%40tabitha.home.tldz.org&forum_name=flex-announce
来源:SREASON
名称:570
链接:http://securityreason.com/securityalert/570
来源:SECUNIA
名称:19228
链接:http://secunia.com/advisories/19228
来源:SECUNIA
名称:19126
链接:http://secunia.com/advisories/1