Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в библиотеке AFFLIB (multiple bugs)
Опубликовано:28 апреля 2007 г.
Источник:
SecurityVulns ID:7644
Тип:библиотека
Уровень опасности:
6/10
Описание:Внедрение метасимволов, переполнения буфера, ошибки форматной строки, кратковременные условия и т.п.
Затронутые продукты:AFFLIB : AFFLIB 2.2
CVE:CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed.)
 CVE-2007-2056 (** REJECT ** The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files (aka "time-of-check-time-of-use file race"). NOTE: the researcher has retracted the original advisory, stating that "the portion of vulnerable code is not called in any current version of AFFLIB and is therefore not exploitable.")
 CVE-2007-2055 (AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown if the get_parameter vector (2) is ever called.)
 CVE-2007-2054 (Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.)
 CVE-2007-2053 (Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.)
Оригинальный текстdocumentVSR Advisories, AFFLIB(TM): Time-of-Check-Time-of-Use File Race (28.04.2007)
 documentVSR Advisories, AFFLIB(TM): Multiple Buffer Overflows (28.04.2007)
 documentVSR Advisories, AFFLIB(TM): Multiple Format String Injections (28.04.2007)
 documentVSR Advisories, AFFLIB(TM): Multiple Shell Metacharacter Injections (28.04.2007)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород