荔园在线

荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀

[回到开始] [上一篇][下一篇]


发信人: jjk (Welcome to InstallBBS,Linux!), 信区: Linux
标  题: FreeBSD Security Advisory FreeBSD-SA-01:66.thttpd
发信站: 荔园晨风BBS站 (Thu Dec 13 19:52:10 2001), 转信

【 以下文字转载自 jjk 的信箱 】
【 原文由 jjksam@smth.org 所发表 】
发信人: starw (化缘道人~~也无风雨也无情), 信区: FreeBSD
标  题: FreeBSD Security Advisory FreeBSD-SA-01:66.thttpd
发信站: BBS 水木清华站 (Wed Dec 12 01:17:41 2001)

-----BEGIN PGP SIGNED MESSAGE-----

=============================================================================
FreeBSD-SA-01:66                                            Security Advisory
                                                                FreeBSD, Inc.

Topic:          thttpd port contains remotely vulnerability

Category:       ports
Module:         thttpd
Announced:      2001-12-11
Credits:        GOBBLES SECURITY
Affects:        Ports collection prior to the correction date
Corrected:      2001-11-22 00:10:56 UTC
FreeBSD only:   no

I.   Background

thttpd is a simple, small, portable, fast, and secure HTTP server.

II.  Problem Description

In auth_check(), there is an off-by-one error in computing the amount
of memory needed for storing a NUL terminated string.  Specifically, a
stack buffer of 500 bytes is used to store a string of up to 501 bytes
including the terminating NUL.

III. Impact

Due to the location of the affected buffer on the stack, this bug
can be exploited using ``The poisoned NUL byte'' technique (see
references).  A remote attacker can hijack the thttpd process,
obtaining whatever privileges it has.  By default, the thttpd process
runs as user `nobody'.

IV.  Workaround

1) Deinstall the thttpd port/package if you have it installed.

V.   Solution

1) Upgrade your entire ports collection and rebuild the port.

2) Deinstall the old package and install a new package dated after the
correction date, obtained from the following directories:

[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/thttpd-2.22.t
gz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/thttpd-2.22.
tgz

[alpha]
Packages are not automatically generated for the alpha architecture at
this time due to lack of build resources.

3) Download a new port skeleton for the thttpd port from:

http://www.freebsd.org/ports/

and use it to rebuild the port.

4) Use the portcheckout utility to automate option (3) above. The
portcheckout port is available in /usr/ports/devel/portcheckout or the
package can be obtained from:

ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckou
t-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portchecko
ut-2.0.tgz

VI.  Correction details

The following list contains the revision numbers of each file that was
corrected in the FreeBSD ports collection.

Path                                                             Revision
- -------------------------------------------------------------------------
ports/www/thttpd/Makefile                                            1.23
ports/www/thttpd/distinfo                                            1.20
ports/www/thttpd/files/patch-fdwatch.c                            removed
- -------------------------------------------------------------------------

VII. References

<URL:http://www.securityfocus.com/archive/1/241310>
<URL:http://www.securityfocus.com/archive/1/10884>
-----BEGIN PGP SIGNATURE-----
Comment: http://www.nectar.cc/pgp

iQCVAwUBPBY6x1UuHi5z0oilAQEHrgQAgscqPT0AVJcotWgO1t8WuJQyNukLHnDS
qGa8LT7ebuMY/Nl6JJzTYudwmr16RtJNPSYTfk1eHPWgAYzKyiNM7uMU87ZDplpM
FOggQbjdhFPNUE3WK8P2cmdm+7mrZbdWGJmvZpYH4TRNn6yQVV4F8tENl+nPu3I+
5IGxGqgr2vA=
=1MCH
-----END PGP SIGNATURE-----


--

        莫听穿林打叶声,何妨吟啸且徐行。
        竹杖芒鞋轻胜马,谁怕?一蓑烟雨任平生。
        料峭春风吹酒醒,微冷,山头斜照却相迎。
        回首向来萧瑟处,归去。也无风雨也无情。


※ 来源:·BBS 水木清华站 smth.org·[FROM: 166.111.215.235]
--
※ 转载:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 192.168.0.146]


[回到开始] [上一篇][下一篇]

荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店