CERTA-2003-AVI-134
Vulnerability from certfr_avis

None

Description

Une vulnérabilité de type débordement de mémoire est présente dans la fonction realpath() de la bibliothèque standard C (libc) sur différents systèmes d'exploitation de souche BSD (FreeBSD, NetBSD, OpenBSD, Mac OS X).

Cette vulnérabilité peut être exploitée au travers d'applications utilisant cette fonction, comme le service ftp (ftpd), pour réaliser une exécution de code arbitraire pouvant entraîner une élévation de privilèges ou un déni de service.

Solution

Appliquer le correctif de l'éditeur :

  • Bulletin de sécurité FreeBSD-SA-03-08 de FreeBSD :

    ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:08.realpath.asc

  • Bulletin de sécurité NetBSD-SA2003-011 de NetBSD :

    ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc

  • Bulletin de sécurité d'OpenBSD :

    http://www.openbsd.org/errata.html#realpath

  • Bulletin de sécurité d'Apple pour Mac OS X Server :

    http://docs.info.apple.com/article.html?artnum=120238

  • Bulletin de sécurité d'Apple pour Mac OS X Client :

    http://docs.info.apple.com/article.html?artnum=120239
None
Impacted products
Vendor Product Description
FreeBSD N/A FreeBSD 5.0, FreeBSD 4.8 et versions antérieures ;
FreeBSD N/A Versions de Mac OS X antérieures à 10.2.6.
OpenBSD OpenBSD OpenBSD 3.3 et versions antérieures ;
NetBSD N/A NetBSD 1.6.1 et versions antérieures ;
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FreeBSD 5.0, FreeBSD 4.8 et versions ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "FreeBSD",
          "scada": false
        }
      }
    },
    {
      "description": "Versions de Mac OS X ant\u00e9rieures \u00e0 10.2.6.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "FreeBSD",
          "scada": false
        }
      }
    },
    {
      "description": "OpenBSD 3.3 et versions ant\u00e9rieures ;",
      "product": {
        "name": "OpenBSD",
        "vendor": {
          "name": "OpenBSD",
          "scada": false
        }
      }
    },
    {
      "description": "NetBSD 1.6.1 et versions ant\u00e9rieures ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "NetBSD",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire est pr\u00e9sente dans la\nfonction realpath() de la biblioth\u00e8que standard C (libc) sur diff\u00e9rents\nsyst\u00e8mes d\u0027exploitation de souche BSD (FreeBSD, NetBSD, OpenBSD, Mac OS\nX).\n\nCette vuln\u00e9rabilit\u00e9 peut \u00eatre exploit\u00e9e au travers d\u0027applications\nutilisant cette fonction, comme le service ftp (ftpd), pour r\u00e9aliser une\nex\u00e9cution de code arbitraire pouvant entra\u00eener une \u00e9l\u00e9vation de\nprivil\u00e8ges ou un d\u00e9ni de service.\n\n## Solution\n\nAppliquer le correctif de l\u0027\u00e9diteur :\n\n-   Bulletin de s\u00e9curit\u00e9 FreeBSD-SA-03-08 de FreeBSD :\n\n        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:08.realpath.asc\n\n-   Bulletin de s\u00e9curit\u00e9 NetBSD-SA2003-011 de NetBSD :\n\n        ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc\n\n-   Bulletin de s\u00e9curit\u00e9 d\u0027OpenBSD :\n\n        http://www.openbsd.org/errata.html#realpath\n\n-   Bulletin de s\u00e9curit\u00e9 d\u0027Apple pour Mac OS X Server :\n\n        http://docs.info.apple.com/article.html?artnum=120238\n\n-   Bulletin de s\u00e9curit\u00e9 d\u0027Apple pour Mac OS X Client :\n\n        http://docs.info.apple.com/article.html?artnum=120239\n",
  "cves": [],
  "initial_release_date": "2003-08-06T00:00:00",
  "last_revision_date": "2003-08-18T00:00:00",
  "links": [],
  "reference": "CERTA-2003-AVI-134",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-08-06T00:00:00.000000"
    },
    {
      "description": "ajout r\u00e9f\u00e9rences aux bulletins de s\u00e9curit\u00e9 d\u0027Apple pour Mac OS X.",
      "revision_date": "2003-08-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 de la fonction realpath pour les syst\u00e8mes BSD",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 d\u0027OpenBSD",
      "url": null
    },
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 2003-011 de NetBSD",
      "url": null
    },
    {
      "published_at": null,
      "title": "Note VU#743092 du CERT/CC",
      "url": "http://www.kb.cert.org/vuls/id/743092"
    },
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 FreeBSD-SA-03:08 de FreeBSD",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.