发布日期:2006-01-31
更新日期:2006-01-31
受影响系统:
GNU Mailman <= 2.1.5
描述:
BUGTRAQ ID:
15408CVE(CAN) ID:
CVE-2005-3573GNU Mailman是一款开放源码的邮件列表管理系统。
Mailman的邮件附件正规化工具实现上存在漏洞,远程攻击者可能利用此漏洞对服务器程序执行拒绝服务攻击。
Mailman的附件正规则化工具在处理畸形的UTF8文件时存在问题,远程攻击者可以通过发送带有畸形UTF8文件名导致邮件列表管理程序崩溃。
<*来源:Aliet Santiesteban Sifontes
链接:
http://www.debian.org/security/2006/dsa-955*>
建议:
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-955-1)以及相应补丁:
DSA-955-1:New mailman packages fix denial of service
链接:
http://www.debian.org/security/2006/dsa-955补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1.dscSize/MD5 checksum: 738 da48d99072879f627fbba7d57f8b9449
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1.diff.gzSize/MD5 checksum: 188686 f6b707d6165c4e2def0a37ecaa9d0237
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5.orig.tar.gzSize/MD5 checksum: 5745912 f5f56f04747cd4aff67427e7a45631af
Alpha architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_alpha.debSize/MD5 checksum: 6612108 0c91e09a0ac1b146f9c9b2a5567b6b62
AMD64 architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_amd64.debSize/MD5 checksum: 6610470 971f05595431464b627c9f0d782c3f3d
ARM architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_arm.debSize/MD5 checksum: 6610082 7c1f992caa3bd026a0e0a0d0fb2da90b
Intel IA-32 architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_i386.debSize/MD5 checksum: 6611458 6887debd5526800e45691c7f69a67004
Intel IA-64 architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_ia64.debSize/MD5 checksum: 6611922 6608017e09f4cf2103677ea2abc0ab64
HP Precision architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_hppa.debSize/MD5 checksum: 6617272 21dc663d4ff65619a0eb5ba1efb2fd38
Motorola 680x0 architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_m68k.debSize/MD5 checksum: 6616562 34978e9fe8dd54ed594ea8aac7f524e1
Big endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_mips.debSize/MD5 checksum: 6660790 18c26f54237f2c2debbe979f6f2ab4dc
Little endian MIPS architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_mipsel.debSize/MD5 checksum: 6652282 458f7ada6fad580545d54a67e3c75dad
PowerPC architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_powerpc.debSize/MD5 checksum: 6617334 a79738f25904b0cca44a2eda89322014
IBM S/390 architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_s390.debSize/MD5 checksum: 6616708 f09da905ce4d8e521002850a466dcaf7
Sun Sparc architecture:
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.1.5-8sarge1_sparc.debSize/MD5 checksum: 6616064 343a2acc7348c2c547922ecc79ad4c1a
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade